Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11887 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-1249	2 Pixelite, Wordpress	2 Events Manager, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in Marcus (aka @msykes) Events Manager events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through <= 6.6.4.1.
CVE-2025-15636	2 Emarket-design, Wordpress	2 Youtube Showcase, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emarket-design YouTube Showcase youtube-showcase allows Stored XSS.This issue affects YouTube Showcase: from n/a through <= 3.5.1.
CVE-2025-15635	2 Wordpress, Zaytech	2 Wordpress, Smart Online Order For Clover	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0.
CVE-2025-14314	1 Wordpress	1 Wordpress	2026-04-23	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from n/a through <= 2.1.5.
CVE-2025-13835	2 Tychesoftwares, Wordpress	2 Arconix Shortcodes, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes arconix-shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through <= 2.1.20.
CVE-2024-9146	1 Wordpress	1 Wordpress	2026-04-23	4.9 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in jamesdlow CSS JS Files css-js-files allows Path Traversal.This issue affects CSS JS Files: from n/a through <= 1.5.0.
CVE-2024-56301	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows Reflected XSS.This issue affects Distance Based Shipping Calculator: from n/a through <= 2.0.21.
CVE-2024-56300	1 Wordpress	1 Wordpress	2026-04-23	7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in wpspin Post/Page Copying Tool postpage-import-export-with-custom-fields-taxonomies allows Retrieve Embedded Sensitive Data.This issue affects Post/Page Copying Tool: from n/a through <= 2.0.0.
CVE-2024-56296	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kitae Park Mang Board WP mangboard allows Reflected XSS.This issue affects Mang Board WP: from n/a through <= 1.8.4.
CVE-2024-56294	2 Posimyth, Wordpress	2 Nexter Blocks, Wordpress	2026-04-23	6.4 Medium
Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through <= 4.0.7.
CVE-2024-56293	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Ahmed Advanced Form Integration advanced-form-integration allows Stored XSS.This issue affects Advanced Form Integration: from n/a through <= 1.95.0.
CVE-2024-56291	1 Wordpress	1 Wordpress	2026-04-23	8.1 High
Deserialization of Untrusted Data vulnerability in plainware PlainInventory z-inventory-manager allows Object Injection.This issue affects PlainInventory: from n/a through <= 3.1.6.
CVE-2024-56285	2 Wordpress, Wpbits	2 Wordpress, Wpbits Addons For Elementor Page Builder	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through <= 1.5.1.
CVE-2024-56280	1 Wordpress	1 Wordpress	2026-04-23	8.8 High
Incorrect Privilege Assignment vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Privilege Escalation.This issue affects WPGuppy: from n/a through <= 1.1.0.
CVE-2024-56275	2 Envato, Wordpress	2 Envato Elements, Wordpress	2026-04-23	4.1 Medium
Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements envato-elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through <= 2.0.14.
CVE-2024-56270	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in SecureSubmit WP SecureSubmit securesubmit allows Retrieve Embedded Sensitive Data.This issue affects WP SecureSubmit: from n/a through <= 1.5.20.
CVE-2024-56265	3 Wordpress, Wpweb, Wpwebelite	3 Wordpress, Woocommerce Pdf Vouchers, Woocommerce Pdf Vouchers	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9.
CVE-2024-56264	1 Wordpress	1 Wordpress	2026-04-23	6.6 Medium
Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector acf-city-selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through <= 1.14.0.
CVE-2024-56262	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Coaches gs-coach allows Stored XSS.This issue affects GS Coaches: from n/a through <= 1.1.0.
CVE-2024-56260	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StorePlugin ShopElement shopelement allows Stored XSS.This issue affects ShopElement: from n/a through <= 2.0.0.

« first previous Page 232 of 595. next last »