Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 12022 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-69298	2 Ghostpool, Wordpress	2 Gauge, Wordpress	2026-04-24	7.5 High
Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4.
CVE-2025-69303	2 Modeltheme, Wordpress	2 Modeltheme Framework, Wordpress	2026-04-24	7.5 High
Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Framework: from n/a through < 2.0.0.
CVE-2025-69373	2 Beeteam368, Wordpress	2 Vidorev, Wordpress	2026-04-24	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through <= 2.9.9.9.9.9.7.
CVE-2026-22471	2 Maximsecudeal, Wordpress	2 Secudeal Payments For Ecommerce, Wordpress	2026-04-24	8.8 High
Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through <= 1.1.
CVE-2025-69393	2 Jthemes, Wordpress	2 Exzo, Wordpress	2026-04-24	7.5 High
Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exzo: from n/a through <= 1.2.4.
CVE-2025-69394	2 Cnvrse, Wordpress	2 Cnvrse, Wordpress	2026-04-24	7.5 High
Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cnvrse: from n/a through < 026.02.10.20.
CVE-2025-69401	2 Mdalabar, Wordpress	2 Wooodt Lite, Wordpress	2026-04-24	7.5 High
Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through <= 2.5.2.
CVE-2026-22341	2 Case-themes, Wordpress	2 Booked, Wordpress	2026-04-24	6.7 Medium
Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through <= 3.0.0.
CVE-2026-22350	2 Add-ons.org, Wordpress	2 Pdf For Elementor Forms + Drag And Drop Template Builder, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through <= 6.3.1.
CVE-2026-22351	2 Marcus (aka @msykes), Wordpress	2 Wp Fullcalendar, Wordpress	2026-04-24	7.5 High
Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through <= 1.6.
CVE-2026-22365	2 Axiomthemes, Wordpress	2 Soleng, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects Soleng: from n/a through <= 1.0.5.
CVE-2026-22383	2 Mikado-themes, Wordpress	2 Pawfriends - Pet Shop And Veterinary Wordpress Theme, Wordpress	2026-04-24	7.5 High
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.
CVE-2026-22384	2 Leafcolor, Wordpress	2 Applay - Shortcodes, Wordpress	2026-04-24	9.8 Critical
Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through <= 3.7.
CVE-2026-28083	2 Uxthemes, Wordpress	2 Flatsome, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through <= 3.20.5.
CVE-2025-69340	2 Buddhathemes, Wordpress	2 Wedesigntech Ultimate Booking Addon, Wordpress	2026-04-24	7.5 High
Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.3.
CVE-2026-22389	2 Mikado-themes, Wordpress	2 Cocco, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects Cocco: from n/a through <= 2.0.
CVE-2026-22403	2 Mikado-themes, Wordpress	2 Innovio, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Innovio innovio allows PHP Local File Inclusion.This issue affects Innovio: from n/a through <= 1.9.
CVE-2026-22459	2 Blend Media, Wordpress	2 Wordpress Cta, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through <= 2.1.2.
CVE-2026-22397	2 Mikado-themes, Wordpress	2 Fleur, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Fleur fleur allows PHP Local File Inclusion.This issue affects Fleur: from n/a through <= 2.2.1.
CVE-2026-22494	2 Themerex, Wordpress	2 Good Homes, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good Homes: from n/a through <= 1.3.13.

« first previous Page 105 of 602. next last »