Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9592 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-24566	2 Inet, Wordpress	2 Inet Webkit, Wordpress	2026-01-26	6.5 Medium
Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through <= 1.2.4.
CVE-2026-22401	1 Wordpress	1 Wordpress	2026-01-26	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through <= 2.4.2.
CVE-2026-22400	2 Mikado-themes, Wordpress	2 Holmes, Wordpress	2026-01-26	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through <= 1.7.
CVE-2026-22398	2 Mikado-themes, Wordpress	2 Fleur, Wordpress	2026-01-26	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through <= 2.0.
CVE-2026-22396	2 Mikado-themes, Wordpress	2 Fiorello, Wordpress	2026-01-26	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through <= 1.0.
CVE-2026-22393	2 Mikado-themes, Wordpress	2 Curly, Wordpress	2026-01-26	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through <= 3.3.
CVE-2025-69293	2 E-plugins, Wordpress	2 Final User, Wordpress	2026-01-26	8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5.
CVE-2025-69292	2 E-plugins, Wordpress	2 Wp Membership, Wordpress	2026-01-26	8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2025-69193	2 E-plugins, Wordpress	2 Wp Membership, Wordpress	2026-01-26	7.3 High
Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2025-69192	2 E-plugins, Wordpress	2 Real Estate Pro, Wordpress	2026-01-26	7.3 High
Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5.
CVE-2025-69191	1 Wordpress	1 Wordpress	2026-01-26	7.3 High
Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through <= 1.2.7.
CVE-2026-24567	1 Wordpress	1 Wordpress	2026-01-26	4.3 Medium
Missing Authorization vulnerability in briarinc Anything Order by Terms anything-order-by-terms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Anything Order by Terms: from n/a through <= 1.4.0.
CVE-2026-24390	3 Elementor, Qantumthemes, Wordpress	3 Elementor, Kentha Elementor Widgets, Wordpress	2026-01-26	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1.
CVE-2026-24389	2 Wordpress, Wpchill	2 Wordpress, Gallery Photoblocks	2026-01-26	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.2.
CVE-2026-22445	1 Wordpress	1 Wordpress	2026-01-26	5.3 Medium
Missing Authorization vulnerability in Proptech Plugin Apimo Connector apimo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apimo Connector: from n/a through <= 2.6.4.
CVE-2026-22430	2 Mikado-themes, Wordpress	2 Verdure, Wordpress	2026-01-26	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: from n/a through <= 1.6.
CVE-2026-22426	1 Wordpress	1 Wordpress	2026-01-26	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through <= 1.2.
CVE-2026-24583	2 Sumup, Wordpress	2 Payment Gateway For Woocommerce, Wordpress	2026-01-26	5.3 Medium
Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SumUp Payment Gateway For WooCommerce: from n/a through <= 2.7.9.
CVE-2026-24581	2 Wordpress, Wpswings	2 Wordpress, Points And Rewards For Woocommerce	2026-01-26	5.4 Medium
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Points and Rewards for WooCommerce: from n/a through <= 2.9.5.
CVE-2026-24580	2 Lightspeedhq, Wordpress	2 Ecwid Ecommerce Shopping Cart, Wordpress	2026-01-26	4.3 Medium
Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.5.

« first previous Page 22 of 480. next last »