Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11803 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-51825	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crissoca Alert Me! alert-me allows DOM-Based XSS.This issue affects Alert Me!: from n/a through <= 0.4.0.
CVE-2025-53239	1 Wordpress	1 Wordpress	2026-04-15	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bnovotny User Registration Aide user-registration-aide allows Reflected XSS.This issue affects User Registration Aide: from n/a through <= 1.5.3.8.
CVE-2025-53324	1 Wordpress	1 Wordpress	2026-04-15	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through <= 1.5.7.
CVE-2025-53586	1 Wordpress	1 Wordpress	2026-04-15	9.8 Critical
Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic allows Object Injection.This issue affects WeMusic: from n/a through <= 1.9.1.
CVE-2025-46535	2 Alphaefficiencyteam, Wordpress	2 Custom Login And Registration, Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.
CVE-2025-68003	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through <= 1.2.10.
CVE-2025-68014	1 Wordpress	1 Wordpress	2026-04-15	N/A
Insertion of Sensitive Information Into Sent Data vulnerability in awethemes AweBooking awebooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through <= 3.2.26.
CVE-2025-54718	1 Wordpress	1 Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi allows Reflected XSS.This issue affects Yogi - Health Beauty & Yoga: from n/a through <= 2.9.2.
CVE-2025-68503	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Crocoblock JetBlog jet-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetBlog: from n/a through <= 2.4.7.
CVE-2024-51844	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kiran Patil Location Click Map location-click-map allows Stored XSS.This issue affects Location Click Map: from n/a through <= 1.0.
CVE-2025-68850	2 Codepeople, Wordpress	2 Sell Downloads, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in codepeople Sell Downloads sell-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through <= 1.1.12.
CVE-2025-54721	1 Wordpress	1 Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Resca resca allows Reflected XSS.This issue affects Resca: from n/a through <= 3.0.2.
CVE-2025-68868	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codeaffairs Wp Text Slider Widget wp-text-slider-widget allows Stored XSS.This issue affects Wp Text Slider Widget: from n/a through <= 1.0.
CVE-2025-69333	2 Crocoblock, Wordpress	2 Jetengine, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.8.1.1.
CVE-2024-51850	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bchristopeit WoW Guild Armory Roster guild-armory-roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through <= 0.5.5.
CVE-2024-51853	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alberuni Azad. Faltu Testimonial Rotator faltu-testimonial-rotator allows DOM-Based XSS.This issue affects Faltu Testimonial Rotator: from n/a through <= 1.0.0.
CVE-2024-51854	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in holanetworks Hola Free Video Player hola-free-video-player allows DOM-Based XSS.This issue affects Hola Free Video Player: from n/a through <= 1.3.9.
CVE-2024-51861	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek EventPress wp-eventpress allows Stored XSS.This issue affects EventPress: from n/a through <= 1.0.0.
CVE-2024-51866	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in riponshah Social button social-button allows Stored XSS.This issue affects Social button: from n/a through <= 1.3.
CVE-2025-58018	2 Richard Leishman, Wordpress	2 Mail Subscribe List, Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Leishman Mail Subscribe List mail-subscribe-list allows Stored XSS.This issue affects Mail Subscribe List: from n/a through <= 2.1.10.

« first previous Page 89 of 591. next last »