Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Total 5153 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-48151	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations allows Reflected XSS. This issue affects CM Map Locations: from n/a through 2.1.6.
CVE-2025-53208	1 Wordpress	1 Wordpress	2025-08-21	7.5 High
Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Maya Business: from n/a through 1.2.0.
CVE-2025-53226	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Comments Capcha Box allows Reflected XSS. This issue affects Comments Capcha Box: from n/a through 1.1.
CVE-2025-49894	1 Wordpress	1 Wordpress	2025-08-21	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rewish WP Emmet allows Stored XSS. This issue affects WP Emmet: from n/a through 0.3.4.
CVE-2025-48142	1 Wordpress	1 Wordpress	2025-08-21	8.8 High
Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify allows Privilege Escalation. This issue affects Bookify: from n/a through 1.0.9.
CVE-2025-49436	1 Wordpress	1 Wordpress	2025-08-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thiudis Custom Menu allows Stored XSS. This issue affects Custom Menu: from n/a through 1.8.
CVE-2025-53563	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider allows Reflected XSS. This issue affects Youtube Vimeo Video Player and Slider: from n/a through 3.8.
CVE-2025-53560	1 Wordpress	1 Wordpress	2025-08-21	8.8 High
Deserialization of Untrusted Data vulnerability in rascals Noisa allows Object Injection. This issue affects Noisa: from n/a through 2.6.0.
CVE-2025-54028	1 Wordpress	1 Wordpress	2025-08-21	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team Tobias CF7 WOW Styler allows PHP Local File Inclusion. This issue affects CF7 WOW Styler: from n/a through 1.7.2.
CVE-2025-49424	1 Wordpress	1 Wordpress	2025-08-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in diego.benna Essential Doo Components for Visual Composer allows DOM-Based XSS. This issue affects Essential Doo Components for Visual Composer: from n/a through 1.9.
CVE-2025-53212	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player With Bottom Playlist allows Reflected XSS. This issue affects Revolution Video Player With Bottom Playlist: from n/a through 2.9.2.
CVE-2025-49381	1 Wordpress	1 Wordpress	2025-08-21	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect allows Cross Site Request Forgery. This issue affects ads.txt Guru Connect: from n/a through 1.1.1.
CVE-2025-48297	2 Quantumcloud, Wordpress	2 Simple Link Directory, Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory allows Reflected XSS. This issue affects Simple Link Directory: from n/a through n/a.
CVE-2025-53565	2 Radiustheme, Wordpress	2 Widget For Google Reviews, Wordpress	2025-08-21	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Widget for Google Reviews allows PHP Local File Inclusion. This issue affects Widget for Google Reviews: from n/a through 1.0.15.
CVE-2025-54017	2 Cozmoslabs, Wordpress	2 Paid Member Subscriptions, Wordpress	2025-08-21	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscriptions allows PHP Local File Inclusion. This issue affects Paid Member Subscriptions: from n/a through 2.15.4.
CVE-2025-49428	1 Wordpress	1 Wordpress	2025-08-21	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dourou Cookie Warning allows Stored XSS. This issue affects Cookie Warning: from n/a through 1.3.
CVE-2025-49412	1 Wordpress	1 Wordpress	2025-08-21	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in numixtech Page Transition allows Stored XSS. This issue affects Page Transition: from n/a through 1.3.
CVE-2025-49406	2 Favethemes, Wordpress	2 Houzez, Wordpress	2025-08-21	5.3 Medium
Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.
CVE-2025-54055	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco allows Reflected XSS. This issue affects Druco: from n/a through 1.5.2.
CVE-2025-53194	2 Crocoblock, Wordpress	2 Jetengine, Wordpress	2025-08-21	8.5 High
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Crocoblock JetEngine allows Code Injection. This issue affects JetEngine: from n/a through 3.7.0.

« first previous Page 5 of 258. next last »