Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11973 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-27049	2 Nootheme, Wordpress	2 Jobica Core, Wordpress	2026-04-24	9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2.
CVE-2026-32498	2 Metagauss, Wordpress	2 Registrationmagic, Wordpress	2026-04-24	7.5 High
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.
CVE-2026-25461	2 Purethemes, Wordpress	2 Listeo, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through <= 2.0.21.
CVE-2026-32506	2 Edge-themes, Wordpress	2 Archicon, Wordpress	2026-04-24	5.4 Medium
Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through < 1.7.
CVE-2026-32510	2 Edge-themes, Wordpress	2 Kamperen, Wordpress	2026-04-24	5.4 Medium
Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.
CVE-2026-27054	2 Pencidesign, Wordpress	2 Penci Soledad Data Migrator, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Soledad Data Migrator penci-data-migrator allows Reflected XSS.This issue affects Penci Soledad Data Migrator: from n/a through <= 1.3.1.
CVE-2026-32529	2 Don-themes, Wordpress	2 Molla, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through < 1.5.19.
CVE-2026-32562	2 Wordpress, Wp Folio Team	2 Wordpress, Ppwp	2026-04-24	5.4 Medium
Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through <= 1.9.15.
CVE-2026-25465	2 Codepeople, Wordpress	2 Cp Multi View Event Calendar, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.36.
CVE-2026-25460	2 Liquidthemes, Wordpress	2 Ave Core, Wordpress	2026-04-24	6.3 Medium
Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1.
CVE-2026-25462	2 Avalex, Wordpress	2 Avalex, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through <= 3.1.3.
CVE-2026-27087	2 G5theme, Wordpress	2 Wolverine Framework, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Wolverine Framework wolverine-framework allows Reflected XSS.This issue affects Wolverine Framework: from n/a through <= 1.9.
CVE-2026-25383	2 Iqonic, Wordpress	2 Kivicare, Wordpress	2026-04-24	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Reflected XSS.This issue affects KiviCare: from n/a through <= 3.6.16.
CVE-2026-25400	2 Thememount, Wordpress	2 Apicona, Wordpress	2026-04-24	8.8 High
Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through <= 24.1.0.
CVE-2026-32504	2 Creativews, Wordpress	2 Vintwood, Wordpress	2026-04-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through <= 1.1.8.
CVE-2026-32489	2 Bplugins, Wordpress	2 B Blocks, Wordpress	2026-04-24	6.5 Medium
Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.
CVE-2026-32485	2 Wedevs, Wordpress	2 Wp User Frontend, Wordpress	2026-04-24	7.5 High
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.8.
CVE-2026-32513	2 Miguel Useche, Wordpress	2 Js Archive List, Wordpress	2026-04-24	8.8 High
Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7.
CVE-2026-32492	2 Joe Dolson, Wordpress	2 My Tickets, Wordpress	2026-04-24	5.3 Medium
Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1.
CVE-2026-32525	2 Jetmonsters, Wordpress	2 Jetformbuilder, Wordpress	2026-04-24	9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6.1.

« first previous Page 57 of 599. next last »