Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 7115 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-48310	2 Wordpress, Wptableeditor	2 Wordpress, Table Editor	2025-08-29	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in wptableeditor Table Editor allows Cross Site Request Forgery. This issue affects Table Editor: from n/a through 1.6.4.
CVE-2025-48325	1 Wordpress	1 Wordpress	2025-08-29	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in shmish111 WP Admin Theme allows Stored XSS. This issue affects WP Admin Theme: from n/a through 1.0.
CVE-2025-48348	1 Wordpress	1 Wordpress	2025-08-29	4.3 Medium
Incorrect Privilege Assignment vulnerability in chandrashekharsahu Site Offline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Site Offline: from n/a through 1.5.7.
CVE-2025-58196	2 Uicore, Wordpress	2 Elements, Wordpress	2025-08-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements allows Stored XSS. This issue affects UiCore Elements: from n/a through 1.3.4.
CVE-2025-48359	1 Wordpress	1 Wordpress	2025-08-29	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in thaihavnn07 ATT YouTube Widget allows Stored XSS. This issue affects ATT YouTube Widget: from n/a through 1.0.
CVE-2025-48316	1 Wordpress	1 Wordpress	2025-08-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ItayXD Responsive Mobile-Friendly Tooltip allows Stored XSS. This issue affects Responsive Mobile-Friendly Tooltip: from n/a through 1.6.6.
CVE-2025-48312	1 Wordpress	1 Wordpress	2025-08-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 文派翻译（WP Chinese Translation） WPAvatar allows Stored XSS. This issue affects WPAvatar: from n/a through 1.9.3.
CVE-2025-48356	1 Wordpress	1 Wordpress	2025-08-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Isra Kanpress allows Stored XSS. This issue affects Kanpress: from n/a through 1.1.
CVE-2025-48305	1 Wordpress	1 Wordpress	2025-08-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikingjs Goal Tracker for Patreon allows Stored XSS. This issue affects Goal Tracker for Patreon: from n/a through 0.4.6.
CVE-2025-48314	1 Wordpress	1 Wordpress	2025-08-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salubrio Add Code To Head allows Stored XSS. This issue affects Add Code To Head: from n/a through 1.17.
CVE-2025-48320	1 Wordpress	1 Wordpress	2025-08-29	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 allows Stored XSS. This issue affects 百度分享按钮: from n/a through 1.0.6.
CVE-2025-58212	2 Epeken, Wordpress	2 All Kurir, Wordpress	2025-08-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in epeken Epeken All Kurir allows DOM-Based XSS. This issue affects Epeken All Kurir: from n/a through 2.0.1.
CVE-2025-58211	2 Alexvtn, Wordpress	2 Chatbox Manager, Wordpress	2025-08-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alexvtn Chatbox Manager allows Stored XSS. This issue affects Chatbox Manager: from n/a through 1.2.6.
CVE-2025-58205	2 Elementinvader, Wordpress	2 Elementinvader Addons For Elementor, Wordpress	2025-08-29	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.6.
CVE-2025-58203	2 Solacewp, Wordpress	2 Solace Extra, Wordpress	2025-08-29	4.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.2.
CVE-2025-58202	2 Pluginsandsnippets, Wordpress	2 Simple Page Access Restriction, Wordpress	2025-08-29	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction allows Cross Site Request Forgery. This issue affects Simple Page Access Restriction: from n/a through 1.0.32.
CVE-2025-58198	2 Wordpress, Xpro	2 Wordpress, Theme Builder	2025-08-29	6.5 Medium
Missing Authorization vulnerability in Xpro Xpro Theme Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Xpro Theme Builder: from n/a through 1.2.9.
CVE-2025-48323	1 Wordpress	1 Wordpress	2025-08-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Abunaser Khan Advance Food Menu allows Stored XSS. This issue affects Advance Food Menu: from n/a through 1.0.
CVE-2025-48327	1 Wordpress	1 Wordpress	2025-08-29	5.3 Medium
Missing Authorization vulnerability in inkthemes WP Mailgun SMTP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Mailgun SMTP: from n/a through 1.0.7.
CVE-2025-48311	1 Wordpress	1 Wordpress	2025-08-29	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible Optin allows Stored XSS. This issue affects Invisible Optin: from n/a through 1.0.

« first previous Page 99 of 356. next last »