Wordpress - Wordpress CVE

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Total 8397 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-13071	1 Wordpress	1 Wordpress	2025-12-11	7.1 High
The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2025-13070	1 Wordpress	1 Wordpress	2025-12-11	6.6 Medium
The CSV to SortTable WordPress plugin through 4.2 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as contributor to perform LFI attacks.
CVE-2025-62102	2 Apasionados, Wordpress	2 Dofollow Case By Case, Wordpress	2025-12-11	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through <= 3.5.1.
CVE-2025-62100	1 Wordpress	1 Wordpress	2025-12-11	5.3 Medium
Missing Authorization vulnerability in themerain ThemeRain Core themerain-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeRain Core: from n/a through <= 1.1.9.
CVE-2025-62090	2 Jegstudio, Wordpress	3 Gutenverse, Gutenverse News, Wordpress	2025-12-11	6.5 Medium
Missing Authorization vulnerability in Jegstudio Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons gutenverse-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons: from n/a through <= 3.0.2.
CVE-2025-62086	1 Wordpress	1 Wordpress	2025-12-11	5.4 Medium
Missing Authorization vulnerability in akazanstev Яндекс Доставка (Boxberry) boxberry allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Яндекс Доставка (Boxberry): from n/a through <= 2.32.
CVE-2025-62085	2 Bertha, Wordpress	2 Bertha Ai, Wordpress	2025-12-11	5.3 Medium
Missing Authorization vulnerability in berthaai BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13.
CVE-2025-67549	2 Bobbingwide, Wordpress	2 Oik, Wordpress	2025-12-11	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through <= 4.15.3.
CVE-2025-63028	1 Wordpress	1 Wordpress	2025-12-11	5.3 Medium
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.
CVE-2025-63015	3 Paysera, Woocommerce, Wordpress	3 Woocommerce Payment Gateway, Woocommerce, Wordpress	2025-12-11	4.3 Medium
Missing Authorization vulnerability in paysera WooCommerce Payment Gateway – Paysera woo-payment-gateway-paysera allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Payment Gateway – Paysera: from n/a through <= 3.9.0.
CVE-2025-63007	2 Metagauss, Wordpress	2 Eventprime, Wordpress	2025-12-11	4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.4.1.
CVE-2025-62103	2 Wordpress, Wpmediadownload	2 Wordpress, Media Library File Download	2025-12-11	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in wpmediadownload Media Library File Download media-download allows Cross Site Request Forgery.This issue affects Media Library File Download: from n/a through <= 1.4.
CVE-2025-67571	2 Getwpfunnels, Wordpress	2 Wpfunnels, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in WPFunnels WPFunnels wpfunnels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPFunnels: from n/a through <= 3.6.2.
CVE-2025-67570	2 Westerndeal, Wordpress	2 Wpforms Google Sheet Connector, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in GSheetConnector by WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.0.
CVE-2025-67569	2 Scriptsbundle, Wordpress	2 Adforest, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdForest: from n/a through <= 6.0.11.
CVE-2025-67568	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through <= 5.9.1.
CVE-2025-67557	2 Rhys Wynne, Wordpress	2 Wp Ebay Product Feeds, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rhys Wynne WP eBay Product Feeds ebay-feeds-for-wordpress allows Stored XSS.This issue affects WP eBay Product Feeds: from n/a through <= 3.4.9.
CVE-2025-67556	1 Wordpress	1 Wordpress	2025-12-10	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHigh Advanced FAQ Manager advanced-faq-manager allows Stored XSS.This issue affects Advanced FAQ Manager: from n/a through <= 1.5.2.
CVE-2025-67555	1 Wordpress	1 Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in useStrict UseStrict's Calendly Embedder cal-embedder-lite allows Stored XSS.This issue affects UseStrict's Calendly Embedder: from n/a through <= 1.1.7.2.
CVE-2025-67554	2 Hu-manity, Wordpress	2 Cookie Notice & Compliance For Gdpr / Ccpa, Wordpress	2025-12-10	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Humanityco Cookie Notice & Compliance for GDPR / CCPA cookie-notice allows Stored XSS.This issue affects Cookie Notice & Compliance for GDPR / CCPA: from n/a through <= 2.5.8.

« first previous Page 41 of 420. next last »