Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 10415 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58620	2 Wordpress, Wpforms	2 Wordpress, Wpforms	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for WPForms allows Stored XSS. This issue affects PDF for WPForms: from n/a through 6.2.1.
CVE-2025-58618	2 Jonathanjernigan, Wordpress	2 Pie Calendar, Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar allows DOM-Based XSS. This issue affects Pie Calendar: from n/a through 1.2.8.
CVE-2025-58615	1 Wordpress	1 Wordpress	2025-09-04	4.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Bannerize Pro allows Server Side Request Forgery. This issue affects WP Bannerize Pro: from n/a through 1.10.0.
CVE-2025-58613	1 Wordpress	1 Wordpress	2025-09-04	5.3 Medium
Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Posts Table with Search & Sort: from n/a through 1.4.10.
CVE-2025-58611	2 Tickera, Wordpress	2 Tickera, Wordpress	2025-09-04	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Tickera Tickera allows Cross Site Request Forgery. This issue affects Tickera: from n/a through 3.5.5.6.
CVE-2025-58604	2 Wordpress, Wpfunnels	2 Wordpress, Mail Mint Plugin	2025-09-04	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.5.
CVE-2025-58603	2 Surfer, Wordpress	2 Surfer Plugin, Wordpress	2025-09-04	5.3 Medium
Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Surfer: from n/a through 1.6.4.574.
CVE-2025-58602	2 If-so, Wordpress	3 Dynamic Content Personalization, If-so, Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.9.4.
CVE-2025-58601	2 Radiustheme, Wordpress	2 Classified Listing, Wordpress	2025-09-04	4.3 Medium
Missing Authorization vulnerability in RadiusTheme Classified Listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Classified Listing: from n/a through 5.0.6.
CVE-2025-58594	2 Brizy, Wordpress	2 Brizy, Wordpress	2025-09-04	4.3 Medium
Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.
CVE-2025-58599	2 Tychesoftwares, Wordpress	2 Order Delivery Date For Woocommerce, Wordpress	2025-09-04	4.3 Medium
Missing Authorization vulnerability in tychesoftwares Order Delivery Date for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Order Delivery Date for WooCommerce: from n/a through 4.1.0.
CVE-2025-58597	1 Wordpress	1 Wordpress	2025-09-04	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 2.4.6.
CVE-2025-58644	2 Enituretechnology, Wordpress	2 Ltl Freight Quotes, Wordpress	2025-09-04	7.2 High
Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition allows Object Injection. This issue affects LTL Freight Quotes - TQL Edition: from n/a through 1.2.6.
CVE-2025-58596	2 Mailoptin, Wordpress	2 Mailoptin, Wordpress	2025-09-04	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in properfraction MailOptin allows Stored XSS. This issue affects MailOptin: from n/a through 1.2.75.0.
CVE-2025-58593	2 Themeisle, Wordpress	2 Orbit Fox, Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS. This issue affects Orbit Fox by ThemeIsle: from n/a through 3.0.0.
CVE-2025-58641	1 Wordpress	1 Wordpress	2025-09-04	5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit Intent Popup allows Server Side Request Forgery. This issue affects Exit Intent Popup: from n/a through 1.0.1.
CVE-2025-58622	2 Wordpress, Yydevelopment	2 Wordpress, Mobile Contact Line Plugin	2025-09-04	4.3 Medium
Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile Contact Line: from n/a through 2.4.0.
CVE-2025-58600	2 Cozmoslabs, Wordpress	2 Paid Member Subscriptions, Wordpress	2025-09-04	5.3 Medium
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Member Subscriptions: from n/a through 2.15.9.
CVE-2025-58607	2 Gdprinfo, Wordpress	2 Cookie Notice & Consent Banner For Gdpr & Ccpa Compliance, Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GDPR Info Cookie Notice & Consent Banner for GDPR & CCPA Compliance allows Stored XSS. This issue affects Cookie Notice & Consent Banner for GDPR & CCPA Compliance: from n/a through 1.7.11.
CVE-2025-58608	1 Wordpress	1 Wordpress	2025-09-04	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress allows PHP Local File Inclusion. This issue affects MediaPress: from n/a through 1.5.9.1.

« first previous Page 262 of 521. next last »