Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Total 5519 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-54334	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zeshan B Quran Phrases About Most People Shortcodes allows DOM-Based XSS.This issue affects Quran Phrases About Most People Shortcodes: from n/a through 1.4.
CVE-2025-31858	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Missing Authorization vulnerability in matthewrubin Local Magic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Local Magic: from n/a through 2.6.0.
CVE-2024-50538	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Irfan Ardiansah Show Visitor IP Address allows Stored XSS.This issue affects Show Visitor IP Address: from n/a through 0.2.
CVE-2024-35777	2 Automattic, Wordpress	2 Woocommerce, Wordpress	2025-07-13	3.5 Low
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2.
CVE-2024-38731	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Marsian i-amaze allows Cross Site Request Forgery.This issue affects i-amaze: from n/a through 1.3.7.
CVE-2025-23887	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Allan Wallick Blog Summary allows Stored XSS.This issue affects Blog Summary: from n/a through 0.1.2 β.
CVE-2023-49815	1 Wordpress	1 Wordpress	2025-07-13	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.
CVE-2025-23475	1 Wordpress	1 Wordpress	2025-07-13	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound History timeline allows Reflected XSS. This issue affects History timeline: from n/a through 0.7.2.
CVE-2025-23954	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11.
CVE-2024-37502	2 Wordpress, Wpweb	2 Wordpress, Woocommerce Social Login	2025-07-13	5.4 Medium
Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3.
CVE-2025-31611	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Missing Authorization vulnerability in Shaharia Azam Auto Post After Image Upload allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Post After Image Upload: from n/a through 1.6.
CVE-2025-31782	1 Wordpress	1 Wordpress	2025-07-13	5.4 Medium
Missing Authorization vulnerability in pupunzi mb.YTPlayer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects mb.YTPlayer: from n/a through 3.3.8.
CVE-2025-23478	1 Wordpress	1 Wordpress	2025-07-13	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Photo Video Store allows Reflected XSS. This issue affects Photo Video Store: from n/a through 21.07.
CVE-2024-2580	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through 2.8.2.
CVE-2024-37104	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Chic Lite allows Cross Site Request Forgery.This issue affects Chic Lite: from n/a through 1.1.3.
CVE-2024-37962	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Fusion allows Stored XSS.This issue affects Fusion: from n/a through 1.6.1.
CVE-2025-24619	1 Wordpress	1 Wordpress	2025-07-13	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WP Log Action allows Reflected XSS. This issue affects WP Log Action: from n/a through 0.51.
CVE-2025-25120	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3.
CVE-2024-2499	1 Wordpress	1 Wordpress	2025-07-13	6.4 Medium
The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode in all versions up to, and including, 0.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-6327	1 Wordpress	1 Wordpress	2025-07-13	5.3 Medium
The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchased in the past week, along with the users that purchased them.

« first previous Page 100 of 276. next last »