Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 7115 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-53207	1 Wordpress	1 Wordpress	2025-08-21	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel WP Travel Gutenberg Blocks allows PHP Local File Inclusion. This issue affects WP Travel Gutenberg Blocks: from n/a through 3.9.0.
CVE-2025-53577	1 Wordpress	1 Wordpress	2025-08-21	10 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS allows Remote Code Inclusion. This issue affects Global DNS: from n/a through 3.1.0.
CVE-2025-54019	1 Wordpress	1 Wordpress	2025-08-21	6.5 Medium
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Code Injection. This issue affects Alone: from n/a through n/a.
CVE-2025-54670	2 Bobbingwide, Wordpress	2 Oik, Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik allows Reflected XSS. This issue affects oik: from n/a through 4.15.2.
CVE-2025-48168	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player allows Reflected XSS. This issue affects Apollo - Sticky Full Width HTML5 Audio Player: from n/a through 3.4.
CVE-2025-48151	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations allows Reflected XSS. This issue affects CM Map Locations: from n/a through 2.1.6.
CVE-2025-53208	1 Wordpress	1 Wordpress	2025-08-21	7.5 High
Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Maya Business: from n/a through 1.2.0.
CVE-2025-53226	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Comments Capcha Box allows Reflected XSS. This issue affects Comments Capcha Box: from n/a through 1.1.
CVE-2025-49894	1 Wordpress	1 Wordpress	2025-08-21	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rewish WP Emmet allows Stored XSS. This issue affects WP Emmet: from n/a through 0.3.4.
CVE-2025-48142	1 Wordpress	1 Wordpress	2025-08-21	8.8 High
Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify allows Privilege Escalation. This issue affects Bookify: from n/a through 1.0.9.
CVE-2025-49436	1 Wordpress	1 Wordpress	2025-08-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thiudis Custom Menu allows Stored XSS. This issue affects Custom Menu: from n/a through 1.8.
CVE-2025-53563	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider allows Reflected XSS. This issue affects Youtube Vimeo Video Player and Slider: from n/a through 3.8.
CVE-2025-53560	1 Wordpress	1 Wordpress	2025-08-21	8.8 High
Deserialization of Untrusted Data vulnerability in rascals Noisa allows Object Injection. This issue affects Noisa: from n/a through 2.6.0.
CVE-2025-54028	1 Wordpress	1 Wordpress	2025-08-21	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team Tobias CF7 WOW Styler allows PHP Local File Inclusion. This issue affects CF7 WOW Styler: from n/a through 1.7.2.
CVE-2025-49424	1 Wordpress	1 Wordpress	2025-08-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in diego.benna Essential Doo Components for Visual Composer allows DOM-Based XSS. This issue affects Essential Doo Components for Visual Composer: from n/a through 1.9.
CVE-2025-53212	1 Wordpress	1 Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player With Bottom Playlist allows Reflected XSS. This issue affects Revolution Video Player With Bottom Playlist: from n/a through 2.9.2.
CVE-2025-49381	1 Wordpress	1 Wordpress	2025-08-21	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect allows Cross Site Request Forgery. This issue affects ads.txt Guru Connect: from n/a through 1.1.1.
CVE-2025-48297	2 Quantumcloud, Wordpress	2 Simple Link Directory, Wordpress	2025-08-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quantumcloud Simple Link Directory allows Reflected XSS. This issue affects Simple Link Directory: from n/a through n/a.
CVE-2025-53565	2 Radiustheme, Wordpress	2 Widget For Google Reviews, Wordpress	2025-08-21	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Widget for Google Reviews allows PHP Local File Inclusion. This issue affects Widget for Google Reviews: from n/a through 1.0.15.
CVE-2025-54017	2 Cozmoslabs, Wordpress	2 Paid Member Subscriptions, Wordpress	2025-08-21	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscriptions allows PHP Local File Inclusion. This issue affects Paid Member Subscriptions: from n/a through 2.15.4.

« first previous Page 107 of 356. next last »