Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11831 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-27449	1 Wordpress	1 Wordpress	2026-04-15	6.3 Medium
Missing Authorization vulnerability in TotalSuite Total Poll Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through 4.8.6.
CVE-2023-27454	2 Apollo13themes, Wordpress	2 Rife Elementor Extensions & Templates, Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in Apollo13Themes Rife Elementor Extensions & Templates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rife Elementor Extensions & Templates: from n/a through 1.1.10.
CVE-2023-27625	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0.
CVE-2023-27630	2 Peepso, Wordpress	2 Community By Peepso, Wordpress	2026-04-15	5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0.
CVE-2023-28165	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28.
CVE-2023-28416	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5.
CVE-2023-28417	1 Wordpress	1 Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12.
CVE-2023-28687	1 Wordpress	1 Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate: from n/a through 1.0.8; Cream Blog: from n/a through 2.1.3; Cream Magazine: from n/a through 2.1.4.
CVE-2023-28787	2 Expresstech, Wordpress	2 Quiz And Survey Master, Wordpress	2026-04-15	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4.
CVE-2025-64206	2 Tielabs, Wordpress	2 Jannah, Wordpress	2026-04-15	9.8 Critical
Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through <= 7.6.0.
CVE-2025-64219	2 Strategy11, Wordpress	2 Business Directory Plugin - Easy Listing Directories, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18.
CVE-2025-64261	2 Codepeople, Wordpress	2 Appointment Booking Calendar, Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in codepeople Appointment Booking Calendar appointment-booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Booking Calendar: from n/a through <= 1.3.95.
CVE-2025-64277	2 Quantumcloud, Wordpress	2 Chatbot, Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.9.
CVE-2025-64284	2 Majesticsupport, Wordpress	2 Majestic Support, Wordpress	2026-04-15	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a through <= 1.0.7.
CVE-2025-10737	1 Wordpress	1 Wordpress	2026-04-15	6.4 Medium
The Open Source Genesis Framework theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-64296	3 Facebook, Woocommerce, Wordpress	3 Facebook For Woocommerce, Woocommerce, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Facebook Facebook for WooCommerce facebook-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Facebook for WooCommerce: from n/a through <= 3.5.7.
CVE-2025-39537	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blaze Concepts Better Customer List for WooCommerce woo-better-customer-list allows Reflected XSS.This issue affects Better Customer List for WooCommerce: from n/a through <= 1.2.3.
CVE-2025-64371	1 Wordpress	1 Wordpress	2026-04-15	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.6.
CVE-2025-64375	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through <= 3.20.1.
CVE-2018-25106	1 Wordpress	1 Wordpress	2026-04-15	6.3 Medium
A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebula_send_to_hubspot of the file libs/Legacy/Legacy.php. The manipulation leads to sql injection. The attack may be initiated remotely. The patch is named 41230a81db0f671c570c2644bc2f80565ca83c5a. It is recommended to apply a patch to fix this issue.

« first previous Page 143 of 592. next last »