Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 6772 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-53232	1 Wordpress	1 Wordpress	2025-10-23	5.8 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in inkthemes WP Gmail SMTP wp-gmail-smtp allows Retrieve Embedded Sensitive Data.This issue affects WP Gmail SMTP: from n/a through <= 1.0.7.
CVE-2025-53229	1 Wordpress	1 Wordpress	2025-10-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav RockON DJ rockon allows Reflected XSS.This issue affects RockON DJ: from n/a through <= 3.3.
CVE-2025-52770	1 Wordpress	1 Wordpress	2025-10-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in appscreo Hello Followers hellofollowers allows Reflected XSS.This issue affects Hello Followers: from n/a through <= 2.5.
CVE-2025-62048	2 Wordpress, Wpmudev	2 Wordpress, Smartcrawl	2025-10-23	5.4 Medium
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform SmartCrawl smartcrawl-seo.This issue affects SmartCrawl: from n/a through <= 3.14.3.
CVE-2025-62029	1 Wordpress	1 Wordpress	2025-10-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themesion Grevo grevo.This issue affects Grevo: from n/a through <= 2.4.
CVE-2025-62027	2 Stellarwp, Wordpress	2 Event Tickets, Wordpress	2025-10-23	5.4 Medium
Missing Authorization vulnerability in StellarWP Event Tickets event-tickets.This issue affects Event Tickets: from n/a through <= 5.26.3.
CVE-2025-62026	2 Blockspare, Wordpress	2 Blockspare, Wordpress	2025-10-23	4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Blockspare Blockspare blockspare allows Retrieve Embedded Sensitive Data.This issue affects Blockspare: from n/a through <= 3.2.13.2.
CVE-2025-62025	2 Eyecix, Wordpress	2 Jobsearch, Wordpress	2025-10-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through < 3.0.8.
CVE-2025-62023	2 S2member, Wordpress	2 S2member, Wordpress	2025-10-23	9.8 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Cristián Lávaque s2Member s2member.This issue affects s2Member: from n/a through <= 250905.
CVE-2025-62022	2 Buddypress, Wordpress	2 Buddypress, Wordpress	2025-10-23	7.5 High
Missing Authorization vulnerability in BuddyPress BuddyPress buddypress.This issue affects BuddyPress: from n/a through <= 14.3.4.
CVE-2025-59593	2 Extendthemes, Wordpress	2 Colibri Page Builder, Wordpress	2025-10-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder colibri-page-builder allows Stored XSS.This issue affects Colibri Page Builder: from n/a through < 1.0.334.
CVE-2025-59575	2 Stylemixthemes, Wordpress	2 Masterstudy Lms, Wordpress	2025-10-23	5 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.
CVE-2025-59571	2 Purethemes, Wordpress	2 Workscout Core, Wordpress	2025-10-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through < 1.7.06.
CVE-2025-59564	1 Wordpress	1 Wordpress	2025-10-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through < 4.4.5.
CVE-2025-59558	1 Wordpress	1 Wordpress	2025-10-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through < 2.1.6.
CVE-2025-59557	1 Wordpress	1 Wordpress	2025-10-23	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: from n/a through < 1.7.5.
CVE-2025-59555	1 Wordpress	1 Wordpress	2025-10-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Medizin medizin allows PHP Local File Inclusion.This issue affects Medizin: from n/a through < 1.9.7.
CVE-2025-59550	1 Wordpress	1 Wordpress	2025-10-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Xcare xcare allows PHP Local File Inclusion.This issue affects Xcare: from n/a through < 6.5.
CVE-2025-59004	1 Wordpress	1 Wordpress	2025-10-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pco_58 WC Return products wc-return-product allows Reflected XSS.This issue affects WC Return products: from n/a through <= 1.5.
CVE-2025-58971	1 Wordpress	1 Wordpress	2025-10-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AmentoTech Doctreat doctreat allows Reflected XSS.This issue affects Doctreat: from n/a through <= 1.6.7.

« first previous Page 20 of 339. next last »