Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 7535 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-6085	1 Wordpress	1 Wordpress	2025-09-04	7.2 High
The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2025-58593	2 Themeisle, Wordpress	2 Orbit Fox, Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS. This issue affects Orbit Fox by ThemeIsle: from n/a through 3.0.0.
CVE-2025-58594	2 Brizy, Wordpress	2 Brizy, Wordpress	2025-09-04	4.3 Medium
Missing Authorization vulnerability in themefusecom Brizy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Brizy: from n/a through 2.7.12.
CVE-2025-58596	2 Mailoptin, Wordpress	2 Mailoptin, Wordpress	2025-09-04	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in properfraction MailOptin allows Stored XSS. This issue affects MailOptin: from n/a through 1.2.75.0.
CVE-2025-58597	1 Wordpress	1 Wordpress	2025-09-04	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 2.4.6.
CVE-2025-58600	2 Cozmoslabs, Wordpress	2 Paid Member Subscriptions, Wordpress	2025-09-04	5.3 Medium
Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Paid Member Subscriptions: from n/a through 2.15.9.
CVE-2025-9519	1 Wordpress	1 Wordpress	2025-09-04	7.2 High
The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and above, to execute code on the server.
CVE-2025-9616	1 Wordpress	1 Wordpress	2025-09-04	5.3 Medium
The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAd_reset_cookie_time function. This makes it possible for unauthenticated attackers to reset cookie time settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-58607	2 Gdprinfo, Wordpress	2 Cookie Notice & Consent Banner For Gdpr & Ccpa Compliance, Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GDPR Info Cookie Notice & Consent Banner for GDPR & CCPA Compliance allows Stored XSS. This issue affects Cookie Notice & Consent Banner for GDPR & CCPA Compliance: from n/a through 1.7.11.
CVE-2025-58608	1 Wordpress	1 Wordpress	2025-09-04	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuddyDev MediaPress allows PHP Local File Inclusion. This issue affects MediaPress: from n/a through 1.5.9.1.
CVE-2025-58609	1 Wordpress	1 Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iulia Cazan Latest Post Shortcode allows Stored XSS. This issue affects Latest Post Shortcode: from n/a through 14.0.3.
CVE-2025-58610	2 Wordpress, Wpchill	2 Wordpress, Gallery Photoblocks	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks allows Stored XSS. This issue affects Gallery PhotoBlocks: from n/a through 1.3.1.
CVE-2025-58613	1 Wordpress	1 Wordpress	2025-09-04	5.3 Medium
Missing Authorization vulnerability in Barn2 Plugins Posts Table with Search & Sort allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Posts Table with Search & Sort: from n/a through 1.4.10.
CVE-2025-58617	1 Wordpress	1 Wordpress	2025-09-04	4.3 Medium
Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects F4 Media Taxonomies: from n/a through 1.1.4.
CVE-2025-58618	2 Jonathanjernigan, Wordpress	2 Pie Calendar, Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Jernigan Pie Calendar allows DOM-Based XSS. This issue affects Pie Calendar: from n/a through 1.2.8.
CVE-2025-58620	2 Wordpress, Wpforms	2 Wordpress, Wpforms	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org PDF for WPForms allows Stored XSS. This issue affects PDF for WPForms: from n/a through 6.2.1.
CVE-2025-58624	1 Wordpress	1 Wordpress	2025-09-04	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falselight Exchange Rates allows Stored XSS. This issue affects Exchange Rates: from n/a through 1.2.5.
CVE-2025-58625	2 Spiffyplugins, Wordpress	2 Wp Flow Plus, Wordpress	2025-09-04	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS. This issue affects WP Flow Plus: from n/a through 5.2.5.
CVE-2025-58630	2 Rbaer, Wordpress	2 Simple Matomo Tracking Code Plugin, Wordpress	2025-09-04	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer Simple Matomo Tracking Code allows Stored XSS. This issue affects Simple Matomo Tracking Code: from n/a through 1.1.0.
CVE-2025-58631	2 Wordpress, Zeen101	2 Wordpress, Issuem Plugin	2025-09-04	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 IssueM allows DOM-Based XSS. This issue affects IssueM: from n/a through 2.9.0.

« first previous Page 112 of 377. next last »