Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11973 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-51831	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aboutorab Pourhaghani Persian Nested Show/Hide Text persian-nested-showhide-text allows Stored XSS.This issue affects Persian Nested Show/Hide Text: from n/a through <= 1.5.
CVE-2024-51830	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fazilatunnesa News Ticker newsticker allows Stored XSS.This issue affects News Ticker: from n/a through <= 1.0.
CVE-2024-51829	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in figoliquinn Mobile Kiosk mobile-kiosk allows Stored XSS.This issue affects Mobile Kiosk: from n/a through <= 1.3.0.
CVE-2024-51827	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Movement Ventures Boombox Shortcode boombox-shortcode allows DOM-Based XSS.This issue affects Boombox Shortcode: from n/a through <= 1.0.0.
CVE-2024-51825	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crissoca Alert Me! alert-me allows DOM-Based XSS.This issue affects Alert Me!: from n/a through <= 0.4.0.
CVE-2024-51824	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Karam Singh Advanced Video Player with Analytics advanced-video-player-with-analytics allows DOM-Based XSS.This issue affects Advanced Video Player with Analytics: from n/a through <= 1.
CVE-2024-51823	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SherkSpear Add Ribbon Shortcode add-ribbon allows DOM-Based XSS.This issue affects Add Ribbon Shortcode: from n/a through <= 1.0.1.
CVE-2024-51821	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordpresteem WE – Client Logo Carousel we-client-logo-carousel allows Stored XSS.This issue affects WE – Client Logo Carousel: from n/a through <= 1.4.
CVE-2024-51819	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tigrisflexplatform Tigris Flexplatform tigris-flexplatform allows Stored XSS.This issue affects Tigris Flexplatform: from n/a through <= 1.0.2.
CVE-2024-51818	1 Wordpress	1 Wordpress	2026-04-23	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in radykal Fancy Product Designer fancy-product-designer.This issue affects Fancy Product Designer: from n/a through <= 6.4.3.
CVE-2024-51817	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in CodeZel Combo WP Rewrite Slugs combo-wp-rewrite-slugs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Combo WP Rewrite Slugs: from n/a through <= 1.0.
CVE-2024-51816	2 Saul Morales Pacheco, Wordpress	2 Banner System, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saul Morales Pacheco Banner System banner-system allows Stored XSS.This issue affects Banner System: from n/a through <= 1.0.0.
CVE-2024-51811	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hussam Hussien Popup Image popup-image allows Stored XSS.This issue affects Popup Image: from n/a through <= 1.0.1.
CVE-2024-51810	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in George Lewe Lewe Bootstrap Visuals shortcode-bootstrap-visuals allows Stored XSS.This issue affects Lewe Bootstrap Visuals: from n/a through <= 3.0.1.
CVE-2024-51809	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in intelligentDesign Keymaster Chord Notation Free keymaster-chord-notation-free allows Stored XSS.This issue affects Keymaster Chord Notation Free: from n/a through <= 1.0.2.
CVE-2024-51808	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pat O’Brien codeSnips codesnips allows Stored XSS.This issue affects codeSnips: from n/a through <= 1.2.
CVE-2024-51806	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shingo Awesome Fitness Testimonials awesome-fitness-testimonials allows Stored XSS.This issue affects Awesome Fitness Testimonials: from n/a through <= 1.0.1.
CVE-2024-51805	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonisink yPHPlista yphplista allows Stored XSS.This issue affects yPHPlista: from n/a through <= 1.1.1.
CVE-2024-51804	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobmatnyc Moka Get Posts Shortcode moka-get-posts allows DOM-Based XSS.This issue affects Moka Get Posts Shortcode: from n/a through <= 1.0.
CVE-2024-51803	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnetic Creative Inline Click To Tweet inline-click-to-tweet allows DOM-Based XSS.This issue affects Inline Click To Tweet: from n/a through <= 1.0.0.

« first previous Page 253 of 599. next last »