CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Total 9669 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-63069	1 Wordpress	1 Wordpress	2026-02-02	5.3 Medium
Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through <= 5.5.12.
CVE-2025-63059	2 Arscode, Wordpress	2 Ninja Popups, Wordpress	2026-02-02	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arscode Ninja Popups arscode-ninja-popups allows Stored XSS.This issue affects Ninja Popups: from n/a through <= 4.7.8.
CVE-2025-63066	1 Wordpress	1 Wordpress	2026-02-02	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through <= 3.6.2.
CVE-2025-63064	1 Wordpress	1 Wordpress	2026-02-02	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through <= 4.9.12.
CVE-2025-63061	2 Hogash, Wordpress	2 Kallyas, Wordpress	2026-02-02	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hogash Kallyas kallyas allows DOM-Based XSS.This issue affects Kallyas: from n/a through <= 4.22.0.
CVE-2025-63055	3 Elementor, Liton Arefin, Wordpress	3 Elementor, Master Addons For Elementor, Wordpress	2026-02-02	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.0.9.9.
CVE-2025-63052	2 Gallerycreator, Wordpress	2 Simply Gallery, Wordpress	2026-02-02	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through <= 3.2.8.
CVE-2025-63050	1 Wordpress	1 Wordpress	2026-02-02	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam REHub Framework rehub-framework allows Stored XSS.This issue affects REHub Framework: from n/a through <= 19.9.8.
CVE-2025-63042	2 Themeum, Wordpress	2 Tutor Lms Elementor Addons, Wordpress	2026-02-02	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through <= 3.0.1.
CVE-2025-63037	1 Wordpress	1 Wordpress	2026-02-02	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows DOM-Based XSS.This issue affects Ronneby Theme Core: from n/a through <= 1.5.68.
CVE-2025-53427	1 Wordpress	1 Wordpress	2026-02-02	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chibueze Okechukwu SEO Pyramid seo-pyramid allows Reflected XSS.This issue affects SEO Pyramid: from n/a through <= 1.9.8.
CVE-2025-52735	2 Wordpress, Xlplugins	2 Wordpress, Nextmove	2026-02-02	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through <= 2.21.0.
CVE-2025-52734	1 Wordpress	1 Wordpress	2026-02-02	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ERA404 CropRefine croprefine allows Reflected XSS.This issue affects CropRefine: from n/a through <= 1.2.1.
CVE-2026-22461	2 Webappick, Wordpress	2 Ctx Feed, Wordpress	2026-01-31	5.3 Medium
Missing Authorization vulnerability in WebAppick CTX Feed webappick-product-feed-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CTX Feed: from n/a through <= 6.6.18.
CVE-2025-13001	2 Kieranoshea, Wordpress	2 Donations, Wordpress	2026-01-30	4.1 Medium
The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks
CVE-2025-13000	2 Jimbob1953, Wordpress	2 Db-access, Wordpress	2026-01-30	7.7 High
The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks
CVE-2025-8889	2 Eliehanna, Wordpress	3 Compress And Upload Plugin, Compress And Upload Plugin, Wordpress	2026-01-30	3.8 Low
The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
CVE-2025-63045	2 Averta, Wordpress	2 Master Slider Pro, Wordpress	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider Pro masterslider allows DOM-Based XSS.This issue affects Master Slider Pro: from n/a through <= 3.7.12.
CVE-2022-47425	2 Reputeinfosystems, Wordpress	2 Armember, Wordpress	2026-01-30	4.3 Medium
Missing Authorization vulnerability in Repute Infosystems ARMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember: from n/a through 3.4.10.
CVE-2025-68076	2 Select-themes, Wordpress	2 Stockholm Core, Wordpress	2026-01-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Stockholm Core stockholm-core allows Stored XSS.This issue affects Stockholm Core: from n/a through <= 2.4.6.

« first previous Page 2 of 484. next last »