Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11916 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-39631	2 Ronik@unlimitedwp, Wordpress	2 Wpschoolpress, Wordpress	2026-04-24	4.9 Medium
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35.
CVE-2026-39650	2 Unitech Web, Wordpress	2 Unitechpay, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: from n/a through <= 1.0.2.
CVE-2026-39668	2 G5theme, Wordpress	2 Book Previewer For Woocommerce, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through <= 1.0.6.
CVE-2026-39671	2 Dotstore, Wordpress	2 Extra Fees Plugin For Woocommerce, Wordpress	2026-04-24	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through <= 4.3.3.
CVE-2026-39663	2 Themetechmount, Wordpress	2 Truebooker, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.5.
CVE-2026-39682	2 Arjan Pronk, Wordpress	2 Linkpizza-manager, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: from n/a through <= 5.5.5.
CVE-2026-39681	2 Apustheme, Wordpress	2 Homeo, Wordpress	2026-04-24	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through <= 1.2.59.
CVE-2026-39680	2 Mwp Development, Wordpress	2 Diet Calorie Calculator, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet Calorie Calculator: from n/a through <= 1.1.1.
CVE-2026-39677	2 Creatives Planet, Wordpress	2 Emphires, Wordpress	2026-04-24	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Emphires emphires allows PHP Local File Inclusion.This issue affects Emphires: from n/a through <= 3.9.
CVE-2026-39676	2 Shahjada, Wordpress	2 Download Manager, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.52.
CVE-2026-39673	2 Shrikantkale, Wordpress	2 Izooto, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20.
CVE-2026-39670	2 Brecht, Wordpress	2 Visual Link Preview, Wordpress	2026-04-24	6 Medium
Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0.
CVE-2026-39667	2 Jongmyoung Kim, Wordpress	2 Korea Sns, Wordpress	2026-04-24	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through <= 1.7.0.
CVE-2026-39665	2 Vladimir Prelovac, Wordpress	2 Seo Friendly Images, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friendly Images: from n/a through <= 3.0.5.
CVE-2026-39664	2 Leadrebel, Wordpress	2 Leadrebel, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2.
CVE-2026-39662	2 Prowcplugins, Wordpress	2 Product Price By Formula For Woocommerce, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through <= 2.5.6.
CVE-2026-39660	2 Automattic, Wordpress	2 Wp Job Manager, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.1.
CVE-2026-39656	2 Razorpay, Wordpress	2 Razorpay For Woocommerce, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerce: from n/a through <= 4.8.2.
CVE-2026-39679	2 Apustheme, Wordpress	2 Freeio, Wordpress	2026-04-24	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through <= 1.3.21.
CVE-2026-39678	2 Dotonpaper, Wordpress	2 Pinpoint Booking System, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through <= 2.9.9.6.5.

« first previous Page 86 of 596. next last »