Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9383 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-24367	1 Wordpress	1 Wordpress	2026-01-23	8.8 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8.
CVE-2026-24355	2 Favethemes, Wordpress	2 Houzez, Wordpress	2026-01-23	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through <= 4.2.6.
CVE-2025-69317	2 Scriptsbundle, Wordpress	2 Carspot, Wordpress	2026-01-23	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through < 2.4.6.
CVE-2025-69316	1 Wordpress	1 Wordpress	2026-01-23	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n/a through <= 1.0.4.2.
CVE-2025-69180	1 Wordpress	1 Wordpress	2026-01-23	8.8 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra Portfolio: from n/a through <= 6.7.
CVE-2025-69098	2 Wordpress, Wpwave	2 Wordpress, Hide My Wp	2026-01-23	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWave Hide My WP hide_my_wp allows Reflected XSS.This issue affects Hide My WP: from n/a through <= 6.2.12.
CVE-2025-32660	2 Joomsky, Wordpress	2 Js Job Manager, Wordpress	2026-01-23	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2.
CVE-2023-47762	2 Wordpress, Wpdeveloper	2 Wordpress, Betterdocs	2026-01-23	4.3 Medium
Missing Authorization vulnerability in WPDeveloper BetterDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through 2.5.2.
CVE-2025-69039	1 Wordpress	1 Wordpress	2026-01-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through <= 1.3.4.
CVE-2025-30880	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-01-23	7.5 High
Missing Authorization vulnerability in JoomSky JS Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Help Desk: from n/a through 2.9.2.
CVE-2025-30882	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-01-23	7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk allows Path Traversal. This issue affects JS Help Desk: from n/a through 2.9.1.
CVE-2025-30901	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-01-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk allows PHP Local File Inclusion. This issue affects JS Help Desk: from n/a through 2.9.2.
CVE-2025-31867	2 Joomsky, Wordpress	2 Js Job Manager, Wordpress	2026-01-23	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2.
CVE-2025-31910	2 Reputeinfosystems, Wordpress	2 Bookingpress, Wordpress	2026-01-23	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28.
CVE-2025-32146	2 Joomsky, Wordpress	2 Js Job Manager, Wordpress	2026-01-23	8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. This issue affects JS Job Manager: from n/a through 2.0.2.
CVE-2026-22469	1 Wordpress	1 Wordpress	2026-01-23	5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through <= 1.0.2.
CVE-2026-22468	2 Abosoluteplugins, Wordpress	2 Absolute Addons For Elementor, Wordpress	2026-01-23	4.3 Medium
Missing Authorization vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Absolute Addons For Elementor: from n/a through <= 1.0.14.
CVE-2026-22349	1 Wordpress	1 Wordpress	2026-01-23	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in linux4me2 Menu In Post menu-in-post allows DOM-Based XSS.This issue affects Menu In Post: from n/a through <= 1.4.1.
CVE-2022-46838	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-01-23	9.1 Critical
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.
CVE-2022-46840	2 Joomsky, Wordpress	2 Js Help Desk, Wordpress	2026-01-23	5.4 Medium
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.

Page 1 of 470. next last »