Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11819 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-69005	2 Elated-themes, Wordpress	2 Search And Go Theme, Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Search & Go search-and-go allows PHP Local File Inclusion.This issue affects Search & Go: from n/a through <= 2.8.
CVE-2025-69008	1 Wordpress	1 Wordpress	2026-04-15	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Inboxify Inboxify Sign Up Form inboxify-sign-up-form allows Stored XSS.This issue affects Inboxify Sign Up Form: from n/a through <= 1.0.4.
CVE-2025-69012	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through <= 3.12.8.
CVE-2025-69013	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in jetmonsters Stratum stratum allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stratum: from n/a through <= 1.6.1.
CVE-2025-69017	2 Magnigenie, Wordpress	2 Restropress, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Stored XSS.This issue affects RestroPress: from n/a through <= 3.2.8.4.
CVE-2025-23924	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeremy WP Photo Sphere wp-photo-sphere allows Stored XSS.This issue affects WP Photo Sphere: from n/a through <= 3.8.
CVE-2025-69018	2 Shamalli, Wordpress	2 Web Directory Free, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows DOM-Based XSS.This issue affects Web Directory Free: from n/a through <= 1.7.12.
CVE-2025-69020	2 Tribulant, Wordpress	2 Newsletters, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through <= 4.12.
CVE-2025-69021	2 Ays-pro, Wordpress	2 Popup Box, Wordpress	2026-04-15	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7.
CVE-2025-23928	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Arsovski Google Org Chart google-org-chart allows Stored XSS.This issue affects Google Org Chart: from n/a through <= 1.0.1.
CVE-2025-69022	1 Wordpress	1 Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in Weblizar - WordPress Themes & Plugin HR Management Lite hr-management-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HR Management Lite: from n/a through <= 3.6.
CVE-2025-69023	2 Marketingfire, Wordpress	2 Discussion Board, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through <= 2.5.7.
CVE-2025-69024	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in bizswoop BizPrint print-google-cloud-print-gcp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizPrint: from n/a through <= 4.6.7.
CVE-2025-69025	3 Aethonic, Woocommerce, Wordpress	3 Poptics, Woocommerce, Wordpress	2026-04-15	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: from n/a through <= 1.0.20.
CVE-2025-23939	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KHAN-IT Image Switcher image-switcher allows Stored XSS.This issue affects Image Switcher: from n/a through <= 1.1.
CVE-2025-69026	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through <= 2.2.4.
CVE-2025-69027	2 Tychesoftwares, Wordpress	2 Product Delivery Date For Woocommerce Lite, Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in tychesoftwares Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through <= 3.2.0.
CVE-2025-69028	1 Wordpress	1 Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through <= 1.6.25.
CVE-2025-69036	1 Wordpress	1 Wordpress	2026-04-15	8.8 High
Deserialization of Untrusted Data vulnerability in strongholdthemes Tech Life CPT techlife-cpt allows Object Injection.This issue affects Tech Life CPT: from n/a through <= 16.4.
CVE-2025-69037	2 Goalthemes, Wordpress	2 Pippo, Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Pippo pippo allows PHP Local File Inclusion.This issue affects Pippo: from n/a through <= 1.2.3.

« first previous Page 133 of 591. next last »