Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 10743 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-68025	2 Addonify, Wordpress	2 Addonify Floating Cart For Woocommerce, Wordpress	2026-02-25	6.5 Medium
Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify Floating Cart For WooCommerce: from n/a through <= 1.2.17.
CVE-2025-68023	2 Addonify, Wordpress	2 Addonify – Compare Products For Woocommerce, Wordpress	2026-02-25	6.5 Medium
Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through <= 1.1.17.
CVE-2025-68021	2 Conveythis, Wordpress	2 Conveythis, Wordpress	2026-02-25	6.5 Medium
Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 269.5.
CVE-2025-68002	2 100plugins, Wordpress	2 Open User Map, Wordpress	2026-02-25	6.5 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 100plugins Open User Map open-user-map allows Path Traversal.This issue affects Open User Map: from n/a through <= 1.4.16.
CVE-2025-67994	2 Wordpress, Yaycommerce	2 Wordpress, Yaycurrency	2026-02-25	7.5 High
Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= 3.3.
CVE-2025-67975	2 Adirectory, Wordpress	2 Adirectory, Wordpress	2026-02-25	6.5 Medium
Missing Authorization vulnerability in aDirectory aDirectory adirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects aDirectory: from n/a through <= 3.0.3.
CVE-2025-52744	2 Inpersttion, Wordpress	2 Inpersttion For Theme, Wordpress	2026-02-25	7.6 High
Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through <= 1.0.
CVE-2025-68048	2 Wordpress, Xlplugins	2 Wordpress, Nextmove	2026-02-25	7.5 High
Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.
CVE-2025-68042	2 Travelpayouts, Wordpress	2 Travelpayouts, Wordpress	2026-02-25	6.5 Medium
Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a through <= 1.2.1.
CVE-2025-68032	2 Passionate Brains, Wordpress	2 Advanced Wc Analytics, Wordpress	2026-02-25	6.5 Medium
Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced WC Analytics: from n/a through <= 3.19.0.
CVE-2025-68028	2 Passionate Brains, Wordpress	2 Ga4wp: Google Analytics For Wordpress, Wordpress	2026-02-25	6.5 Medium
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0.
CVE-2025-68549	2 Wordpress, Zozothemes	2 Wordpress, Wiguard	2026-02-25	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through < 2.0.1.
CVE-2025-68514	2 Cozmoslabs, Wordpress	2 Paid Member Subscriptions, Wordpress	2026-02-25	6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.16.8.
CVE-2025-68051	2 Shiprocket, Wordpress	2 Shiprocket, Wordpress	2026-02-25	7.4 High
Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket: from n/a through <= 2.0.8.
CVE-2026-2385	2 Posimyththemes, Wordpress	2 The Plus Addons For Elementor – Addons For Elementor, Page Templates, Widgets, Mega Menu, Woocommerce, Wordpress	2026-02-25	5.3 Medium
The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.4.7. This is due to the plugin decrypting and trusting attacker-controlled email_data in an unauthenticated AJAX handler without cryptographic authenticity guarantees. This makes it possible for unauthenticated attackers to tamper with form email routing and redirection values to trigger unauthorized email relay and attacker-controlled redirection via the 'email_data' parameter.
CVE-2025-69401	2 Mdalabar, Wordpress	2 Wooodt Lite, Wordpress	2026-02-25	7.5 High
Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through <= 2.5.2.
CVE-2025-68855	2 Themeglow, Wordpress	2 Jobboard Job Listing, Wordpress	2026-02-25	5.9 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing job-board-light allows Retrieve Embedded Sensitive Data.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.
CVE-2025-68837	2 Elextensions, Wordpress	2 Elex Wordpress Helpdesk & Customer Ticketing System, Wordpress	2026-02-25	6.5 Medium
Missing Authorization vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System elex-helpdesk-customer-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a through <= 3.3.5.
CVE-2025-68564	2 Sendy, Wordpress	2 Sendy, Wordpress	2026-02-25	6.5 Medium
Missing Authorization vulnerability in sendy Sendy sendy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendy: from n/a through <= 3.4.2.
CVE-2024-50452	2 Posimyth, Wordpress	2 Nexter Blocks, Wordpress	2026-02-25	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Nexter Blocks: from n/a through <= 3.3.3.

« first previous Page 21 of 538. next last »