Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 12022 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22498	2 Elated-themes, Wordpress	2 Laurent, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.
CVE-2026-22500	2 Axiomthemes, Wordpress	2 M2 \| Construction And Tools Store, Wordpress	2026-04-24	9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes m2 \| Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 \| Construction and Tools Store: from n/a through <= 1.1.2.
CVE-2026-23806	2 Blueglass Interactive Ag, Wordpress	2 Jobs For Wordpress, Wordpress	2026-04-24	7.5 High
Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for WordPress: from n/a through <= 2.8.
CVE-2026-23807	2 Wordpress, Wpsocio	2 Wordpress, Wp Telegram Widget And Join Link	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.13.
CVE-2026-23977	2 Wordpress, Wpfactory	2 Wordpress, Helpdesk Support Ticket System For Woocommerce	2026-04-24	7.5 High
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.2.
CVE-2026-24362	2 Bdthemes, Wordpress	2 Ultimate Post Kit, Wordpress	2026-04-24	6.4 Medium
Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through <= 4.0.21.
CVE-2026-24370	2 Theme-one, Wordpress	2 The Grid, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through < 2.8.0.
CVE-2026-24391	2 Thememakers, Wordpress	2 Car Dealer, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a through <= 1.6.7.
CVE-2026-22510	2 Ancorathemes, Wordpress	2 Melody, Wordpress	2026-04-24	8.1 High
Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through <= 1.6.3.
CVE-2026-24964	2 Wasiliy Strecker / Contestgallery Developer, Wordpress	2 Contest Gallery, Wordpress	2026-04-24	6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Request Forgery.This issue affects Contest Gallery: from n/a through <= 28.1.2.1.
CVE-2026-24971	2 Elated-themes, Wordpress	2 Search And Go Theme, Wordpress	2026-04-24	9.8 Critical
Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8.
CVE-2026-24972	2 Elated-themes, Wordpress	2 Elated Listing, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through <= 1.4.
CVE-2026-24974	2 Nootheme, Wordpress	2 Citilights, Wordpress	2026-04-24	8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through <= 3.7.1.
CVE-2026-24976	2 Nootheme, Wordpress	2 Organici Library, Wordpress	2026-04-24	8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue affects Organici Library: from n/a through <= 2.1.2.
CVE-2026-24977	2 Nootheme, Wordpress	2 Organici Library, Wordpress	2026-04-24	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through <= 2.1.2.
CVE-2026-24979	2 Nootheme, Wordpress	2 Jobica Core, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Jobica Core jobica-core allows Reflected XSS.This issue affects Jobica Core: from n/a through <= 1.4.1.
CVE-2026-24980	2 Nootheme, Wordpress	2 Visionary Core, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Visionary Core noo-visionary-core allows Reflected XSS.This issue affects Visionary Core: from n/a through <= 1.4.9.
CVE-2026-24981	2 Nootheme, Wordpress	2 Visionary Core, Wordpress	2026-04-24	8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through <= 1.4.9.
CVE-2026-24989	2 Fantasticplugins, Wordpress	2 Sumo Affiliates Pro, Wordpress	2026-04-24	9.8 Critical
Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This issue affects SUMO Affiliates Pro: from n/a through < 11.4.0.
CVE-2026-24993	2 Wordpress, Wpfactory	2 Wordpress, Advanced Woocommerce Product Sales Reporting	2026-04-24	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.3.

« first previous Page 113 of 602. next last »