Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9592 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22411	2 Mikado-themes, Wordpress	2 Dolcino, Wordpress	2026-01-27	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: from n/a through <= 1.6.
CVE-2026-22409	2 Mikado-themes, Wordpress	2 Justicia, Wordpress	2026-01-27	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2.
CVE-2026-22407	2 Mikado-themes, Wordpress	2 Roam, Wordpress	2026-01-27	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1.
CVE-2026-22406	2 Mikado-themes, Wordpress	2 Overton, Wordpress	2026-01-27	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3.
CVE-2026-22391	2 Mikado-themes, Wordpress	2 Cocco, Wordpress	2026-01-27	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through <= 1.5.1.
CVE-2026-22358	2 Smartdatasoft, Wordpress	2 Electrician - Electrical Service Wordpress, Wordpress	2026-01-27	5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6.
CVE-2026-22348	1 Wordpress	1 Wordpress	2026-01-27	5.3 Medium
Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Control: from n/a through <= 1.53.
CVE-2025-69319	2 Wordpress, Wpbeaverbuilder	2 Wordpress, Beaver Builder	2026-01-27	7.5 High
Improper Control of Generation of Code ('Code Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through <= 2.9.4.1.
CVE-2025-69315	2 Nsquared, Wordpress	2 Simply Schedule Appointments, Wordpress	2026-01-27	6.5 Medium
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.15.
CVE-2025-69314	1 Wordpress	1 Wordpress	2026-01-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Werkstatt werkstatt allows PHP Local File Inclusion.This issue affects Werkstatt: from n/a through < 4.8.3.
CVE-2025-69313	2 Wordpress, Wpxpo	2 Wordpress, Postx	2026-01-27	7.5 High
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3.
CVE-2025-69312	2 Wordpress, Xpro	2 Wordpress, Xpro Elementor Addons	2026-01-27	9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1.
CVE-2025-69311	1 Wordpress	1 Wordpress	2026-01-27	7.6 High
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.1.
CVE-2026-24539	2 Clickdatos, Wordpress	2 Proteccion De Datos Rgpd, Wordpress	2026-01-27	5.3 Medium
Missing Authorization vulnerability in ABCdatos Protección de datos – RGPD proteccion-datos-rgpd allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protección de datos – RGPD: from n/a through <= 0.68.
CVE-2026-22450	1 Wordpress	1 Wordpress	2026-01-27	4.3 Medium
Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through <= 1.3.
CVE-2026-22404	2 Mikado-themes, Wordpress	2 Innovio, Wordpress	2026-01-27	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through <= 1.7.
CVE-2026-22402	1 Wordpress	1 Wordpress	2026-01-27	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through <= 2.4.7.
CVE-2025-69300	2 Leap13, Wordpress	2 Premium Addons For Elementor, Wordpress	2026-01-27	5.4 Medium
Missing Authorization vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.63.
CVE-2025-69188	2 E-plugins, Wordpress	2 Fitness Trainer, Wordpress	2026-01-27	7.3 High
Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through <= 1.7.1.
CVE-2025-69187	2 E-plugins, Wordpress	2 Final User, Wordpress	2026-01-27	7.3 High
Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5.

« first previous Page 17 of 480. next last »