Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11797 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-32626	2 Joomsky, Wordpress	2 Js Job Manager, Wordpress	2026-04-01	9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Job Manager js-jobs allows SQL Injection.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-32519	2 Themeatelier, Wordpress	2 Idonate, Wordpress	2026-04-01	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Foysal Imran IDonate idonate allows PHP Local File Inclusion.This issue affects IDonate: from n/a through <= 2.1.18.
CVE-2025-32151	2 Themekraft, Wordpress	2 Buddyforms, Wordpress	2026-04-01	8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through <= 2.9.0.
CVE-2025-32149	2 Mtrv, Wordpress	2 Teachpress, Wordpress	2026-04-01	8.8 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress teachpress allows SQL Injection.This issue affects teachPress: from n/a through <= 9.0.11.
CVE-2025-32146	2 Joomsky, Wordpress	2 Js Job Manager, Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-31910	2 Reputeinfosystems, Wordpress	2 Bookingpress, Wordpress	2026-04-01	N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress bookingpress-appointment-booking allows SQL Injection.This issue affects BookingPress: from n/a through <= 1.1.28.
CVE-2025-31867	2 Joomsky, Wordpress	2 Js Job Manager, Wordpress	2026-04-01	N/A
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager js-jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-30974	2 Addonmaster, Wordpress	2 Post Grid Master, Wordpress	2026-04-01	8.8 High
Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master ajax-filter-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid Master: from n/a through <= 3.4.17.
CVE-2025-30901	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This issue affects JS Help Desk: from n/a through <= 2.9.2.
CVE-2025-30899	2 Wordpress, Wpeverest	3 Wordpress, User Registration, User Registration \& Membership	2026-04-01	4.8 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration user-registration allows Stored XSS.This issue affects User Registration: from n/a through <= 4.0.3.
CVE-2025-30882	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-04-01	N/A
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a through <= 2.9.1.
CVE-2025-30881	2 Themehunk, Wordpress	2 Big Store, Wordpress	2026-04-01	5.4 Medium
Missing Authorization vulnerability in themehunk Big Store big-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Big Store: from n/a through <= 2.0.8.
CVE-2025-30880	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through <= 2.9.2.
CVE-2025-30610	2 Catchsquare, Wordpress	2 Wp Social Widget, Wordpress	2026-04-01	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widget: from n/a through <= 2.2.7.
CVE-2025-26964	2 Themewinter, Wordpress	2 Eventin, Wordpress	2026-04-01	8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through <= 4.0.20.
CVE-2025-24752	2 Wordpress, Wpdeveloper	2 Wordpress, Essential Addons For Elementor	2026-04-01	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Reflected XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.0.14.
CVE-2025-24695	2 Hasthemes, Wordpress	2 Extensions For Cf7, Wordpress	2026-04-01	N/A
Server-Side Request Forgery (SSRF) vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Server Side Request Forgery.This issue affects Extensions For CF7: from n/a through <= 3.2.0.
CVE-2025-22786	2 Elementinvader, Wordpress	2 Elementinvader Addons For Elementor, Wordpress	2026-04-01	8.8 High
Path Traversal: '.../...//' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.2.6.
CVE-2025-22738	3 Technowich, Wordpress, Wpulike	3 Wp Ulike, Wordpress, Wp Ulike	2026-04-01	4.8 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alimir WP ULike wp-ulike allows Stored XSS.This issue affects WP ULike: from n/a through <= 4.7.6.
CVE-2025-22316	2 Wordpress, Wpbits	2 Wordpress, Wpbits Addons For Elementor Page Builder	2026-04-01	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through <= 1.5.1.

« first previous Page 517 of 590. next last »