Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 8307 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-64238	1 Wordpress	1 Wordpress	2025-12-16	4.3 Medium
Missing Authorization vulnerability in NicolasKulka WPS Bidouille wps-bidouille allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPS Bidouille: from n/a through <= 1.33.1.
CVE-2025-49300	1 Wordpress	1 Wordpress	2025-12-16	2.7 Low
Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8.
CVE-2025-66165	1 Wordpress	1 Wordpress	2025-12-16	5.4 Medium
Missing Authorization vulnerability in merkulove Lottier for WPBakery lottier-wpbakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier for WPBakery: from n/a through <= 1.1.7.
CVE-2025-66163	2 Merkulove, Wordpress	2 Masker For Elementor, Wordpress	2025-12-16	5.4 Medium
Missing Authorization vulnerability in merkulove Masker for Elementor masker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masker for Elementor: from n/a through <= 1.1.4.
CVE-2025-66134	2 Ninjateam, Wordpress	2 Filebird, Wordpress	2025-12-16	5.4 Medium
Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through <= 6.4.9.
CVE-2025-68065	2 Liquidthemes, Wordpress	2 Hub, Wordpress	2025-12-16	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core hub-core allows PHP Local File Inclusion.This issue affects Hub Core: from n/a through <= 5.0.8.
CVE-2025-67951	2 Wordpress, Wpzoom	2 Wordpress, Wpzoom Addons For Elementor	2025-12-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects WPZOOM Addons for Elementor: from n/a through <= 1.2.10.
CVE-2025-68088	2 Merkulove, Wordpress	2 Huger For Elementor, Wordpress	2025-12-16	5.4 Medium
Missing Authorization vulnerability in merkulove Huger for Elementor huger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Huger for Elementor: from n/a through <= 1.1.5.
CVE-2025-54005	1 Wordpress	1 Wordpress	2025-12-16	4.3 Medium
Missing Authorization vulnerability in sonalsinha21 SKT Page Builder skt-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SKT Page Builder: from n/a through <= 4.9.
CVE-2025-66167	1 Wordpress	1 Wordpress	2025-12-16	5.4 Medium
Missing Authorization vulnerability in merkulove Lottier lottier-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lottier: from n/a through <= 1.1.1.
CVE-2025-64245	1 Wordpress	1 Wordpress	2025-12-16	4.3 Medium
Missing Authorization vulnerability in ryanpcmcquen Import external attachments import-external-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Import external attachments: from n/a through <= 1.5.12.
CVE-2025-66122	1 Wordpress	1 Wordpress	2025-12-16	5.4 Medium
Missing Authorization vulnerability in Design Stylish Price List stylish-price-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stylish Price List: from n/a through <= 7.2.2.
CVE-2025-68066	2 Pencidesign, Wordpress	2 Soledad, Wordpress	2025-12-16	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through <= 8.7.0.
CVE-2025-66161	2 Merkulove, Wordpress	2 Grider For Elementor, Wordpress	2025-12-16	5.4 Medium
Missing Authorization vulnerability in merkulove Grider for Elementor grider-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grider for Elementor: from n/a through <= 1.0.8.
CVE-2025-67986	1 Wordpress	1 Wordpress	2025-12-16	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects Document Library Lite: from n/a through <= 1.1.7.
CVE-2025-68061	1 Wordpress	1 Wordpress	2025-12-16	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through <= 4.4.7.
CVE-2025-66131	1 Wordpress	1 Wordpress	2025-12-16	9.1 Critical
Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig-payment-gateway-for-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yaad Sarig Payment Gateway For WC: from n/a through <= 2.2.10.
CVE-2025-68067	2 Select-themes, Wordpress	2 Stockholm Core, Wordpress	2025-12-16	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through <= 2.4.6.
CVE-2025-68085	2 Merkulove, Wordpress	2 Buttoner For Elementor, Wordpress	2025-12-16	5.4 Medium
Missing Authorization vulnerability in merkulove Buttoner for Elementor buttoner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Buttoner for Elementor: from n/a through <= 1.0.6.
CVE-2025-68079	2 Themenectar, Wordpress	2 Salient Core, Wordpress	2025-12-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Shortcodes: from n/a through <= 1.5.4.

« first previous Page 20 of 416. next last »