Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 8307 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-64632	2 Auctollo, Wordpress	2 Google-sitemap-generator, Wordpress	2025-12-16	5.3 Medium
Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.21.
CVE-2025-66120	2 Catfolders, Wordpress	2 Catfolders, Wordpress	2025-12-16	5.3 Medium
Missing Authorization vulnerability in CatFolders CatFolders catfolders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CatFolders: from n/a through <= 2.5.3.
CVE-2025-64242	2 Merv Barrett, Wordpress	2 Easy Property Listings, Wordpress	2025-12-16	4.3 Medium
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.15.
CVE-2025-68054	1 Wordpress	1 Wordpress	2025-12-16	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL Injection.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5.
CVE-2025-67965	2 Favethemes, Wordpress	2 Homey, Wordpress	2025-12-16	5.3 Medium
Missing Authorization vulnerability in favethemes Homey Core homey-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Homey Core: from n/a through <= 2.4.3.
CVE-2025-64243	2 E-plugins, Wordpress	2 Directory Pro, Wordpress	2025-12-16	4.3 Medium
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.
CVE-2025-64239	1 Wordpress	1 Wordpress	2025-12-16	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Yoav Farhi RTL Tester rtl-tester allows Cross Site Request Forgery.This issue affects RTL Tester: from n/a through <= 1.2.
CVE-2025-64237	1 Wordpress	1 Wordpress	2025-12-16	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Interest Slider quick-interest-slider allows Cross Site Request Forgery.This issue affects Quick Interest Slider: from n/a through <= 3.1.5.
CVE-2025-59001	2 Themenectar, Wordpress	2 Salient Core, Wordpress	2025-12-16	4.3 Medium
Missing Authorization vulnerability in ThemeNectar Salient Core salient-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salient Core: from n/a through <= 3.0.8.
CVE-2025-67948	2 Sendpulse, Wordpress	2 Sendpulse Email Marketing Newsletter, Wordpress	2025-12-16	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Retrieve Embedded Sensitive Data.This issue affects SendPulse Email Marketing Newsletter: from n/a through <= 2.2.1.
CVE-2025-67572	1 Wordpress	1 Wordpress	2025-12-16	5.3 Medium
Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through < 6.7.4.
CVE-2025-66166	2 Merkulove, Wordpress	2 Lottier For Elementor, Wordpress	2025-12-16	5.4 Medium
Missing Authorization vulnerability in merkulove Lottier for Elementor lottier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for Elementor: from n/a through <= 1.0.9.
CVE-2025-66162	2 Merkulove, Wordpress	2 Spoter For Elementor, Wordpress	2025-12-16	5.4 Medium
Missing Authorization vulnerability in merkulove Spoter for Elementor spoter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spoter for Elementor: from n/a through <= 1.04.
CVE-2025-66129	1 Wordpress	1 Wordpress	2025-12-16	5.3 Medium
Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through <= 1.18.0.
CVE-2025-66128	3 Brevo, Woocommerce, Wordpress	3 Sendinblue For Woocommerce, Woocommerce, Wordpress	2025-12-16	5.3 Medium
Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through <= 4.0.49.
CVE-2025-66125	2 Nitesh Singh, Wordpress	2 Ultimate Wordpress Auction Plugin, Wordpress	2025-12-16	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through <= 4.3.2.
CVE-2025-66124	2 Wordpress, Zeen101	2 Wordpress, Leaky Paywall	2025-12-16	5.3 Medium
Missing Authorization vulnerability in ZEEN101 Leaky Paywall leaky-paywall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leaky Paywall: from n/a through <= 4.22.5.
CVE-2025-64633	1 Wordpress	1 Wordpress	2025-12-16	5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through <= 1.6.8.
CVE-2025-64251	1 Wordpress	1 Wordpress	2025-12-16	4.9 Medium
Missing Authorization vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Learning Pro: from n/a through <= 3.9.3.
CVE-2025-64246	1 Wordpress	1 Wordpress	2025-12-16	4.3 Medium
Missing Authorization vulnerability in netopsae Accessibility by AudioEye accessibility-by-audioeye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility by AudioEye: from n/a through <= 1.0.49.

« first previous Page 19 of 416. next last »