Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9592 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-69186	2 E-plugins, Wordpress	2 Hospital & Doctor Directory, Wordpress	2026-01-27	7.3 High
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
CVE-2025-69185	1 Wordpress	1 Wordpress	2026-01-27	7.3 High
Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.
CVE-2025-14430	2 Thememove, Wordpress	2 Brook, Wordpress	2026-01-27	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook - Agency Business Creative brook allows PHP Local File Inclusion.This issue affects Brook - Agency Business Creative: from n/a through <= 2.8.9.
CVE-2025-22707	2 Thememove, Wordpress	2 Moody, Wordpress	2026-01-27	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through <= 2.7.3.
CVE-2025-22708	2 Thememove, Wordpress	2 Mitech, Wordpress	2026-01-27	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through <= 2.3.4.
CVE-2025-67934	3 Mikado-themes, Qodeinteractive, Wordpress	3 Wellspring, Wellspring, Wordpress	2026-01-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through < 2.8.
CVE-2026-24565	1 Wordpress	1 Wordpress	2026-01-27	6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through <= 2.0.0.
CVE-2026-24544	2 Harmonicdesign, Wordpress	2 Hd Quiz, Wordpress	2026-01-27	4.3 Medium
Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through <= 2.0.9.
CVE-2026-24543	1 Wordpress	1 Wordpress	2026-01-27	4.3 Medium
Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through <= 1.3.52.
CVE-2026-24541	2 Mkscripts, Wordpress	2 Download After Email, Wordpress	2026-01-27	5.3 Medium
Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through <= 2.1.9.
CVE-2026-24540	2 Prince, Wordpress	2 Integrate Google Drive, Wordpress	2026-01-27	5.4 Medium
Missing Authorization vulnerability in Prince Integrate Google Drive integrate-google-drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through <= 1.5.5.
CVE-2025-69181	2 E-plugins, Wordpress	2 Lawyer Directory, Wordpress	2026-01-27	7.3 High
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.4.
CVE-2025-69101	2 Amentotech, Wordpress	2 Workreap, Wordpress	2026-01-27	9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Workreap Core workreap_core allows Authentication Abuse.This issue affects Workreap Core: from n/a through <= 3.4.0.
CVE-2025-69095	2 Designthemes, Wordpress	2 Reservation Plugin, Wordpress	2026-01-27	6.5 Medium
Missing Authorization vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reservation Plugin: from n/a through <= 1.7.
CVE-2025-69079	1 Wordpress	1 Wordpress	2026-01-27	9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeREX Sound \| Musical Instruments Online Store musicplace allows Object Injection.This issue affects Sound \| Musical Instruments Online Store: from n/a through <= 1.6.9.
CVE-2025-69054	1 Wordpress	1 Wordpress	2026-01-27	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super Logos Showcase: from n/a through <= 2.8.
CVE-2025-69052	2 Fmeaddons, Wordpress	2 Registration And Login With Mobile Phone Number For Woocommerce, Wordpress	2026-01-27	9.8 Critical
Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number for WooCommerce registration-login-with-mobile-phone-number allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registration & Login with Mobile Phone Number for WooCommerce: from n/a through <= 1.3.1.
CVE-2025-66140	2 Merkulove, Wordpress	2 Uper For Elementor, Wordpress	2026-01-27	5.4 Medium
Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.
CVE-2025-62077	1 Wordpress	1 Wordpress	2026-01-27	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SEOSEON EUROPE S.L Affiliate Link Tracker affiliate-link-tracker allows Stored XSS.This issue affects Affiliate Link Tracker: from n/a through <= 0.2.
CVE-2025-62056	1 Wordpress	1 Wordpress	2026-01-27	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes News Event news-event.This issue affects News Event: from n/a through <= 1.0.1.

« first previous Page 18 of 480. next last »