Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9794 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-68990	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.
CVE-2025-68989	2 Renzojohnson, Wordpress	2 Contact Form 7 Extension For Mailchimp, Wordpress	2026-01-20	7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through <= 0.9.49.
CVE-2025-68988	2 O2oe, Wordpress	2 E-invoice App Malaysia, Wordpress	2026-01-20	7.5 High
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.1.0.
CVE-2025-68987	2 Edge-themes, Wordpress	2 Cinerama, Wordpress	2026-01-20	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Cinerama - A WordPress Theme for Movie Studios and Filmmakers cinerama allows PHP Local File Inclusion.This issue affects Cinerama - A WordPress Theme for Movie Studios and Filmmakers: from n/a through <= 2.4.
CVE-2025-68985	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through <= 1.3.15.
CVE-2025-68984	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca puca allows PHP Local File Inclusion.This issue affects Puca: from n/a through <= 2.6.39.
CVE-2025-68983	2 Thembay, Wordpress	2 Greenmart, Wordpress	2026-01-20	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue affects Greenmart: from n/a through <= 4.2.11.
CVE-2025-68982	2 Designthemes, Wordpress	2 Designthemes Lms, Wordpress	2026-01-20	8.1 High
Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes LMS Addon: from n/a through <= 2.6.
CVE-2025-68981	3 Designthemes, Elementor, Wordpress	3 Homefix Elementor Portfolio, Elementor, Wordpress	2026-01-20	8.8 High
Missing Authorization vulnerability in designthemes HomeFix Elementor Portfolio homefix-ele-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeFix Elementor Portfolio: from n/a through <= 1.0.1.
CVE-2025-68980	2 Designthemes, Wordpress	2 Wedesigntech-portfolio, Wordpress	2026-01-20	8.1 High
Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Portfolio: from n/a through <= 1.0.2.
CVE-2025-68979	2 Simplecalendar, Wordpress	2 Google Calendar Events, Wordpress	2026-01-20	8.1 High
Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through <= 3.5.9.
CVE-2025-68978	2 Designthemes, Wordpress	2 Core, Wordpress	2026-01-20	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core designthemes-core allows DOM-Based XSS.This issue affects DesignThemes Core: from n/a through <= 1.6.
CVE-2025-68977	2 Designthemes, Wordpress	2 Portfolio Addon, Wordpress	2026-01-20	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio Addon designthemes-portfolio-addon allows DOM-Based XSS.This issue affects DesignThemes Portfolio Addon: from n/a through <= 1.5.
CVE-2025-68976	1 Wordpress	1 Wordpress	2026-01-20	8.8 High
Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
CVE-2025-68975	1 Wordpress	1 Wordpress	2026-01-20	8.1 High
Authorization Bypass Through User-Controlled Key vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.
CVE-2025-68974	2 Miniorange, Wordpress	3 Social Login, Wordpress Social Login And Register (discord, Google, Twitter, Linkedin), Wordpress	2026-01-20	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <= 7.7.0.
CVE-2025-68897	1 Wordpress	1 Wordpress	2026-01-20	9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through 1.2.
CVE-2025-68893	2 Hetworks, Wordpress	2 Wordpress Image Shrinker, Wordpress	2026-01-20	4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through 1.1.0.
CVE-2025-68892	2 Gopiplus, Wordpress	2 Scroll Post Excerpt, Wordpress	2026-01-20	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus@hotmail.com Scroll rss excerpt scroll-rss-excerpt allows Reflected XSS.This issue affects Scroll rss excerpt: from n/a through <= 5.0.
CVE-2025-68890	1 Wordpress	1 Wordpress	2026-01-20	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through <= 1.0.4.

« first previous Page 50 of 490. next last »