Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 8371 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58680	2 Gutentor, Wordpress	2 Gutentor, Wordpress	2025-09-23	6.5 Medium
Missing Authorization vulnerability in gutentor Gutentor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutentor: from n/a through 3.5.2.
CVE-2025-58684	2 Themepoints, Wordpress	2 Logo Showcase, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Logo Showcase allows Stored XSS. This issue affects Logo Showcase: from n/a through 3.0.9.
CVE-2025-58676	1 Wordpress	1 Wordpress	2025-09-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in extendyourweb HORIZONTAL SLIDER allows Stored XSS. This issue affects HORIZONTAL SLIDER: from n/a through 2.4.
CVE-2025-58690	1 Wordpress	1 Wordpress	2025-09-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect allows Stored XSS. This issue affects Doliconnect: from n/a through 9.5.7.
CVE-2025-58263	2 Buddypress, Wordpress	2 Buddypress, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Notification Widget allows Stored XSS. This issue affects BuddyPress Notification Widget: from n/a through 1.3.3.
CVE-2025-58679	2 Appmysite, Wordpress	2 Appmysite, Wordpress	2025-09-23	5.3 Medium
Missing Authorization vulnerability in AppMySite AppMySite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AppMySite: from n/a through 3.14.0.
CVE-2025-58682	2 Wordpress, Wp-kama	2 Wordpress, Kama Click Counter	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timur Kamaev Kama Click Counter allows Stored XSS. This issue affects Kama Click Counter: from n/a through 4.0.4.
CVE-2025-58645	1 Wordpress	1 Wordpress	2025-09-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gravitate Gravitate Automated Tester allows Stored XSS. This issue affects Gravitate Automated Tester: from n/a through 1.4.5.
CVE-2025-58689	2 Tapfiliate, Wordpress	2 Tapfiliate, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tapfiliate Tapfiliate allows Stored XSS. This issue affects Tapfiliate: from n/a through 3.2.2.
CVE-2025-58265	1 Wordpress	1 Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stonehenge Creations Events Manager – OpenStreetMaps allows Stored XSS. This issue affects Events Manager – OpenStreetMaps: from n/a through 4.2.1.
CVE-2025-58687	1 Wordpress	1 Wordpress	2025-09-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin allows Stored XSS. This issue affects Current Age Plugin: from n/a through 1.6.
CVE-2025-58677	1 Wordpress	1 Wordpress	2025-09-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in puravida1976 ShrinkTheWeb (STW) Website Previews allows Stored XSS. This issue affects ShrinkTheWeb (STW) Website Previews: from n/a through 2.8.5.
CVE-2025-58264	2 Artbees, Wordpress	2 Jupiter X Core, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artbees JupiterX Core allows Stored XSS. This issue affects JupiterX Core: from n/a through 4.10.1.
CVE-2025-58703	1 Wordpress	1 Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skyword Skyword API Plugin allows Stored XSS. This issue affects Skyword API Plugin: from n/a through 2.5.3.
CVE-2025-58678	2 Pickplugins, Wordpress	2 Accordion, Wordpress	2025-09-23	6.5 Medium
Missing Authorization vulnerability in PickPlugins Accordion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accordion: from n/a through 2.3.14.
CVE-2025-58681	1 Wordpress	1 Wordpress	2025-09-23	5.3 Medium
Missing Authorization vulnerability in Jürgen Müller Easy Quotes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Quotes: from n/a through 1.2.4.
CVE-2025-58260	2 Ronald Huereca, Wordpress	2 Highlight And Share, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Highlight and Share – Social Text and Image Sharing allows Stored XSS. This issue affects Highlight and Share – Social Text and Image Sharing: from n/a through 5.1.1.
CVE-2025-58675	2 Tryinteract, Wordpress	2 Interact, Wordpress	2025-09-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in tryinteract Interact: Embed A Quiz On Your Site allows Cross Site Request Forgery. This issue affects Interact: Embed A Quiz On Your Site: from n/a through 3.1.
CVE-2025-58691	1 Wordpress	1 Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Genesis Club Lite allows Stored XSS. This issue affects Genesis Club Lite: from n/a through 1.17.
CVE-2025-58685	3 Cecabank, Woocommerce, Wordpress	3 Woocommerce Plugin, Woocommerce, Wordpress	2025-09-23	5.3 Medium
Missing Authorization vulnerability in cecabank Cecabank WooCommerce Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cecabank WooCommerce Plugin: from n/a through 0.3.4.

« first previous Page 137 of 419. next last »