Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 12022 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-25397	2 Snowray Software, Wordpress	2 File Uploader For Woocommerce, Wordpress	2026-04-24	7.5 High
Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n/a through <= 1.0.4.
CVE-2026-25454	2 Mvpthemes, Wordpress	2 The League, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through <= 4.4.1.
CVE-2026-25447	2 Jonathan Daggerhart, Wordpress	2 Widget Wrangler, Wordpress	2026-04-24	9.1 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through <= 2.3.9.
CVE-2026-25437	2 Wordpress, سید محمدامین هاشمی	2 Wordpress, Gzseo	2026-04-24	6.5 Medium
Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GZSEO: from n/a through <= 2.0.14.
CVE-2026-25460	2 Liquidthemes, Wordpress	2 Ave Core, Wordpress	2026-04-24	6.3 Medium
Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1.
CVE-2026-25462	2 Avalex, Wordpress	2 Avalex, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through <= 3.1.3.
CVE-2026-25390	2 Saad Iqbal, Wordpress	2 New User Approve, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.3.
CVE-2026-31914	2 Hookandhook, Wordpress	2 Wp Courses Lms, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hookandhook WP Courses LMS wp-courses allows DOM-Based XSS.This issue affects WP Courses LMS: from n/a through <= 3.2.26.
CVE-2026-32489	2 Bplugins, Wordpress	2 B Blocks, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.
CVE-2026-32491	2 Jgwhite33, Wordpress	2 Wp Review Slider, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through <= 13.9.
CVE-2026-32494	2 Ays-pro, Wordpress	2 Image Slider, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1.
CVE-2026-32495	2 Linksoftwarellc, Wordpress	2 Wp Terms Popup, Wordpress	2026-04-24	7.5 High
Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through <= 2.10.0.
CVE-2026-32500	2 Creativews, Wordpress	2 Metamax, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through <= 1.1.4.
CVE-2026-32517	2 Kleor, Wordpress	2 Contact Manager, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kleor Contact Manager contact-manager allows Reflected XSS.This issue affects Contact Manager: from n/a through <= 9.1.
CVE-2026-32519	2 Bitapps, Wordpress	2 Bit Smtp, Wordpress	2026-04-24	9 Critical
Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2.
CVE-2026-32524	2 Jordy Meow, Wordpress	2 Photo Engine, Wordpress	2026-04-24	9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow Photo Engine wplr-sync allows Upload a Web Shell to a Web Server.This issue affects Photo Engine: from n/a through <= 6.4.9.
CVE-2026-32526	2 Villatheme, Wordpress	2 Abandoned Cart Recovery For Woocommerce, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through <= 1.1.10.
CVE-2026-32528	2 Don-themes, Wordpress	2 Riode, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.
CVE-2026-32529	2 Don-themes, Wordpress	2 Molla, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through < 1.5.19.
CVE-2026-32532	2 Themehunk, Wordpress	2 Contact Form & Lead Form Elementor Builder, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through <= 2.0.1.

« first previous Page 110 of 602. next last »