Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9592 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-68999	2 Happymonster, Wordpress	2 Happy Addons For Elementor, Wordpress	2026-01-28	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.4.
CVE-2025-68986	1 Wordpress	1 Wordpress	2026-01-28	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Miion miion allows Upload a Web Shell to a Web Server.This issue affects Miion: from n/a through <= 1.2.7.
CVE-2025-68912	1 Wordpress	1 Wordpress	2026-01-28	8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1.
CVE-2025-68910	1 Wordpress	1 Wordpress	2026-01-28	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogzee blogzee allows Using Malicious Files.This issue affects Blogzee: from n/a through <= 1.0.5.
CVE-2025-68909	1 Wordpress	1 Wordpress	2026-01-28	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogistic blogistic allows Using Malicious Files.This issue affects Blogistic: from n/a through <= 1.0.5.
CVE-2025-68059	1 Wordpress	1 Wordpress	2026-01-28	7.6 High
Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.
CVE-2025-68058	2 E-plugins, Wordpress	2 Institutions Directory, Wordpress	2026-01-28	7.6 High
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3..4.
CVE-2025-68057	2 E-plugins, Wordpress	2 Hospital & Doctor Directory, Wordpress	2026-01-28	7.6 High
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
CVE-2025-67946	2 Scriptsbundle, Wordpress	2 Adforest, Wordpress	2026-01-28	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11.
CVE-2025-67945	3 Mailerlite, Woocommerce, Wordpress	3 Mailerlite, Woocommerce, Wordpress	2026-01-28	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue affects MailerLite – WooCommerce integration: from n/a through <= 3.1.2.
CVE-2025-67944	2 Neliosoftware, Wordpress	2 Nelio Ab Testing, Wordpress	2026-01-28	9.1 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.1.8.
CVE-2025-67943	2 Wordpress, Wphocus	2 Wordpress, My Auctions Allegro	2026-01-28	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.32.
CVE-2025-67942	1 Wordpress	1 Wordpress	2026-01-28	6.5 Medium
Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 3.3.6.
CVE-2026-24525	2 Cloudpanel, Wordpress	2 Clp Varnish Cache, Wordpress	2026-01-28	5.3 Medium
Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through <= 1.0.2.
CVE-2025-69076	2 Ancorathemes, Wordpress	2 Modern Housewife, Wordpress	2026-01-28	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Modern Housewife modernhousewife allows PHP Local File Inclusion.This issue affects Modern Housewife: from n/a through <= 1.0.12.
CVE-2025-68869	2 Lazycoders, Wordpress	2 Lazytasks, Wordpress	2026-01-28	9.8 Critical
Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.4.01.
CVE-2025-68507	2 Icegram, Wordpress	2 Icegram, Wordpress	2026-01-28	6.5 Medium
Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through <= 3.1.35.
CVE-2025-68073	2 Ninjateam, Wordpress	2 Gpdr Ccpa Compliance Support, Wordpress	2026-01-28	6.5 Medium
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.4.
CVE-2025-68072	2 Merv Barrett, Wordpress	2 Easy Property Listings, Wordpress	2026-01-28	6.5 Medium
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.17.
CVE-2024-54383	3 Wordpress, Wpweb, Wpwebelite	3 Wordpress, Woocommerce Pdf Vouchers, Woocommerce Pdf Vouchers	2026-01-28	9.8 Critical
Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.

« first previous Page 13 of 480. next last »