Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Total 5153 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-54046	1 Wordpress	1 Wordpress	2025-08-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator allows Stored XSS. This issue affects Cost Calculator: from n/a through 7.4.
CVE-2025-49410	1 Wordpress	1 Wordpress	2025-08-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through 1.1.1.
CVE-2025-54056	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows Reflected XSS. This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through 3.5.8.
CVE-2025-54014	1 Wordpress	1 Wordpress	2025-08-21	9.8 Critical
Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic allows Object Injection. This issue affects MediCenter - Health Medical Clinic: from n/a through 15.1.
CVE-2025-48154	2 Lambertgroup, Wordpress	2 Multimedia Playlist Slider Addon For Wpbakery Page Builder, Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Multimedia Playlist Slider Addon for WPBakery Page Builder: from n/a through 2.1.
CVE-2025-54008	1 Wordpress	1 Wordpress	2025-08-21	6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetSmartFilters allows Retrieve Embedded Sensitive Data. This issue affects JetSmartFilters: from n/a through 3.6.7.
CVE-2025-53983	2 Crocoblock, Wordpress	2 Jetelements For Elementor, Wordpress	2025-08-21	6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor allows Retrieve Embedded Sensitive Data. This issue affects JetElements For Elementor: from n/a through 2.7.7.
CVE-2025-53210	1 Wordpress	1 Wordpress	2025-08-21	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bdthemes ZoloBlocks allows PHP Local File Inclusion. This issue affects ZoloBlocks: from n/a through 2.3.2.
CVE-2025-48302	1 Wordpress	1 Wordpress	2025-08-21	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine allows PHP Local File Inclusion. This issue affects FundEngine: from n/a through 1.7.4.
CVE-2025-49893	1 Wordpress	1 Wordpress	2025-08-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in liseperu Elizaibots allows Stored XSS. This issue affects Elizaibots: from n/a through 1.0.2.
CVE-2025-53561	2 Miniorange, Wordpress	2 Prevent Files \/ Folders Access, Wordpress	2025-08-21	6.5 Medium
Path Traversal vulnerability in miniOrange Prevent files / folders access allows Path Traversal. This issue affects Prevent files / folders access: from n/a through 2.6.0.
CVE-2025-49391	2 Fetchdesigns, Wordpress	2 Sign-up Sheets, Wordpress	2025-08-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets allows Cross Site Request Forgery. This issue affects Sign-up Sheets: from n/a through 2.3.3.
CVE-2025-54044	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player allows Reflected XSS. This issue affects Elite Video Player: from n/a through 10.0.5.
CVE-2025-54027	2 Schiocco, Wordpress	2 Support Board, Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Schiocco Support Board allows Reflected XSS. This issue affects Support Board: from n/a through 3.8.0.
CVE-2025-53204	1 Wordpress	1 Wordpress	2025-08-21	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme eventlist allows PHP Local File Inclusion. This issue affects eventlist: from n/a through 1.9.2.
CVE-2025-54049	1 Wordpress	1 Wordpress	2025-08-21	9.9 Critical
Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n/a through 4.2.2.
CVE-2025-54031	2 Schiocco, Wordpress	2 Support Board, Wordpress	2025-08-21	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board allows PHP Local File Inclusion. This issue affects Support Board: from n/a through 3.8.0.
CVE-2025-48164	1 Wordpress	1 Wordpress	2025-08-21	8.8 High
Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash allows Privilege Escalation. This issue affects SureDash: from n/a through 1.0.3.
CVE-2025-49413	1 Wordpress	1 Wordpress	2025-08-21	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wishloop Terms of Service & Privacy Policy Generator allows Stored XSS. This issue affects Terms of Service & Privacy Policy Generator: from n/a through 1.0.
CVE-2025-49426	1 Wordpress	1 Wordpress	2025-08-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Dourou Cookie Warning allows Cross Site Request Forgery. This issue affects Cookie Warning: from n/a through 1.3.

« first previous Page 2 of 258. next last »