Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 10374 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-69375	2 Solverwp, Wordpress	2 Portfolio Builder, Wordpress	2026-02-23	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through <= 1.2.5.
CVE-2025-69376	2 Vanquish, Wordpress	2 User Extra Fields, Wordpress	2026-02-23	N/A
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0.
CVE-2025-69377	2 Vanquish, Wordpress	2 User Extra Fields, Wordpress	2026-02-23	N/A
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0.
CVE-2025-69378	2 Wordpress, Xforwoocommerce	2 Wordpress, Product Filter For Woocommerce	2026-02-23	N/A
Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2.
CVE-2025-69379	2 Vanquish, Wordpress	2 Upload Files Anywhere, Wordpress	2026-02-23	N/A
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8.
CVE-2025-69381	2 Vanquish, Wordpress	2 Woocommerce Bulk Product Editor, Wordpress	2026-02-23	N/A
Missing Authorization vulnerability in vanquish WooCommerce Bulk Product Editor woocommerce-quick-product-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Product Editor: from n/a through <= 3.0.
CVE-2025-69382	2 Themesflat, Wordpress	2 Themesflat Addons For Elementor, Wordpress	2026-02-23	N/A
Deserialization of Untrusted Data vulnerability in themesflat Themesflat Elementor themesflat-elementor allows Object Injection.This issue affects Themesflat Elementor: from n/a through <= 1.0.1.
CVE-2025-69383	2 Agence Web Eoxia - Montpellier, Wordpress	2 Wp Shop, Wordpress	2026-02-23	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through <= 2.6.1.
CVE-2025-69387	2 Whatwouldjessedo, Wordpress	2 Simple Retail Menus, Wordpress	2026-02-23	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File Inclusion.This issue affects Simple Retail Menus: from n/a through <= 4.2.1.
CVE-2025-69394	2 Cnvrse, Wordpress	2 Cnvrse, Wordpress	2026-02-23	N/A
Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cnvrse: from n/a through <= 026.02.10.20.
CVE-2025-69395	2 Themerex, Wordpress	2 Gable, Wordpress	2026-02-23	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gable gable allows PHP Local File Inclusion.This issue affects Gable: from n/a through <= 1.5.
CVE-2025-69396	2 Themerex, Wordpress	2 Splendour, Wordpress	2026-02-23	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Splendour splendour allows PHP Local File Inclusion.This issue affects Splendour: from n/a through <= 1.23.
CVE-2025-69397	2 Themerex, Wordpress	2 Tint, Wordpress	2026-02-23	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tint tint allows PHP Local File Inclusion.This issue affects Tint: from n/a through <= 1.7.
CVE-2025-69398	2 Themerex, Wordpress	2 Plank, Wordpress	2026-02-23	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Plank plank allows PHP Local File Inclusion.This issue affects Plank: from n/a through <= 1.7.
CVE-2025-69399	2 Themerex, Wordpress	2 Cobble, Wordpress	2026-02-23	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Cobble cobble allows PHP Local File Inclusion.This issue affects Cobble: from n/a through <= 1.7.
CVE-2025-69400	2 Themerex, Wordpress	2 Yokoo, Wordpress	2026-02-23	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yokoo yokoo allows PHP Local File Inclusion.This issue affects Yokoo: from n/a through <= 1.1.11.
CVE-2025-69401	2 Mdalabar, Wordpress	2 Wooodt Lite, Wordpress	2026-02-23	N/A
Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through <= 2.5.2.
CVE-2025-69402	2 Themerex, Wordpress	2 R&f, Wordpress	2026-02-23	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX R&F rf allows PHP Local File Inclusion.This issue affects R&F: from n/a through <= 1.5.
CVE-2025-69403	2 Bravis-themes, Wordpress	2 Bravis Addons, Wordpress	2026-02-23	N/A
Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons bravis-addons allows Using Malicious Files.This issue affects Bravis Addons: from n/a through <= 1.1.9.
CVE-2025-69404	2 Themerex, Wordpress	2 Extreme Store, Wordpress	2026-02-23	N/A
Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through <= 1.5.7.

« first previous Page 9 of 519. next last »