Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 6704 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62925	2 Conversios, Wordpress	2 Conversios.io, Wordpress	2025-10-27	N/A
Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.10.
CVE-2025-62956	1 Wordpress	1 Wordpress	2025-10-27	N/A
Cross-Site Request Forgery (CSRF) vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through <= 2.0.1.
CVE-2025-62919	1 Wordpress	1 Wordpress	2025-10-27	N/A
Missing Authorization vulnerability in themeshopy TS Demo Importer ts-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Demo Importer: from n/a through <= 0.1.2.
CVE-2025-62927	1 Wordpress	1 Wordpress	2025-10-27	N/A
Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Content: from n/a through <= 4.0.5.
CVE-2025-62944	1 Wordpress	1 Wordpress	2025-10-27	N/A
Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTER mstw-csv-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSTW CSV EXPORTER: from n/a through <= 1.4.
CVE-2025-62908	1 Wordpress	1 Wordpress	2025-10-27	N/A
Missing Authorization vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Podlove Web Player: from n/a through <= 5.9.1.
CVE-2025-62953	2 Welcart, Wordpress	2 E-commerce, Wordpress	2025-10-27	N/A
Missing Authorization vulnerability in nanbu Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through <= 2.11.24.
CVE-2025-62941	1 Wordpress	1 Wordpress	2025-10-27	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Events Maker by dFactory events-maker allows Stored XSS.This issue affects Events Maker by dFactory: from n/a through <= 1.6.14.
CVE-2025-62918	1 Wordpress	1 Wordpress	2025-10-27	N/A
Missing Authorization vulnerability in ignitionwp IgnitionDeck ignitiondeck allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IgnitionDeck: from n/a through <= 2.0.10.
CVE-2025-62912	2 Siteground, Wordpress	2 Email-marketing, Wordpress	2025-10-27	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SiteGround SiteGround Email Marketing siteground-email-marketing allows Stored XSS.This issue affects SiteGround Email Marketing: from n/a through <= 1.7.1.
CVE-2025-48088	2 Brainstormforce, Wordpress	2 Ultimate Addons For Wpbakery Page Builder, Wordpress	2025-10-27	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows Stored XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.1.
CVE-2025-62897	1 Wordpress	1 Wordpress	2025-10-27	5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Code Injection.This issue affects WP Recipe Maker: from n/a through <= 10.1.1.
CVE-2025-62929	2 Pluginops, Wordpress	2 Testimonial Slider, Wordpress	2025-10-27	N/A
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.
CVE-2025-62954	2 Revive, Wordpress	2 Revive Old Posts, Wordpress	2025-10-27	N/A
Missing Authorization vulnerability in Codeinwp Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through <= 9.3.3.
CVE-2025-62952	2 Quantumcloud, Wordpress	2 Chatbot, Wordpress	2025-10-27	N/A
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.3.0.
CVE-2025-62946	2 Everestthemes, Wordpress	2 Everest Backup, Wordpress	2025-10-27	N/A
Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a through <= 2.3.8.
CVE-2025-62970	2 Spencer Haws, Wordpress	2 Link Whisper Free, Wordpress	2025-10-27	5.3 Medium
Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through <= 0.8.8.
CVE-2025-62904	1 Wordpress	1 Wordpress	2025-10-27	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Huson WP Geo wp-geo allows Stored XSS.This issue affects WP Geo: from n/a through <= 3.5.1.
CVE-2025-62933	1 Wordpress	1 Wordpress	2025-10-27	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through <= 2.2.1.
CVE-2025-62911	2 Rockcontent, Wordpress	2 Rock Convert, Wordpress	2025-10-27	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Content Rock Convert rock-convert allows Stored XSS.This issue affects Rock Convert: from n/a through <= 3.0.1.

« first previous Page 5 of 336. next last »