Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8262 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-67542	3 Silkypress, Woocommerce, Wordpress	3 Multi Step Checkout For Woocommerce, Woocommerce, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SilkyPress Multi-Step Checkout for WooCommerce wp-multi-step-checkout allows DOM-Based XSS.This issue affects Multi-Step Checkout for WooCommerce: from n/a through <= 2.33.
CVE-2025-67540	3 Elementor, Wealcoder, Wordpress	3 Elementor, Animation Addons For Elementor, Wordpress	2025-12-10	6.5 Medium
Missing Authorization vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animation Addons for Elementor: from n/a through <= 2.4.5.
CVE-2025-12705	1 Wordpress	1 Wordpress	2025-12-10	7.2 High
The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trim_text' function in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.5.
CVE-2025-67543	1 Wordpress	1 Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through <= 2.2.2.
CVE-2025-67560	1 Wordpress	1 Wordpress	2025-12-10	6.5 Medium
Missing Authorization vulnerability in Webilia Inc. Listdom listdom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listdom: from n/a through <= 5.0.1.
CVE-2025-67537	1 Wordpress	1 Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Stored XSS.This issue affects ThirstyAffiliates: from n/a through <= 3.11.8.
CVE-2025-67558	1 Wordpress	1 Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through <= 3.13.7.
CVE-2025-67535	2 Weplugins, Wordpress	2 Wp Maps, Wordpress	2025-12-10	6.5 Medium
Deserialization of Untrusted Data vulnerability in WePlugins - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through <= 4.8.6.
CVE-2025-67564	2 Alekv, Wordpress	2 Pixel Manager For Woocommerce, Wordpress	2025-12-10	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a through <= 1.51.1.
CVE-2025-67574	2 Wordpress, Wpdevart	2 Wordpress, Booking Calendar	2025-12-10	5.3 Medium
Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through <= 3.2.30.
CVE-2025-67538	2 Jnews, Wordpress	2 Jnews, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews Gallery jnews-gallery allows Stored XSS.This issue affects JNews Gallery: from n/a through < 12.0.1.
CVE-2025-67528	1 Wordpress	1 Wordpress	2025-12-10	5.1 Medium
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12.
CVE-2025-67566	2 Wofficeio, Wordpress	2 Woffice Core, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.
CVE-2025-67565	2 Sizam Design, Wordpress	2 Rehub, Wordpress	2025-12-10	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a through <= 19.9.9.1.
CVE-2025-67567	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in uixthemes Sober sober allows Retrieve Embedded Sensitive Data.This issue affects Sober: from n/a through <= 3.5.11.
CVE-2025-67562	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in WebCodingPlace Image Caption Hover Pro image-caption-hover-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Caption Hover Pro: from n/a through < 20.0.
CVE-2025-67536	2 Thimpress, Wordpress	2 Learnpress, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress learnpress allows Stored XSS.This issue affects LearnPress: from n/a through <= 4.2.9.4.
CVE-2025-67539	2 Select-themes, Wordpress	2 Stockholm Core, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Select Core select-core allows DOM-Based XSS.This issue affects Select Core: from n/a through < 2.6.
CVE-2025-63045	2 Averta, Wordpress	2 Master Slider Pro, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider Pro masterslider allows DOM-Based XSS.This issue affects Master Slider Pro: from n/a through <= 3.7.12.
CVE-2025-67591	2 Jnews, Wordpress	2 Jnews, Wordpress	2025-12-10	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through < 12.0.1.

« first previous Page 37 of 414. next last »