Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11973 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58656	3 Risto Niinemets, Woocommerce, Wordpress	3 Estonian Shipping Methods, Woocommerce, Wordpress	2026-04-15	N/A
Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce estonian-shipping-methods-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Estonian Shipping Methods for WooCommerce: from n/a through <= 1.7.2.
CVE-2025-23519	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jas Saran G Web Pro Store Locator gwebpro-store-locator allows Reflected XSS.This issue affects G Web Pro Store Locator: from n/a through <= 2.0.1.
CVE-2025-23545	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Navnish Bhardwaj WP Social Broadcast wp-social-broadcast allows Reflected XSS.This issue affects WP Social Broadcast: from n/a through <= 1.0.0.
CVE-2025-23569	1 Wordpress	1 Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Kelvin Ng Shortcode in Comment shortcode-in-comment allows Stored XSS.This issue affects Shortcode in Comment: from n/a through <= 1.1.1.
CVE-2025-23573	1 Wordpress	1 Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in sammyb WP Background Tile wp-background-tile allows Stored XSS.This issue affects WP Background Tile: from n/a through <= 1.0.
CVE-2025-23582	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haider Ali Bulk Categories Assign bulk-categories-assign allows Reflected XSS.This issue affects Bulk Categories Assign: from n/a through <= 1.0.
CVE-2025-23583	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Membership explara-membership allows Reflected XSS.This issue affects Explara Membership: from n/a through <= 0.0.7.
CVE-2025-23584	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arsh91 Pin Locations on Map pin-locations-on-map allows Reflected XSS.This issue affects Pin Locations on Map: from n/a through <= 1.0.
CVE-2025-23601	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in patrice Tab My Content tab-my-content allows Reflected XSS.This issue affects Tab My Content: from n/a through <= 1.0.0.
CVE-2025-23604	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maeve Lander Rezdy Reloaded reloaded-rezdy allows Stored XSS.This issue affects Rezdy Reloaded: from n/a through <= 1.0.1.
CVE-2025-23605	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lampd Call To Action Popup call-to-action-popup allows Reflected XSS.This issue affects Call To Action Popup: from n/a through <= 1.0.2.
CVE-2025-58665	2 Tmontg1, Wordpress	2 Form Generator, Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmontg1 Form Generator for WordPress form-generator-powered-by-jotform allows Stored XSS.This issue affects Form Generator for WordPress: from n/a through <= 1.52.
CVE-2025-23638	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Umesh Ghimire Frontend Post Submission frontend-post-submission allows Reflected XSS.This issue affects Frontend Post Submission: from n/a through <= 1.0.
CVE-2025-23661	1 Wordpress	1 Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in ryscript NV Slider nv-slider allows Stored XSS.This issue affects NV Slider: from n/a through <= 1.6.
CVE-2025-58666	1 Wordpress	1 Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in Kommo Website Chat Button: Kommo integration website-chat-button-kommo-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Website Chat Button: Kommo integration: from n/a through <= 1.3.1.
CVE-2025-23713	1 Wordpress	1 Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in artanik Hack me if you can hack-me-if-you-can allows Stored XSS.This issue affects Hack me if you can: from n/a through <= 1.2.
CVE-2025-23732	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in franciscopalacios Easy Filtering easy-filtering allows Reflected XSS.This issue affects Easy Filtering: from n/a through <= 2.5.0.
CVE-2025-23735	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cosmin Schiopu Infugrator infugrator allows Reflected XSS.This issue affects Infugrator: from n/a through <= 1.0.3.
CVE-2025-23736	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webgdawg Form To JSON form-to-json allows Reflected XSS.This issue affects Form To JSON: from n/a through <= 1.0.
CVE-2025-58669	3 Magento, Modern Minds, Wordpress	3 Magento, Magento 2 Wordpress Integration, Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modern Minds Magento 2 WordPress Integration m2wp allows Stored XSS.This issue affects Magento 2 WordPress Integration: from n/a through <= 1.4.2.1.

« first previous Page 353 of 599. next last »