Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11922 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-49340	1 Wordpress	1 Wordpress	2026-04-15	N/A
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP direct-payments-wp allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through <= 1.3.2.
CVE-2025-67619	2 Designthemes, Wordpress	2 Kids Heaven, Wordpress	2026-04-15	8.8 High
Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through <= 3.2.
CVE-2025-67620	1 Wordpress	1 Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CleverSoft Anon anon2x allows Reflected XSS.This issue affects Anon: from n/a through <= 2.2.10.
CVE-2025-49352	3 Woocommerce, Wordpress, Yoohw Studio	3 Woocommerce, Wordpress, Order Cancellation & Returns For Woocommerce	2026-04-15	N/A
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through <= 1.1.11.
CVE-2025-49356	3 Mykola Lukin, Woocommerce, Wordpress	3 Orders Chat For Woocommerce, Woocommerce, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through <= 1.2.0.
CVE-2025-67631	2 Ecommerce Platforms, Wordpress	2 Gift Hunt, Wordpress	2026-04-15	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ecommerce Platforms Gift Hunt gift-hunt allows Stored XSS.This issue affects Gift Hunt: from n/a through <= 2.0.2.
CVE-2025-49357	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in audiomack Audiomack audiomack allows Stored XSS.This issue affects Audiomack: from n/a through <= 1.4.8.
CVE-2025-49361	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Mamita mamita allows PHP Local File Inclusion.This issue affects Mamita: from n/a through <= 1.0.9.
CVE-2025-57903	3 Woocommerce, Wordpress, Wpsuperiors	3 Woocommerce, Wordpress, Woocommerce Additional Fees On Checkout	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSuperiors Developer WooCommerce Additional Fees On Checkout (Free) woo-additional-fees-on-checkout-wordpress allows Stored XSS.This issue affects WooCommerce Additional Fees On Checkout (Free): from n/a through <= 1.5.2.
CVE-2025-49368	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Palladio palladio allows PHP Local File Inclusion.This issue affects Palladio: from n/a through <= 1.1.10.
CVE-2025-57904	3 Woocommerce, Wordpress, Wp-experts	3 Woocommerce, Wordpress, Sales Count Manager	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-EXPERTS.IN Sales Count Manager for WooCommerce wc-sales-count-manager allows Stored XSS.This issue affects Sales Count Manager for WooCommerce: from n/a through <= 2.6.
CVE-2025-57909	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Rouergue Création Editor Custom Color Palette editor-custom-color-palette allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editor Custom Color Palette: from n/a through <= 3.5.6.
CVE-2025-43832	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andreyk Remote Images Grabber remote-images-grabber allows Reflected XSS.This issue affects Remote Images Grabber: from n/a through <= 0.6.
CVE-2025-49376	2 Delucks, Wordpress	2 Delucks Seo, Wordpress	2026-04-15	7.5 High
Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through <= 2.5.9.
CVE-2025-43840	1 Wordpress	1 Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in ref CheckBot checkbot allows Stored XSS.This issue affects CheckBot: from n/a through <= 1.05.
CVE-2025-49381	1 Wordpress	1 Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.txt Guru Connect adstxt-guru-connect allows Cross Site Request Forgery.This issue affects ads.txt Guru Connect: from n/a through <= 1.1.1.
CVE-2025-49397	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Colorbox Lightbox wp-colorbox allows Stored XSS.This issue affects Colorbox Lightbox: from n/a through <= 1.1.5.
CVE-2025-49398	2 Easy-appointments, Wordpress	2 Easy Appointments, Wordpress	2026-04-15	6.1 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appointments: from n/a through <= 3.12.14.
CVE-2025-49399	1 Wordpress	1 Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through <= 9.1.3.
CVE-2025-57910	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AnyClip Video Platform AnyClip Luminous Studio anyclip-media allows Stored XSS.This issue affects AnyClip Luminous Studio: from n/a through <= 1.3.3.

« first previous Page 164 of 597. next last »