Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11930 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-24369	2 Theme-one, Wordpress	2 The Grid, Wordpress	2026-04-24	7.1 High
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
CVE-2026-22511	2 Elated-themes, Wordpress	2 Neobeat, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes NeoBeat neobeat allows PHP Local File Inclusion.This issue affects NeoBeat: from n/a through <= 1.2.
CVE-2026-25357	2 Azzaroco, Wordpress	2 Ultimate Membership Pro, Wordpress	2026-04-24	8.1 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through <= 13.7.
CVE-2026-25371	2 King-theme, Wordpress	2 Lumise Product Designer, Wordpress	2026-04-24	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through < 2.0.9.
CVE-2026-24362	2 Bdthemes, Wordpress	2 Ultimate Post Kit, Wordpress	2026-04-24	6.4 Medium
Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through <= 4.0.21.
CVE-2026-22484	2 Pebas, Wordpress	2 Lisfinity Core, Wordpress	2026-04-24	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through <= 1.5.0.
CVE-2026-22448	2 Flexcubed, Wordpress	2 Pitchprint, Wordpress	2026-04-24	7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in flexcubed PitchPrint pitchprint allows Path Traversal.This issue affects PitchPrint: from n/a through <= 11.1.2.
CVE-2026-22491	2 Wordpress, Wphocus	2 Wordpress, My Auctions Allegro	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.35.
CVE-2026-23977	2 Wordpress, Wpfactory	2 Wordpress, Helpdesk Support Ticket System For Woocommerce	2026-04-24	7.5 High
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.2.
CVE-2026-23807	2 Wordpress, Wpsocio	2 Wordpress, Wp Telegram Widget And Join Link	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.13.
CVE-2026-22496	2 Ancorathemes, Wordpress	2 Hypnotherapy, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This issue affects Hypnotherapy: from n/a through <= 1.2.10.
CVE-2026-22498	2 Elated-themes, Wordpress	2 Laurent, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.
CVE-2026-24976	2 Nootheme, Wordpress	2 Organici Library, Wordpress	2026-04-24	8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue affects Organici Library: from n/a through <= 2.1.2.
CVE-2026-22500	2 Axiomthemes, Wordpress	2 M2 \| Construction And Tools Store, Wordpress	2026-04-24	9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes m2 \| Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 \| Construction and Tools Store: from n/a through <= 1.1.2.
CVE-2026-23806	2 Blueglass Interactive Ag, Wordpress	2 Jobs For Wordpress, Wordpress	2026-04-24	7.5 High
Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through <= 2.8.
CVE-2026-22502	2 Ancorathemes, Wordpress	2 Mr. Cobbler, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mr. Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr. Cobbler: from n/a through <= 1.1.9.
CVE-2026-22504	2 Themerex, Wordpress	2 Prolingua, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through <= 1.1.12.
CVE-2026-22512	2 Elated-themes, Wordpress	2 Roisin, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Roisin roisin allows PHP Local File Inclusion.This issue affects Roisin: from n/a through <= 1.2.1.
CVE-2026-22513	2 Ancorathemes, Wordpress	2 Triompher, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Triompher triompher allows PHP Local File Inclusion.This issue affects Triompher: from n/a through <= 1.1.0.
CVE-2026-24370	2 Theme-one, Wordpress	2 The Grid, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through < 2.8.0.

« first previous Page 112 of 597. next last »