Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11973 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-39609	2 Wava.co, Wordpress	2 Wava Payment, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0.3.7.
CVE-2026-39622	2 Acmethemes, Wordpress	2 Education Base, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through <= 3.0.8.
CVE-2026-39617	2 Priyanshumittal, Wordpress	2 Bluestreet, Wordpress	2026-04-24	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through <= 1.7.3.
CVE-2026-39624	2 Kutethemes, Wordpress	2 Biolife, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3.
CVE-2026-39618	2 Themearile, Wordpress	2 Newsexo, Wordpress	2026-04-24	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through <= 7.1.
CVE-2026-39605	2 Obadiah, Wordpress	2 Super Custom Login, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from n/a through <= 1.1.
CVE-2026-39628	2 Kutethemes, Wordpress	2 Dukamarket, Wordpress	2026-04-24	5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <= 1.3.0.
CVE-2026-39604	2 Wordpress, Zookatron	2 Wordpress, Mybooktable Bookstore	2026-04-24	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through <= 3.6.0.
CVE-2026-39619	2 Priyanshumittal, Wordpress	2 Busiprof, Wordpress	2026-04-24	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through <= 2.5.2.
CVE-2026-39607	2 Wordpress, Wpbens	2 Wordpress, Filter Plus	2026-04-24	5.4 Medium
Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through <= 1.1.17.
CVE-2026-39626	2 Kutethemes, Wordpress	2 Armania, Wordpress	2026-04-24	5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8.
CVE-2026-39620	2 Priyanshumittal, Wordpress	2 Appointment, Wordpress	2026-04-24	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through <= 3.5.5.
CVE-2026-39623	2 Kutethemes, Wordpress	2 Biolife, Wordpress	2026-04-24	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects Biolife: from n/a through <= 3.2.3.
CVE-2026-39612	2 Kutethemes, Wordpress	2 Kuteshop, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.
CVE-2026-39613	2 Kutethemes, Wordpress	2 Boutique, Wordpress	2026-04-24	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue affects Boutique: from n/a through <= 2.3.3.
CVE-2026-39616	2 Dfactory, Wordpress	2 Download Attachments, Wordpress	2026-04-24	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.4.0.
CVE-2026-39611	2 Kutethemes, Wordpress	2 Kuteshop, Wordpress	2026-04-24	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects KuteShop: from n/a through <= 4.2.9.
CVE-2026-39614	2 Ilghera, Wordpress	2 Jw Player For Wordpress, Wordpress	2026-04-24	5.4 Medium
Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through <= 2.3.6.
CVE-2026-39610	2 Pankaj Kumar, Wordpress	2 Wpxmas-snow, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <= 1.1.
CVE-2026-39615	2 Shahjada, Wordpress	2 Download Manager, Wordpress	2026-04-24	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: from n/a through <= 3.3.53.

« first previous Page 42 of 599. next last »