Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 7115 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58833	1 Wordpress	1 Wordpress	2025-09-07	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in INVELITY Invelity MyGLS connect allows Object Injection. This issue affects Invelity MyGLS connect: from n/a through 1.1.1.
CVE-2025-58872	1 Wordpress	1 Wordpress	2025-09-07	6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in premiumbizthemes Simple Price Calculator allows Retrieve Embedded Sensitive Data. This issue affects Simple Price Calculator: from n/a through 1.3.
CVE-2025-58838	1 Wordpress	1 Wordpress	2025-09-07	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zakir Smooth Accordion allows Stored XSS. This issue affects Smooth Accordion: from n/a through 2.1.
CVE-2025-58835	1 Wordpress	1 Wordpress	2025-09-07	5.3 Medium
Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bonus for Woo: from n/a through 7.4.1.
CVE-2025-58882	1 Wordpress	1 Wordpress	2025-09-07	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in w1zzard Simple Text Slider allows Stored XSS. This issue affects Simple Text Slider: from n/a through 1.0.5.
CVE-2025-58844	1 Wordpress	1 Wordpress	2025-09-07	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Subhash Kumar Database to Excel allows Stored XSS. This issue affects Database to Excel: from n/a through 1.0.
CVE-2025-58799	2 Themelocation, Wordpress	2 Custom Woocommerce Checkout Fields Editor, Wordpress	2025-09-07	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in themelocation Custom WooCommerce Checkout Fields Editor allows Cross Site Request Forgery. This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.4.
CVE-2025-58798	1 Wordpress	1 Wordpress	2025-09-07	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Bjorn Manintveld BCM Duplicate Menu allows Cross Site Request Forgery. This issue affects BCM Duplicate Menu: from n/a through 1.1.2.
CVE-2025-58886	1 Wordpress	1 Wordpress	2025-09-07	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tan Nguyen Instant Locations allows Stored XSS. This issue affects Instant Locations: from n/a through 1.0.
CVE-2025-58854	1 Wordpress	1 Wordpress	2025-09-07	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Samer Bechara Ultimate AJAX Login allows Reflected XSS. This issue affects Ultimate AJAX Login: from n/a through 1.2.1.
CVE-2025-58871	1 Wordpress	1 Wordpress	2025-09-07	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luis Rock Master Paper Collapse Toggle allows Stored XSS. This issue affects Master Paper Collapse Toggle: from n/a through 1.1.
CVE-2025-58842	1 Wordpress	1 Wordpress	2025-09-07	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in givecloud Donation Forms WP by Givecloud allows Stored XSS. This issue affects Donation Forms WP by Givecloud: from n/a through 1.0.9.
CVE-2025-58874	2 Josepsitjar, Wordpress	2 Storymap, Wordpress	2025-09-07	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in josepsitjar StoryMap allows DOM-Based XSS. This issue affects StoryMap: from n/a through 2.1.
CVE-2025-58836	1 Wordpress	1 Wordpress	2025-09-07	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tikolan FW Anker allows Stored XSS. This issue affects FW Anker: from n/a through 1.2.6.
CVE-2025-58791	1 Wordpress	1 Wordpress	2025-09-07	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arjan Olsder SEO Auto Linker allows Stored XSS. This issue affects SEO Auto Linker: from n/a through 1.5.3.
CVE-2025-58873	1 Wordpress	1 Wordpress	2025-09-07	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pusheco Pushe Web Push Notification allows Stored XSS. This issue affects Pushe Web Push Notification: from n/a through 0.5.0.
CVE-2025-58834	1 Wordpress	1 Wordpress	2025-09-07	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gugu short.io allows DOM-Based XSS. This issue affects short.io: from n/a through 2.4.0.
CVE-2025-58851	1 Wordpress	1 Wordpress	2025-09-07	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DigitalCourt Boxed Content allows Stored XSS. This issue affects Boxed Content: from n/a through 1.0.
CVE-2025-58628	1 Wordpress	1 Wordpress	2025-09-07	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous allows Blind SQL Injection. This issue affects Miraculous: from n/a through n/a.
CVE-2025-58797	1 Wordpress	1 Wordpress	2025-09-07	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Mahmudul Hasan Arif Ninja Charts allows Retrieve Embedded Sensitive Data. This issue affects Ninja Charts: from n/a through 3.3.2.

« first previous Page 89 of 356. next last »