Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11910 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62922	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Missing Authorization vulnerability in Shambhu Patnaik Export Categories export-categories allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export Categories: from n/a through <= 1.0.
CVE-2025-62925	2 Conversios, Wordpress	2 Conversios.io, Wordpress	2026-04-15	8.1 High
Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.13.
CVE-2025-62926	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyDevs TempTool [Show Current Template Info] current-template-name allows Stored XSS.This issue affects TempTool [Show Current Template Info]: from n/a through <= 1.3.1.
CVE-2025-62927	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Content: from n/a through <= 4.0.5.
CVE-2025-62928	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Meta Description Updater: from n/a through <= 1.2.0.
CVE-2025-62867	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in ergonet Ergonet Cache ergonet-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ergonet Cache: from n/a through <= 1.0.13.
CVE-2025-62944	1 Wordpress	1 Wordpress	2026-04-15	9.8 Critical
Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTER mstw-csv-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSTW CSV EXPORTER: from n/a through <= 1.4.
CVE-2025-62945	2 Eduard Pinuaga Linares, Wordpress	2 Did Prestashop Display, Wordpress	2026-04-15	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through <= 1.0.30.
CVE-2025-62999	1 Wordpress	1 Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in themezaa Litho Addons litho-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Litho Addons: from n/a through <= 3.5.
CVE-2025-62868	2 Edge-themes, Wordpress	2 Edge Cpt, Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Edge CPT allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through 1.4.
CVE-2025-62977	1 Wordpress	1 Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in 沃之涛百度站长SEO合集(支持百度/神马/Bing/头条推送) baiduseo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 百度站长SEO合集(支持百度/神马/Bing/头条推送): from n/a through <= 2.1.4.
CVE-2025-62979	1 Wordpress	1 Wordpress	2026-04-15	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through <= 3.3.4.
CVE-2025-62988	1 Wordpress	1 Wordpress	2026-04-15	4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.
CVE-2025-62989	2 Boxystudio, Wordpress	2 Cooked, Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gora Tech Cooked cooked allows Stored XSS.This issue affects Cooked: from n/a through <= 1.11.3.
CVE-2025-62990	2 Livemesh, Wordpress	2 Livemesh Addons For Beaver Builder, Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Beaver Builder addons-for-beaver-builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through <= 3.9.2.
CVE-2025-62994	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7.
CVE-2025-63001	2 Nicdark, Wordpress	2 Hotel Booking, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in nicdark Hotel Booking nd-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through <= 3.8.
CVE-2025-63014	2 Serhii Pasiuk, Wordpress	2 Gmedia Photo Gallery, Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Serhii Pasyuk Gmedia Photo Gallery grand-media allows Cross Site Request Forgery.This issue affects Gmedia Photo Gallery: from n/a through <= 1.25.0.
CVE-2025-63016	2 Quadlayers, Wordpress	2 Tiktok Feed, Wordpress	2026-04-15	N/A
Missing Authorization vulnerability in quadlayers QuadLayers TikTok Feed wp-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through <= 4.6.5.
CVE-2025-63040	1 Wordpress	1 Wordpress	2026-04-15	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through <= 4.0.11.

« first previous Page 417 of 596. next last »