Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9828 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-66073	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through <= 3.3.8.
CVE-2025-66072	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Missing Authorization vulnerability in Stiofan UsersWP userswp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through <= 1.2.47.
CVE-2025-66070	1 Wordpress	1 Wordpress	2026-01-20	7.5 High
Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.10.
CVE-2025-66069	3 Themeisle, Woocommerce, Wordpress	3 Ppom For Woocommerce, Woocommerce, Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.16.
CVE-2025-66068	2 Instawp, Wordpress	2 Instawp Connect, Wordpress	2026-01-20	6.5 Medium
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9.
CVE-2025-66067	2 Funnelkit, Wordpress	2 Funnel Builder, Wordpress	2026-01-20	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.13.1.2.
CVE-2025-66066	2 Envothemes, Wordpress	2 Envo Extra, Wordpress	2026-01-20	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through <= 1.9.11.
CVE-2025-66065	2 Jegstudio, Wordpress	2 Gutenverse, Wordpress	2026-01-20	5.3 Medium
Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through <= 3.2.1.
CVE-2025-66064	2 Rafflepress, Wordpress	3 Giveaways And Contests, Giveaways And Contests By Rafflepress, Wordpress	2026-01-20	5.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through <= 1.12.20.
CVE-2025-66063	2 Jgwhite33, Wordpress	2 Wp Google Review Slider, Wordpress	2026-01-20	5.4 Medium
Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Google Review Slider: from n/a through <= 17.4.
CVE-2025-66062	1 Wordpress	1 Wordpress	2026-01-20	3.7 Low
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Frank Goossens WP YouTube Lyte wp-youtube-lyte allows Phishing.This issue affects WP YouTube Lyte: from n/a through <= 1.7.28.
CVE-2025-66061	3 Castos, Craig Hewitt, Wordpress	3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress	2026-01-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-66060	3 Castos, Craig Hewitt, Wordpress	3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress	2026-01-20	5.3 Medium
Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-66059	3 Castos, Craig Hewitt, Wordpress	3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress	2026-01-20	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
CVE-2025-66058	2 Pickplugins, Wordpress	2 Post Grid, Wordpress	2026-01-20	6.5 Medium
Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.17.
CVE-2025-66057	2 Bold-themes, Wordpress	2 Bold Page Builder, Wordpress	2026-01-20	6.3 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through <= 5.5.2.
CVE-2025-66056	2 Uncannyowl, Wordpress	2 Uncanny Automator, Wordpress	2026-01-20	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0.
CVE-2025-66055	2 Icegram, Wordpress	2 Email Subscribers & Newsletters, Wordpress	2026-01-20	7.2 High
Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10.
CVE-2025-66054	2 Thimpress, Wordpress	2 Learnpress, Wordpress	2026-01-20	7.5 High
Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4.
CVE-2025-66053	2 Kriesi, Wordpress	2 Enfold, Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows Stored XSS.This issue affects Enfold: from n/a through <= 7.1.2.

« first previous Page 70 of 492. next last »