Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11831 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62020	2 Infomaniak, Wordpress	2 Vod Infomaniak, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Network VOD Infomaniak vod-infomaniak.This issue affects VOD Infomaniak: from n/a through <= 1.5.11.
CVE-2025-62022	2 Buddypress, Wordpress	2 Buddypress, Wordpress	2026-04-15	7.5 High
Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4.
CVE-2025-62026	2 Blockspare, Wordpress	2 Blockspare, Wordpress	2026-04-15	4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Blockspare Blockspare blockspare allows Retrieve Embedded Sensitive Data.This issue affects Blockspare: from n/a through <= 3.2.13.2.
CVE-2025-62027	2 Stellarwp, Wordpress	2 Event Tickets, Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in StellarWP Event Tickets event-tickets.This issue affects Event Tickets: from n/a through <= 5.26.3.
CVE-2023-38477	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0.
CVE-2025-62029	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themesion Grevo grevo.This issue affects Grevo: from n/a through <= 2.4.
CVE-2025-67530	1 Wordpress	1 Wordpress	2026-04-15	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15.
CVE-2025-62033	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.
CVE-2025-67532	1 Wordpress	1 Wordpress	2026-04-15	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17.
CVE-2025-62050	1 Wordpress	1 Wordpress	2026-04-15	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through <= 1.0.3.
CVE-2023-40331	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in bqworks Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider: from n/a through 1.9.6.
CVE-2025-62051	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign Core u-design-core.This issue affects UDesign Core: from n/a through <= 4.14.1.
CVE-2025-62053	2 Favethemes, Wordpress	2 Houzez, Wordpress	2026-04-15	8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through < 4.2.0.
CVE-2025-62054	2 Favethemes, Wordpress	2 Houzez, Wordpress	2026-04-15	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through <= 4.1.8.
CVE-2025-67533	2 Themify, Wordpress	2 Portfolio Post, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Portfolio Post themify-portfolio-post allows Stored XSS.This issue affects Themify Portfolio Post: from n/a through <= 1.3.0.
CVE-2025-62057	2 Favethemes, Wordpress	2 Houzez, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through < 4.2.0.
CVE-2025-67534	1 Wordpress	1 Wordpress	2026-04-15	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through <= 3.13.7.
CVE-2025-62064	2 Elated-themes, Wordpress	2 Search And Go Directory, Wordpress	2026-04-15	9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search & Go search-and-go allows Password Recovery Exploitation.This issue affects Search & Go: from n/a through <= 2.7.
CVE-2025-62066	1 Wordpress	1 Wordpress	2026-04-15	7.4 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Revolution revolution.This issue affects Revolution: from n/a through < 2.5.8.
CVE-2025-67535	2 Weplugins, Wordpress	2 Wp Maps, Wordpress	2026-04-15	6.5 Medium
Deserialization of Untrusted Data vulnerability in Flipper Code - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through <= 4.8.6.

« first previous Page 475 of 592. next last »