Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11973 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-39706	2 Netro Systems, Wordpress	2 Make My Trivia, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a through <= 1.1.0.
CVE-2026-39698	2 Publisherdesk, Wordpress	2 The Publisher Desk Ads.txt, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Publisher Desk ads.txt: from n/a through <= 1.5.0.
CVE-2026-39689	2 Eshipper, Wordpress	2 Eshipper Commerce, Wordpress	2026-04-24	N/A
Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n/a through <= 2.16.12.
CVE-2026-39691	2 Adastracrypto, Wordpress	2 Cryptocurrency Donation Box – Bitcoin & Crypto Donations, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Donation Box – Bitcoin & Crypto Donations: from n/a through <= 2.2.13.
CVE-2026-39696	2 Elfsight, Wordpress	2 Elfsight Whatsapp Chat Cc, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects Elfsight WhatsApp Chat CC: from n/a through <= 1.2.0.
CVE-2026-39685	2 Lvaudore, Wordpress	2 The Moneytizer, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Moneytizer: from n/a through <= 10.0.10.
CVE-2026-39707	2 Wordpress, Zealousweb	2 Wordpress, Accept Paypal Payments Using Contact Form 7	2026-04-24	5.3 Medium
Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept PayPal Payments using Contact Form 7: from n/a through <= 4.0.4.
CVE-2026-39686	2 Bannersky, Wordpress	2 Bsk Pdf Manager, Wordpress	2026-04-24	N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2.
CVE-2026-39704	2 Nfusionsolutions, Wordpress	2 Precious Metals Automated Product Pricing – Pro, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing – Pro: from n/a through <= 4.0.5.
CVE-2026-39690	2 Bearne, Wordpress	2 Author Avatars List/block, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through <= 2.1.25.
CVE-2026-39692	2 Tagdiv, Wordpress	2 Tagdiv Composer, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.3.
CVE-2026-39693	2 Fesomia, Wordpress	2 Fsm Custom Featured Image Caption, Wordpress	2026-04-24	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.This issue affects FSM Custom Featured Image Caption: from n/a through <= 1.25.1.
CVE-2026-39694	2 Nsquared, Wordpress	2 Simply Schedule Appointments, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.10.2.
CVE-2026-39701	2 Andrew, Wordpress	2 Shopwp, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4.
CVE-2026-39683	2 Chief Gnome, Wordpress	2 Garden Gnome Package, Wordpress	2026-04-24	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Garden Gnome Package: from n/a through <= 2.4.1.
CVE-2026-39699	2 Massiveshift, Wordpress	2 Ai Workflow Automation, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Workflow Automation: from n/a through <= 1.4.2.
CVE-2026-39697	2 Hbss Technologies, Wordpress	2 Maio – The New Ai Geo / Seo Tool, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAIO – The new AI GEO / SEO tool: from n/a through <= 6.2.8.
CVE-2026-2481	2 Beaverbuilder, Wordpress	2 Beaver Builder Page Builder – Drag And Drop Website Builder, Wordpress	2026-04-24	6.4 Medium
The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings[js]' parameter in versions up to, and including, 2.10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2026-39716	2 Ckthemes, Wordpress	2 Flipmart, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8.
CVE-2026-39713	2 Mailercloud, Wordpress	2 Mailercloud – Integrate Webforms And Synchronize Website Contacts, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud – Integrate webforms and synchronize website contacts: from n/a through <= 1.0.7.

« first previous Page 46 of 599. next last »