Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 8371 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-60139	2 Joovii, Wordpress	2 Sendle Shipping, Wordpress	2025-09-29	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipping allows Cross Site Request Forgery. This issue affects Sendle Shipping: from n/a through 6.02.
CVE-2025-60137	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Post Featured Video allows Cross Site Request Forgery. This issue affects Post Featured Video: from n/a through 1.7.
CVE-2025-60127	2 Artistscope, Wordpress	2 Copysafe Web Protection, Wordpress	2025-09-29	5.4 Medium
Missing Authorization vulnerability in ArtistScope CopySafe Web Protection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CopySafe Web Protection: from n/a through 4.3.
CVE-2025-60165	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in HaruTheme Frames allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frames: from n/a through 1.5.7.
CVE-2025-60171	3 Woocommerce, Wordpress, Yourplugins	3 Woocommerce, Wordpress, Conditional Cart Messages For Woocommerce	2025-09-29	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com allows Stored XSS. This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through 1.2.10.
CVE-2025-60113	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in grooni Groovy Menu allows Cross Site Request Forgery. This issue affects Groovy Menu: from n/a through 1.4.3.
CVE-2025-60167	3 Elementor, Honzat, Wordpress	3 Elementor, Page Manager For Elementor, Wordpress	2025-09-29	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Page Manager for Elementor: from n/a through 2.0.5.
CVE-2025-60146	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amit Verma Map Categories to Pages allows Stored XSS. This issue affects Map Categories to Pages: from n/a through 1.3.2.
CVE-2025-60158	3 Webmaniabr, Woocommerce, Wordpress	3 Nota Fiscal Eletronica, Woocommerce, Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce allows Stored XSS. This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through 3.4.0.6.
CVE-2025-60149	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Ott Notely allows Stored XSS. This issue affects Notely: from n/a through 1.8.0.
CVE-2025-60159	3 Webmaniabr, Woocommerce, Wordpress	3 Nota Fiscal Eletronica, Woocommerce, Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletrônica WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nota Fiscal Eletrônica WooCommerce: from n/a through 3.4.0.6.
CVE-2025-60129	1 Wordpress	1 Wordpress	2025-09-29	5.3 Medium
Missing Authorization vulnerability in Yext Yext allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yext: from n/a through 1.1.3.
CVE-2025-60114	1 Wordpress	1 Wordpress	2025-09-29	6.6 Medium
Improper Control of Generation of Code ('Code Injection') vulnerability in YayCommerce YayCurrency allows Code Injection. This issue affects YayCurrency: from n/a through 3.2.
CVE-2025-60128	1 Wordpress	1 Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in WP Delicious Delisho allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delisho: from n/a through 1.1.3.
CVE-2025-60142	1 Wordpress	1 Wordpress	2025-09-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaganLev Simple Meta Tags allows DOM-Based XSS. This issue affects Simple Meta Tags: from n/a through 1.5.
CVE-2025-60124	1 Wordpress	1 Wordpress	2025-09-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Hellyer Simple Colorbox allows Stored XSS. This issue affects Simple Colorbox: from n/a through 1.6.1.
CVE-2025-60136	1 Wordpress	1 Wordpress	2025-09-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj User Notes allows Stored XSS. This issue affects User Notes: from n/a through 1.0.2.
CVE-2025-60143	2 Netgsm, Wordpress	2 Netgsm, Wordpress	2025-09-29	4.3 Medium
Missing Authorization vulnerability in netgsm Netgsm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netgsm: from n/a through 2.9.58.
CVE-2025-60172	1 Wordpress	1 Wordpress	2025-09-29	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk Digital allows Stored XSS. This issue affects Flytedesk Digital: from n/a through 20181101.
CVE-2025-9985	2 Fifu, Wordpress	2 Featured Image From Url, Wordpress	2025-09-26	5.3 Medium
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files.

« first previous Page 126 of 419. next last »