Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Total 5201 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-54736	2 Nordicmade, Wordpress	2 Savoy, Wordpress	2025-08-15	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy allows Retrieve Embedded Sensitive Data. This issue affects Savoy: from n/a through 3.0.8.
CVE-2025-54740	2 Michael Nelson, Wordpress	2 Print My Blog, Wordpress	2025-08-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS. This issue affects Print My Blog: from n/a through 3.27.9.
CVE-2025-53581	2 Artiosmedia, Wordpress	2 Rss Feed Pro, Wordpress	2025-08-15	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artiosmedia RSS Feed Pro allows Stored XSS. This issue affects RSS Feed Pro: from n/a through 1.1.8.
CVE-2025-54732	2 Shahjada, Wordpress	2 Wpdm Premium Packages, Wordpress	2025-08-15	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages allows Cross Site Request Forgery. This issue affects WPDM – Premium Packages: from n/a through 6.0.2.
CVE-2025-54746	2 Cartpauj, Wordpress	2 Shortcode-redirect, Wordpress	2025-08-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect allows Stored XSS. This issue affects Shortcode Redirect: from n/a through 1.0.02.
CVE-2025-52797	2 Josepsitjar, Wordpress	2 Storymap, Wordpress	2025-08-15	8.2 High
Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap allows SQL Injection. This issue affects StoryMap: from n/a through 2.1.
CVE-2025-53249	2 Hakeemnala, Wordpress	2 Build App Online, Wordpress	2025-08-15	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online allows Cross Site Request Forgery. This issue affects Build App Online: from n/a through 1.0.23.
CVE-2025-53343	2 Goodlayers, Wordpress	2 Modernize, Wordpress	2025-08-15	4.3 Medium
Missing Authorization vulnerability in GoodLayers Modernize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Modernize: from n/a through 3.4.0.
CVE-2025-54717	2 E-plugins, Wordpress	2 Wp Membership, Wordpress	2025-08-15	5.4 Medium
Missing Authorization vulnerability in e-plugins WP Membership allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Membership: from n/a through 1.6.3.
CVE-2025-53221	2 Codeablepress, Wordpress	2 Codeablepress, Wordpress	2025-08-15	4.3 Medium
Missing Authorization vulnerability in codeablepress CodeablePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CodeablePress: from n/a through 1.0.0.
CVE-2025-53330	2 Wordpress, Wpestate	2 Wordpress, Wp Rentals	2025-08-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate WP Rentals allows Stored XSS. This issue affects WP Rentals: from n/a through 3.13.1.
CVE-2025-53219	2 Pl4g4, Wordpress	2 Wp-database-optimizer-tools, Wordpress	2025-08-15	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools allows Cross Site Request Forgery. This issue affects WP-Database-Optimizer-Tools: from n/a through 0.2.
CVE-2025-53587	2 Apustheme, Wordpress	2 Findgo, Wordpress	2025-08-15	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Cross Site Request Forgery. This issue affects Findgo: from n/a through 1.3.57.
CVE-2025-54054	2 Aa Web Servant, Wordpress	2 12 Step Meeting List, Wordpress	2025-08-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List allows Stored XSS. This issue affects 12 Step Meeting List: from n/a through 3.18.3.
CVE-2025-54708	2 Bplugins, Wordpress	2 B Blocks, Wordpress	2025-08-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks allows DOM-Based XSS. This issue affects B Blocks: from n/a through 2.0.5.
CVE-2025-53582	2 Wordlift, Wordpress	2 Wordlift, Wordpress	2025-08-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordLift WordLift allows Stored XSS. This issue affects WordLift: from n/a through 3.54.5.
CVE-2025-53347	2 Laborator, Wordpress	2 Kalium, Wordpress	2025-08-15	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium allows Cross Site Request Forgery. This issue affects Kalium: from n/a through 3.18.3.
CVE-2025-53342	2 Goodlayers, Wordpress	2 Modernize, Wordpress	2025-08-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Modernize allows Stored XSS. This issue affects Modernize: from n/a through 3.4.0.
CVE-2025-53341	2 Themovation, Wordpress	2 Stratus, Wordpress	2025-08-15	4.3 Medium
Missing Authorization vulnerability in Themovation Stratus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stratus: from n/a through 4.2.5.
CVE-2025-52771	2 Bcupham, Wordpress	2 Video Expander, Wordpress	2025-08-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bcupham Video Expander allows Stored XSS. This issue affects Video Expander: from n/a through 1.0.

« first previous Page 13 of 261. next last »