CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Total 6753 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58939	1 Wordpress	1 Wordpress	2025-10-30	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through <= 7.5.
CVE-2025-60075	2 Allegro Marketing, Wordpress	2 Hpb Seo Plugin For Wordpress, Wordpress	2025-10-30	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Allegro Marketing hpb seo plugin for WordPress hpbseo allows Reflected XSS.This issue affects hpb seo plugin for WordPress: from n/a through <= 3.0.1.
CVE-2025-12450	2 Litespeedtech, Wordpress	2 Litespeed Cache, Wordpress	2025-10-30	6.1 Medium
The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2025-12475	2 Creativethemes, Wordpress	2 Blocksy Companion, Wordpress	2025-10-30	6.4 Medium
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksy_newsletter_subscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-64194	2 Thimpress, Wordpress	2 Eduma, Wordpress	2025-10-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Eduma eduma allows Stored XSS.This issue affects Eduma: from n/a through <= 5.7.6.
CVE-2025-64197	2 Sizam Design, Wordpress	2 Rehub, Wordpress	2025-10-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam Rehub rehub-theme allows Stored XSS.This issue affects Rehub: from n/a through < 19.9.9.1.
CVE-2025-64200	3 Villatheme, Woocommerce, Wordpress	3 Woocommerce Email Template Customizer, Woocommerce, Wordpress	2025-10-30	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through <= 1.2.17.
CVE-2025-64204	2 Themesphere, Wordpress	2 Smartmag, Wordpress	2025-10-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeSphere SmartMag smart-mag allows Stored XSS.This issue affects SmartMag: from n/a through <= 10.3.1.
CVE-2025-64212	2 Stylemixthemes, Wordpress	2 Masterstudy Lms, Wordpress	2025-10-30	5.4 Medium
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
CVE-2025-64219	2 Strategy11, Wordpress	2 Business Directory Plugin - Easy Listing Directories, Wordpress	2025-10-30	4.3 Medium
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18.
CVE-2025-64220	1 Wordpress	1 Wordpress	2025-10-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReyCommerce Rey Core rey-core allows Stored XSS.This issue affects Rey Core: from n/a through <= 3.1.8.
CVE-2025-64226	1 Wordpress	1 Wordpress	2025-10-30	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in colabrio Stockie Extra stockie-extra allows Cross Site Request Forgery.This issue affects Stockie Extra: from n/a through <= 1.2.11.
CVE-2025-64228	2 Fantasticplugins, Wordpress	2 Sumo Affiliates Pro, Wordpress	2025-10-30	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Affiliates Pro: from n/a through <= 11.0.0.
CVE-2025-64229	2 Boldgrid, Wordpress	2 Client Invoicing By Sprout Invoices, Wordpress	2025-10-30	4.3 Medium
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7.
CVE-2025-64234	2 Evergreencontentposter, Wordpress	2 Evergreen Content Poster, Wordpress	2025-10-30	4.3 Medium
Missing Authorization vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-content-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Evergreen Content Poster: from n/a through <= 1.4.5.
CVE-2025-64284	2 Majesticsupport, Wordpress	2 Majestic Support, Wordpress	2025-10-30	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a through <= 1.1.1.
CVE-2025-64285	3 Premmerce, Woocommerce, Wordpress	4 Premmerce, Wholesale Pricing For Woocommerce, Woocommerce and 1 more	2025-10-30	5.4 Medium
Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10.
CVE-2025-64286	2 Wordpress, Wpestate	2 Wordpress, Wp Rentals	2025-10-30	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WpEstate WP Rentals wprentals allows Cross Site Request Forgery.This issue affects WP Rentals: from n/a through <= 3.13.1.
CVE-2025-64288	2 Premmerce, Wordpress	2 Premmerce, Wordpress	2025-10-30	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce premmerce allows Cross Site Request Forgery.This issue affects Premmerce: from n/a through <= 1.3.19.
CVE-2025-64289	3 Premmerce, Woocommerce, Wordpress	4 Premmerce, Product Search For Woocommerce, Woocommerce and 1 more	2025-10-30	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4.

« first previous Page 2 of 338. next last »