Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11712 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-43233	2 Bannersky, Wordpress	2 Bsk Forms Blacklist, Wordpress	2025-07-13	7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.
CVE-2023-39310	1 Wordpress	1 Wordpress	2025-07-13	5.4 Medium
Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
CVE-2023-23886	2 Mg12, Wordpress	2 Wp-recentcomments, Wordpress	2025-07-13	5.4 Medium
Missing Authorization vulnerability in mg12 WP-RecentComments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-RecentComments: from n/a through 2.2.7.
CVE-2024-29800	1 Wordpress	1 Wordpress	2025-07-13	8 High
Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.This issue affects Timber: from n/a through 1.23.0.
CVE-2025-31101	1 Wordpress	1 Wordpress	2025-07-13	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact Form 7: from n/a through 1.0.
CVE-2024-31114	1 Wordpress	1 Wordpress	2025-07-13	9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5.
CVE-2023-49167	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Missing Authorization vulnerability in Code4Life Database for CF7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database for CF7: from n/a through 1.2.4.
CVE-2024-27988	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2.
CVE-2024-56015	1 Wordpress	1 Wordpress	2025-07-13	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in John Godley Tidy Up allows Reflected XSS.This issue affects Tidy Up: from n/a through 1.3.
CVE-2024-13529	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download arbitrary files from the target system.
CVE-2025-4055	1 Wordpress	1 Wordpress	2025-07-13	6.4 Medium
The Multiple Post Type Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mpto' shortcode in all versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-46637	1 Wordpress	1 Wordpress	2025-07-13	5.3 Medium
Missing Authorization vulnerability in Saurav Sharma Generate Dummy Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Generate Dummy Posts: from n/a through 1.0.0.
CVE-2024-32526	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Flector Easy Textillate allows Stored XSS.This issue affects Easy Textillate: from n/a through 2.02.
CVE-2024-35643	1 Wordpress	1 Wordpress	2025-07-13	5.9 Medium
Cross Site Scripting (XSS) vulnerability in Xabier Miranda WP Back Button allows Stored XSS.This issue affects WP Back Button: from n/a through 1.1.3.
CVE-2024-32677	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0.
CVE-2024-34421	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsurface BlogLentor allows Stored XSS.This issue affects BlogLentor: from n/a through 1.0.8.
CVE-2024-34571	2 Themegrill, Wordpress	2 Himalayas, Wordpress	2025-07-13	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.0.
CVE-2025-26966	1 Wordpress	1 Wordpress	2025-07-13	9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.
CVE-2024-32091	1 Wordpress	1 Wordpress	2025-07-13	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slider.This issue affects Sangar Slider: from n/a through 1.3.2.
CVE-2025-26925	1 Wordpress	1 Wordpress	2025-07-13	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3.

« first previous Page 528 of 586. next last »