CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Total 9043 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-68990	1 Wordpress	1 Wordpress	2026-01-05	9.8 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.
CVE-2025-68977	2 Designthemes, Wordpress	2 Portfolio Addon, Wordpress	2026-01-05	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio Addon designthemes-portfolio-addon allows DOM-Based XSS.This issue affects DesignThemes Portfolio Addon: from n/a through <= 1.5.
CVE-2025-69029	1 Wordpress	1 Wordpress	2026-01-05	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through <= 2.5.1.
CVE-2025-69028	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through <= 1.6.25.
CVE-2025-69027	2 Tychesoftwares, Wordpress	2 Product Delivery Date For Woocommerce Lite, Wordpress	2026-01-05	5.4 Medium
Missing Authorization vulnerability in tychesoftwares Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through <= 3.2.0.
CVE-2025-69023	2 Marketingfire, Wordpress	2 Discussion Board, Wordpress	2026-01-05	4.3 Medium
Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through <= 2.5.7.
CVE-2025-69026	1 Wordpress	1 Wordpress	2026-01-05	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through <= 2.1.5.
CVE-2025-69024	1 Wordpress	1 Wordpress	2026-01-05	6.5 Medium
Missing Authorization vulnerability in bizswoop BizPrint print-google-cloud-print-gcp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizPrint: from n/a through <= 4.6.7.
CVE-2025-69031	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in Skywarrior Arcane arcane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arcane: from n/a through <= 3.6.6.
CVE-2025-69025	3 Aethonic, Woocommerce, Wordpress	3 Poptics, Woocommerce, Wordpress	2026-01-05	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins & WooCommerce Sales poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins & WooCommerce Sales: from n/a through <= 1.0.20.
CVE-2025-69030	2 Mikado-themes, Wordpress	2 Backpack Traveler, Wordpress	2026-01-05	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through <= 2.10.3.
CVE-2025-66094	1 Wordpress	1 Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yada Wiki yada-wiki allows Stored XSS.This issue affects Yada Wiki: from n/a through 3.5.
CVE-2025-59129	1 Wordpress	1 Wordpress	2026-01-05	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Appointify allows Blind SQL Injection.This issue affects Appointify: from n/a through 1.0.8.
CVE-2025-62112	2 Merv Barrett, Wordpress	2 Import Into Easy Property Listings, Wordpress	2026-01-05	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Merv Barrett Import into Easy Property Listings allows Cross Site Request Forgery.This issue affects Import into Easy Property Listings: from n/a through 2.2.1.
CVE-2025-64190	2 8theme, Wordpress	2 Xstore Core, Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme.Com XStore Core allows DOM-Based XSS.This issue affects XStore Core: from n/a before 5.6.
CVE-2025-52835	2 Conoha By Gmo, Wordpress	2 Wing Wordpress Migrator, Wordpress	2026-01-05	9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through 1.1.9.
CVE-2025-62746	2 Codeflavors, Wordpress	2 Featured Video For Wordpress & Videographywp, Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeFlavors Featured Video for WordPress & VideographyWP allows Stored XSS.This issue affects Featured Video for WordPress & VideographyWP: from n/a through 1.0.18.
CVE-2025-62128	1 Wordpress	1 Wordpress	2026-01-05	4.3 Medium
Missing Authorization vulnerability in SiteLock SiteLock Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security: from n/a through 5.0.1.
CVE-2025-66103	1 Wordpress	1 Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Revmakx WPCal.Io allows DOM-Based XSS.This issue affects WPCal.Io: from n/a through 0.9.5.9.
CVE-2025-14426	2 Wordpress, Wpchill	2 Wordpress, Strong Testimonials	2026-01-05	4.3 Medium
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above to modify or delete the rating meta on any testimonial post, including those created by other users, by reusing a valid nonce obtained from their own testimonial edit screen.

« first previous Page 31 of 453. next last »