Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11887 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-23427	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Anderson / Team Updraft Redux Converter redux-converter allows Reflected XSS.This issue affects Redux Converter: from n/a through <= 1.1.3.1.
CVE-2025-22827	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in joomag WP Joomag wp-joomag allows DOM-Based XSS.This issue affects WP Joomag: from n/a through <= 2.5.2.
CVE-2025-22822	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bishawjit-das wp custom countdown wp-custom-countdown allows Stored XSS.This issue affects wp custom countdown: from n/a through <= 2.8.
CVE-2025-22820	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in goldsounds VR Views vr-views allows Stored XSS.This issue affects VR Views: from n/a through <= 1.5.1.
CVE-2025-22819	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roberto Bottalico Qr Code and Barcode Scanner Reader qr-code-and-barcode-scanner-reader allows Stored XSS.This issue affects Qr Code and Barcode Scanner Reader: from n/a through <= 1.0.0.
CVE-2025-22817	2 Venutius, Wordpress	2 Bp Profile Shortcodes Extra, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Venutius BP Profile Shortcodes Extra bp-profile-shortcodes-extra allows Stored XSS.This issue affects BP Profile Shortcodes Extra: from n/a through <= 2.6.0.
CVE-2025-22816	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetrendy Power Mag power-mag allows DOM-Based XSS.This issue affects Power Mag: from n/a through <= 1.1.5.
CVE-2025-22801	2 Hasthemes, Wordpress	2 Free Woocommerce Theme 99fy Extension, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Free WooCommerce Theme 99fy Extension 99fy-core allows Stored XSS.This issue affects Free WooCommerce Theme 99fy Extension: from n/a through <= 1.2.8.
CVE-2025-22796	2 Platcom, Wordpress	2 Wp-asambleas, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in platcom WP-Asambleas wp-asambleas allows Reflected XSS.This issue affects WP-Asambleas: from n/a through <= 2.85.0.
CVE-2025-22794	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ianhaycox World Cup Predictor world-cup-predictor allows Reflected XSS.This issue affects World Cup Predictor: from n/a through <= 1.9.9.
CVE-2025-22790	2 Asmedia, Wordpress	2 Moseter, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in asmedia moseter moseter allows Reflected XSS.This issue affects moseter: from n/a through <= 1.3.1.
CVE-2025-22786	2 Elementinvader, Wordpress	2 Elementinvader Addons For Elementor, Wordpress	2026-04-23	7.5 High
Path Traversal: '.../...//' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through <= 1.2.6.
CVE-2025-22785	1 Wordpress	1 Wordpress	2026-04-23	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System course-booking-system allows SQL Injection.This issue affects Course Booking System: from n/a through <= 6.0.6.
CVE-2025-22781	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nativery Nativery nativery allows DOM-Based XSS.This issue affects Nativery: from n/a through <= 0.1.6.
CVE-2025-22780	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrey wp-pano wp-pano allows Stored XSS.This issue affects wp-pano: from n/a through <= 1.17.
CVE-2025-22779	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in codeaffairs WP News Sliders wp-news-sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through <= 1.0.
CVE-2025-22775	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in idiatech Catalog Importer, Scraper & Crawler intelligent-importer allows Reflected XSS.This issue affects Catalog Importer, Scraper & Crawler: from n/a through <= 5.1.3.
CVE-2025-22765	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weiluri WP Order By wp-order-by allows Reflected XSS.This issue affects WP Order By: from n/a through <= 1.4.2.
CVE-2025-22764	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vipul Jariwala WP Post Corrector wp-post-corrector allows Reflected XSS.This issue affects WP Post Corrector: from n/a through <= 1.0.2.
CVE-2025-22761	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer Ajax Contact Form fws-ajax-contact-form allows Stored XSS.This issue affects Ajax Contact Form: from n/a through <= 1.4.1.

« first previous Page 225 of 595. next last »