Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Total 5153 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-54031	2 Schiocco, Wordpress	2 Support Board, Wordpress	2025-08-21	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board allows PHP Local File Inclusion. This issue affects Support Board: from n/a through 3.8.0.
CVE-2025-48164	1 Wordpress	1 Wordpress	2025-08-21	8.8 High
Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash allows Privilege Escalation. This issue affects SureDash: from n/a through 1.0.3.
CVE-2025-49413	1 Wordpress	1 Wordpress	2025-08-21	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wishloop Terms of Service & Privacy Policy Generator allows Stored XSS. This issue affects Terms of Service & Privacy Policy Generator: from n/a through 1.0.
CVE-2025-49426	1 Wordpress	1 Wordpress	2025-08-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Dourou Cookie Warning allows Cross Site Request Forgery. This issue affects Cookie Warning: from n/a through 1.3.
CVE-2025-49422	1 Wordpress	1 Wordpress	2025-08-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aelora iframe Wrapper allows DOM-Based XSS. This issue affects iframe Wrapper: from n/a through 0.1.1.
CVE-2025-53198	2 Favethemes, Wordpress	2 Houzez, Wordpress	2025-08-21	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez allows PHP Local File Inclusion. This issue affects Houzez: from n/a through 4.0.4.
CVE-2025-49889	1 Wordpress	1 Wordpress	2025-08-21	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imaprogrammer Custom Comment allows Stored XSS. This issue affects Custom Comment: from n/a through 2.1.6.
CVE-2025-54048	1 Wordpress	1 Wordpress	2025-08-21	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP allows SQL Injection. This issue affects Custom API for WP: from n/a through 4.2.2.
CVE-2025-9202	2 Themegrill, Wordpress	2 Colormag, Wordpress	2025-08-21	4.3 Medium
The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the ThemeGrill Demo Importer plugin.
CVE-2025-48296	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup UpStore allows Reflected XSS. This issue affects UpStore: from n/a through 1.7.0.
CVE-2025-53299	1 Wordpress	1 Wordpress	2025-08-21	9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeMakers ThemeMakers Visual Content Composer allows Object Injection. This issue affects ThemeMakers Visual Content Composer: from n/a through 1.5.8.
CVE-2025-49389	2 Wensolutions, Wordpress	2 Notice Bar, Wordpress	2025-08-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Solutions Notice Bar allows Stored XSS. This issue affects Notice Bar: from n/a through 3.1.3.
CVE-2025-53195	2 Crocoblock, Wordpress	2 Jetengine, Wordpress	2025-08-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.0.
CVE-2025-49409	1 Wordpress	1 Wordpress	2025-08-21	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs SensorPress allows Stored XSS. This issue affects SensorPress: from n/a through 1.0.
CVE-2025-30975	1 Wordpress	1 Wordpress	2025-08-21	7.5 High
Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes allows Code Injection. This issue affects Add Custom Codes: from n/a through 4.80.
CVE-2025-48152	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dimafreund Rentsyst allows Reflected XSS. This issue affects Rentsyst: from n/a through 2.0.100.
CVE-2025-53196	2 Crocoblock, Wordpress	2 Jetengine, Wordpress	2025-08-21	6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine allows Retrieve Embedded Sensitive Data. This issue affects JetEngine: from n/a through 3.7.0.
CVE-2025-53985	2 Crocoblock, Wordpress	2 Jettabs, Wordpress	2025-08-21	6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs allows Retrieve Embedded Sensitive Data. This issue affects JetTabs: from n/a through 2.2.9.
CVE-2025-49420	1 Wordpress	1 Wordpress	2025-08-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre-Henri Lavigne Markup Markdown allows Stored XSS. This issue affects Markup Markdown: from n/a through 3.20.6.
CVE-2025-49892	1 Wordpress	1 Wordpress	2025-08-21	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in badasswp Pending Order Bot allows Stored XSS. This issue affects Pending Order Bot: from n/a through 1.0.2.

« first previous Page 3 of 258. next last »