Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11819 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-39639	2 Redpixelstudios, Wordpress	2 Rps Include Content, Wordpress	2026-04-10	6.5 Medium
Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RPS Include Content: from n/a through <= 1.2.2.
CVE-2026-39641	2 Skywarrior, Wordpress	2 Blackfyre, Wordpress	2026-04-10	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4.
CVE-2026-39644	2 Roxnor, Wordpress	2 Wp Ultimate Review, Wordpress	2026-04-10	5.3 Medium
Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from n/a through <= 2.3.8.
CVE-2026-39646	2 Bozdoz, Wordpress	2 Leaflet Map, Wordpress	2026-04-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through <= 3.4.4.
CVE-2026-39648	2 Themebeez, Wordpress	2 Cream Blog, Wordpress	2026-04-10	5.3 Medium
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7.
CVE-2026-39650	2 Unitech Web, Wordpress	2 Unitechpay, Wordpress	2026-04-10	5.3 Medium
Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through <= 1.0.2.
CVE-2026-39652	2 Igms, Wordpress	2 Igms Direct Booking, Wordpress	2026-04-10	5.3 Medium
Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from n/a through <= 1.3.
CVE-2026-39657	2 Leadlovers, Wordpress	2 Leadlovers Forms, Wordpress	2026-04-10	5.3 Medium
Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n/a through <= 1.0.2.
CVE-2026-39659	2 Ultimatemember, Wordpress	2 Ultimate Member, Wordpress	2026-04-10	5.3 Medium
Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from n/a through <= 2.11.3.
CVE-2026-39662	2 Prowcplugins, Wordpress	2 Product Price By Formula For Woocommerce, Wordpress	2026-04-10	5.3 Medium
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through <= 2.5.6.
CVE-2026-39664	2 Leadrebel, Wordpress	2 Leadrebel, Wordpress	2026-04-10	5.3 Medium
Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2.
CVE-2026-39670	2 Brecht, Wordpress	2 Visual Link Preview, Wordpress	2026-04-10	6 Medium
Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0.
CVE-2026-39684	2 Untheme, Wordpress	2 Organicfood, Wordpress	2026-04-10	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnTheme OrganicFood organicfood allows PHP Local File Inclusion.This issue affects OrganicFood: from n/a through <= 3.6.4.
CVE-2026-5451	2 Hupe13, Wordpress	2 Extensions For Leaflet Map, Wordpress	2026-04-09	6.4 Medium
The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-39654	2 Ashish Ajani, Wordpress	2 Wp Simple Html Sitemap, Wordpress	2026-04-09	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows DOM-Based XSS.This issue affects WP Simple HTML Sitemap: from n/a through <= 3.8.
CVE-2026-39666	2 Telepathy, Wordpress	2 Hello Bar Popup Builder, Wordpress	2026-04-09	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through <= 1.5.1.
CVE-2026-39668	2 G5theme, Wordpress	2 Book Previewer For Woocommerce, Wordpress	2026-04-09	5.3 Medium
Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through <= 1.0.6.
CVE-2026-39672	2 Shiptime, Wordpress	2 Shiptime: Discounted Shipping Rates, Wordpress	2026-04-09	5.3 Medium
Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipTime: Discounted Shipping Rates: from n/a through <= 1.1.1.
CVE-2026-39674	2 Manoj Kumar, Wordpress	2 Mk Google Directions, Wordpress	2026-04-09	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affects MK Google Directions: from n/a through <= 3.1.1.
CVE-2026-39676	2 Shahjada, Wordpress	2 Download Manager, Wordpress	2026-04-09	5.3 Medium
Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.52.

« first previous Page 493 of 591. next last »