Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 8291 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-66064	2 Rafflepress, Wordpress	3 Giveaways And Contests, Giveaways And Contests By Rafflepress, Wordpress	2025-11-24	5.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through <= 1.12.20.
CVE-2025-66090	1 Wordpress	1 Wordpress	2025-11-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through <= 2.5.
CVE-2025-66085	2 Tychesoftwares, Wordpress	2 Arconix Shortcodes, Wordpress	2025-11-24	4.3 Medium
Missing Authorization vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arconix Shortcodes: from n/a through <= 2.1.18.
CVE-2025-66065	2 Jegstudio, Wordpress	2 Gutenverse, Wordpress	2025-11-24	5.3 Medium
Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through <= 3.2.1.
CVE-2025-66084	1 Wordpress	1 Wordpress	2025-11-24	4.3 Medium
Missing Authorization vulnerability in Shahjahan Jewel FluentCommunity fluent-community allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentCommunity: from n/a through <= 2.0.0.
CVE-2025-66087	2 Propertyhive, Wordpress	2 Propertyhive, Wordpress	2025-11-24	5.3 Medium
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12.
CVE-2025-66083	1 Wordpress	1 Wordpress	2025-11-24	4.3 Medium
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 5.0.4.
CVE-2025-66077	2 Wordpress, Wpwax	2 Wordpress, Legal Pages	2025-11-24	4.3 Medium
Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through <= 1.4.6.
CVE-2025-66086	2 Cozyvision, Wordpress	2 Sms Alert Order Notifications, Wordpress	2025-11-24	5.3 Medium
Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.8.8.
CVE-2025-66069	3 Themeisle, Woocommerce, Wordpress	3 Ppom For Woocommerce, Woocommerce, Wordpress	2025-11-24	4.3 Medium
Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.16.
CVE-2025-66091	2 Design, Wordpress	2 Stylish Cost Calculator, Wordpress	2025-11-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.1.5.
CVE-2025-66112	1 Wordpress	1 Wordpress	2025-11-24	4.3 Medium
Missing Authorization vulnerability in WebToffee Accessibility Toolkit by WebYes accessibility-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Toolkit by WebYes: from n/a through <= 2.0.4.
CVE-2025-66099	1 Wordpress	1 Wordpress	2025-11-24	5.3 Medium
Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through <= 3.1.3.
CVE-2025-66097	1 Wordpress	1 Wordpress	2025-11-24	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Igor Jerosimić I Order Terms i-order-terms allows Cross Site Request Forgery.This issue affects I Order Terms: from n/a through <= 1.5.0.
CVE-2025-66075	2 Wordpress, Wp Legal Pages	2 Wordpress, Wp Cookie Notice	2025-11-24	4.2 Medium
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.3.
CVE-2025-66089	3 Webtoffee, Woocommerce, Wordpress	3 Product Feed For Woocommerce, Woocommerce, Wordpress	2025-11-24	4.3 Medium
Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.1.
CVE-2025-66062	1 Wordpress	1 Wordpress	2025-11-24	3.7 Low
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Frank Goossens WP YouTube Lyte wp-youtube-lyte allows Phishing.This issue affects WP YouTube Lyte: from n/a through <= 1.7.28.
CVE-2025-66101	1 Wordpress	1 Wordpress	2025-11-24	4.3 Medium
Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through <= 2.0.1.
CVE-2012-10027	3 Wordpress, Wp-property, Wp-property-hive	3 Wordpress, Wp-property Wordpress Plugin, Wordpress Plugin	2025-11-22	N/A
WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.
CVE-2012-10026	2 Asset-manager, Wordpress	3 Asset-manager Wordpress Plugin, Wordpress Plugin, Wordpress	2025-11-22	N/A
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.

« first previous Page 58 of 415. next last »