Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 10374 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-23547	2 Cmsmasters, Wordpress	2 Cmsmasters Content Composer, Wordpress	2026-02-20	7.1 High
Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through <= 2.5.8.
CVE-2026-22422	2 Wordpress, Wpeverest	2 Wordpress, Everest Forms	2026-02-20	5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through <= 3.4.1.
CVE-2026-27440	2 Saadiqbal, Wordpress	2 Mycred, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.7.6.
CVE-2026-27368	2 Seedprod, Wordpress	2 Coming Soon Page, Under Construction & Maintenance Mode, Wordpress	2026-02-20	5.9 Medium
Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.7.
CVE-2026-27343	2 Vankarwai, Wordpress	2 Airtifact, Wordpress	2026-02-20	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through <= 1.2.91.
CVE-2026-25362	2 Fooplugins, Wordpress	2 Foogallery, Wordpress	2026-02-20	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through <= 3.1.11.
CVE-2026-25343	2 Veronalabs, Wordpress	2 Wp Sms, Wordpress	2026-02-20	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through <= 7.1.
CVE-2026-25330	2 Publishpress, Wordpress	2 Publishpress Authors, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.
CVE-2026-25326	2 Cmsmasters, Wordpress	2 Cmsmasters Content Composer, Wordpress	2026-02-20	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through <= 1.4.5.
CVE-2026-25324	2 Expresstech, Wordpress	2 Quiz And Survey Master, Wordpress	2026-02-20	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.
CVE-2026-25322	2 Publishpress, Wordpress	2 Publishpress Revisions, Wordpress	2026-02-20	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through <= 3.7.22.
CVE-2026-25315	2 Hcaptcha, Wordpress	2 Hcaptcha For Wp, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.22.0.
CVE-2026-25313	2 Shahjahan Jewel, Wordpress	2 Fluentform, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <= 6.1.14.
CVE-2026-25307	2 8theme, Wordpress	2 Xstore Core, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.7.
CVE-2026-25008	2 Shahjahan Jewel, Wordpress	2 Ninja Tables, Wordpress	2026-02-20	4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5.
CVE-2026-2384	2 Ays-pro, Wordpress	2 Quiz Maker, Wordpress	2026-02-20	6.4 Medium
The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `vc_quizmaker` shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This vulnerability requires WPBakery Page Builder to be installed and active
CVE-2026-27059	2 Pencidesign, Wordpress	2 Penci Recipe, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n/a through <= 4.1.
CVE-2026-27057	2 Pencidesign, Wordpress	2 Penci Filter Everything, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through <= 1.7.
CVE-2026-25472	2 Themefusion, Wordpress	2 Fusion Builder, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Stored XSS.This issue affects Fusion Builder: from n/a through <= 3.14.3.
CVE-2026-25451	2 Bold-themes, Wordpress	2 Bold Page Builder, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.6.4.

« first previous Page 13 of 519. next last »