Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9559 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-66107	2 Scott Paterson, Wordpress	2 Subscriptions & Memberships For Paypal, Wordpress	2026-01-20	5.3 Medium
Missing Authorization vulnerability in Scott Paterson Subscriptions & Memberships for PayPal subscriptions-memberships-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscriptions & Memberships for PayPal: from n/a through <= 1.1.7.
CVE-2025-66106	2 Essentialplugin, Wordpress	2 Featured Post Creative, Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through <= 1.5.5.
CVE-2025-66104	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Missing Authorization vulnerability in Anton Vanyukov Offload, AI & Optimize with Cloudflare Images cf-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Offload, AI & Optimize with Cloudflare Images: from n/a through <= 1.9.5.
CVE-2025-66103	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Revmakx WPCal.Io allows DOM-Based XSS.This issue affects WPCal.Io: from n/a through 0.9.5.9.
CVE-2025-66102	1 Wordpress	1 Wordpress	2026-01-20	7.5 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Antispam fv-antispam allows Reflected XSS.This issue affects FV Antispam: from n/a through <= 2.7.
CVE-2025-66101	1 Wordpress	1 Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through <= 2.0.1.
CVE-2025-66100	2 Magnigenie, Wordpress	2 Restropress, Wordpress	2026-01-20	6.5 Medium
Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.3.5.
CVE-2025-66099	1 Wordpress	1 Wordpress	2026-01-20	5.3 Medium
Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through <= 3.1.3.
CVE-2025-66098	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Camille V Travelers' Map travelers-map allows Stored XSS.This issue affects Travelers' Map: from n/a through <= 2.3.2.
CVE-2025-66097	1 Wordpress	1 Wordpress	2026-01-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Igor Jerosimić I Order Terms i-order-terms allows Cross Site Request Forgery.This issue affects I Order Terms: from n/a through <= 1.5.0.
CVE-2025-66096	1 Wordpress	1 Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in Imtiaz Rayhan Table Block by Tableberg tableberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by Tableberg: from n/a through <= 0.6.9.
CVE-2025-66095	2 Iqonic, Wordpress	2 Kivicare, Wordpress	2026-01-20	4.3 Medium
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.13.
CVE-2025-66094	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yada Wiki yada-wiki allows Stored XSS.This issue affects Yada Wiki: from n/a through 3.5.
CVE-2025-66093	2 Hupe13, Wordpress	2 Extensions For Leaflet Map, Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through <= 4.8.
CVE-2025-66092	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bqworks Accordion Slider accordion-slider allows Stored XSS.This issue affects Accordion Slider: from n/a through <= 1.9.13.
CVE-2025-66091	2 Design, Wordpress	2 Stylish Cost Calculator, Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.1.5.
CVE-2025-66090	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through <= 2.5.
CVE-2025-66089	3 Webtoffee, Woocommerce, Wordpress	3 Product Feed For Woocommerce, Woocommerce, Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.1.
CVE-2025-66088	2 Propertyhive, Wordpress	2 Propertyhive, Wordpress	2026-01-20	7.5 High
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12.
CVE-2025-66087	2 Propertyhive, Wordpress	2 Propertyhive, Wordpress	2026-01-20	5.3 Medium
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12.

« first previous Page 54 of 478. next last »