Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9689 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-64382	2 Webtoffee, Wordpress	2 Order Export & Order Import For Woocommerce, Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import for WooCommerce: from n/a through <= 2.6.7.
CVE-2025-64379	3 Booster, Pluggabl, Wordpress	3 Booster For Woocommerce, Booster For Woocommerce, Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through <= 7.4.0.
CVE-2025-64378	1 Wordpress	1 Wordpress	2026-01-20	7.5 High
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through < 2.9.10.
CVE-2025-64377	2 Cridio, Wordpress	2 Listingpro, Wordpress	2026-01-20	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through < 2.9.10.
CVE-2025-64376	2 Cridio, Wordpress	2 Listingpro, Wordpress	2026-01-20	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through < 2.9.10.
CVE-2025-64375	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through <= 3.20.1.
CVE-2025-64374	2 Stylemixthemes, Wordpress	2 Motors - Car Dealer, Classifieds & Listing, Wordpress	2026-01-20	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Files.This issue affects Motors: from n/a through <= 5.6.81.
CVE-2025-64373	1 Wordpress	1 Wordpress	2026-01-20	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in shinetheme Traveler traveler allows PHP Local File Inclusion.This issue affects Traveler: from n/a through < 3.2.6.
CVE-2025-64372	1 Wordpress	1 Wordpress	2026-01-20	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through < 3.2.6.
CVE-2025-64371	1 Wordpress	1 Wordpress	2026-01-20	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.6.
CVE-2025-64370	2 Wordpress, Yop-poll	3 Wordpress, Yop-poll, Yop Poll	2026-01-20	5.3 Medium
Missing Authorization vulnerability in YOP YOP Poll yop-poll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YOP Poll: from n/a through <= 6.5.38.
CVE-2025-64369	2 Codepeople, Wordpress	2 Contact Form Email, Wordpress	2026-01-20	6.5 Medium
Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58.
CVE-2025-64368	1 Wordpress	1 Wordpress	2026-01-20	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 1.6.
CVE-2025-64367	2 Groundhogg, Wordpress	2 Groundhogg, Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Stored XSS.This issue affects Groundhogg: from n/a through <= 4.2.6.
CVE-2025-64366	2 Stylemixthemes, Wordpress	2 Masterstudy Lms, Wordpress	2026-01-20	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.6.27.
CVE-2025-64364	2 Stylemixthemes, Wordpress	2 Masterstudy Lms, Wordpress	2026-01-20	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through < 4.8.126.
CVE-2025-64363	1 Wordpress	1 Wordpress	2026-01-20	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through < 5.5.0.
CVE-2025-64362	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through < 5.5.0.
CVE-2025-64361	2 Stylemixthemes, Wordpress	2 Consulting Elementor Widgets, Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows DOM-Based XSS.This issue affects Consulting Elementor Widgets: from n/a through <= 1.4.2.
CVE-2025-64360	2 Stylemixthemes, Wordpress	2 Consulting Elementor Widgets, Wordpress	2026-01-20	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through <= 1.4.2.

« first previous Page 67 of 485. next last »