Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9858 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-22725	1 Wordpress	1 Wordpress	2026-01-20	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Stored XSS.This issue affects WP Virtual Assistant: from n/a through <= 3.0.
CVE-2025-22715	2 Loopus, Wordpress	2 Wp Attractive Donations System, Wordpress	2026-01-20	8.1 High
Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25.
CVE-2025-22713	2 Vanquish, Wordpress	2 Woocommerce Orders Customers Exporter, Wordpress	2026-01-20	9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows SQL Injection.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4.
CVE-2025-22712	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Typify typify allows PHP Local File Inclusion.This issue affects Typify: from n/a through <= 3.0.2.
CVE-2025-22509	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through <= 2.1.0.
CVE-2025-22288	2 Wordpress, Wpmudev	2 Wordpress, Smush Image Compression And Optimization	2026-01-20	4.1 Medium
Path Traversal: '.../...//' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Smush Image Compression and Optimization wp-smushit allows Path Traversal.This issue affects Smush Image Compression and Optimization: from n/a through <= 3.17.0.
CVE-2025-14431	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in THEMELOGI Navian navian allows PHP Local File Inclusion.This issue affects Navian: from n/a through <= 1.5.4.
CVE-2025-14360	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockons: from n/a through <= 1.2.15.
CVE-2025-14359	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in brandexponents Oshine oshin allows PHP Local File Inclusion.This issue affects Oshine: from n/a through <= 7.2.7.
CVE-2025-14358	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through <= 19.9.5.
CVE-2025-14314	1 Wordpress	1 Wordpress	2026-01-20	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from n/a through <= 2.1.5.
CVE-2025-13835	2 Tychesoftwares, Wordpress	2 Arconix Shortcodes, Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.19.
CVE-2025-13504	2 E-plugins, Wordpress	2 Real Estate Pro, Wordpress	2026-01-20	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Real Estate Pro real-estate-pro allows Reflected XSS.This issue affects Real Estate Pro: from n/a through <= 2.1.4.
CVE-2025-12551	1 Wordpress	1 Wordpress	2026-01-20	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins ListingHub listinghub allows Reflected XSS.This issue affects ListingHub: from n/a through 1.2.6.
CVE-2025-12550	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes OchaHouse ochahouse allows PHP Local File Inclusion.This issue affects OchaHouse: from n/a through <= 2.2.8.
CVE-2025-12549	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Rozy - Flower Shop rozy allows PHP Local File Inclusion.This issue affects Rozy - Flower Shop: from n/a through <= 1.2.25.
CVE-2025-10019	2 Codepeople, Wordpress	2 Contact Form Email, Wordpress	2026-01-20	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.60.
CVE-2024-53735	1 Wordpress	1 Wordpress	2026-01-20	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Corourke iPhone Webclip Manager allows Stored XSS.This issue affects iPhone Webclip Manager: from n/a through 0.5.
CVE-2024-30516	2 Saasproject, Wordpress	2 Booking Package, Wordpress	2026-01-20	7.5 High
Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27.
CVE-2024-30461	2 Tumult, Wordpress	2 Tumult Hype Animations, Wordpress	2026-01-20	7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tumult Inc Tumult Hype Animations allows DOM-Based XSS.This issue affects Tumult Hype Animations: from n/a through 1.9.11.

« first previous Page 118 of 493. next last »