Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11882 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-39521	2 Nelio Software, Wordpress	2 Nelio Content, Wordpress	2026-04-24	4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1.
CVE-2026-39464	2 Seedprod, Wordpress	2 Coming Soon Page, Under Construction & Maintenance Mode, Wordpress	2026-04-24	5.5 Medium
Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
CVE-2026-34890	2 Mark O’donnell, Wordpress	2 Mstw League Manager, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10.
CVE-2026-34897	2 Davidlingren, Wordpress	2 Media Library Assistant, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant allows Stored XSS.This issue affects Media LIbrary Assistant: from n/a through 3.34.
CVE-2026-39482	2 Publishpress, Wordpress	2 Post Expirator, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator: from n/a through <= 4.9.4.
CVE-2026-39483	2 Hidekazu Ishikawa, Wordpress	2 Vk All In One Expansion Unit, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through <= 9.113.3.
CVE-2026-39487	2 Ameliabooking, Wordpress	2 Amelia, Wordpress	2026-04-24	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through <= 2.1.1.
CVE-2026-39495	2 Nsquared, Wordpress	2 Simply Schedule Appointments, Wordpress	2026-04-24	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.27.
CVE-2026-39469	2 Softaculous, Wordpress	2 Pagelayer, Wordpress	2026-04-24	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n/a through <= 2.0.8.
CVE-2026-39516	2 Posimyth, Wordpress	2 Nexter Blocks, Wordpress	2026-04-24	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.7.0.
CVE-2026-39488	2 Surecart, Wordpress	2 Surecart, Wordpress	2026-04-24	6.3 Medium
Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2.
CVE-2026-39501	2 Realmag777, Wordpress	2 Fox, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FOX: from n/a through <= 1.4.5.
CVE-2026-39563	2 Illid, Wordpress	2 Share This Image, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.12.
CVE-2026-39569	2 Aa Web Servant, Wordpress	2 12 Step Meeting List, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9.
CVE-2026-39571	2 Themefic, Wordpress	2 Instantio, Wordpress	2026-04-24	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a through <= 3.3.30.
CVE-2026-39538	2 Mikado-themes, Wordpress	2 Mikado Core, Wordpress	2026-04-24	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This issue affects Mikado Core: from n/a through <= 1.6.
CVE-2026-39564	2 Sunshinephotocart, Wordpress	2 Sunshine Photo Cart, Wordpress	2026-04-24	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through < 3.6.2.
CVE-2026-39542	2 Doofinder, Wordpress	2 Doofinder For Woocommerce, Wordpress	2026-04-24	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through <= 2.10.13.
CVE-2026-39575	2 Ronald Huereca, Wordpress	2 Custom Query Blocks, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through <= 5.5.0.
CVE-2026-39528	2 Wordpress, Wpdelicious	2 Wordpress, Wp Delicious	2026-04-24	5.3 Medium
Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= 1.9.5.

« first previous Page 37 of 595. next last »