Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11903 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11903 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-67549	2 Bobbingwide, Wordpress	2 Oik, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through <= 4.15.3.
CVE-2025-67547	2 Uixthemes, Wordpress	2 Konte, Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through <= 2.4.6.
CVE-2025-67568	1 Wordpress	1 Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through <= 5.9.1.
CVE-2025-67562	1 Wordpress	1 Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in WebCodingPlace Image Caption Hover Pro image-caption-hover-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Caption Hover Pro: from n/a through < 20.0.
CVE-2023-47225	2 Kaizencoders, Wordpress	2 Short Url, Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in KaizenCoders Short URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through 1.6.8.
CVE-2025-67576	2 Quantumcloud, Wordpress	2 Simple Link Directory, Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
CVE-2025-67577	1 Wordpress	1 Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.8.20.
CVE-2025-67578	2 Rhys Wynne, Wordpress	2 Wp Email Capture, Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through <= 3.12.4.
CVE-2025-67579	2 Vanquish, Wordpress	2 User Extra Fields, Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through <= 16.8.
CVE-2025-67615	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Myour myour allows PHP Local File Inclusion.This issue affects Myour: from n/a through <= 1.5.1.
CVE-2025-67616	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through <= 1.2.29.
CVE-2025-67624	2 Arya Dhiratara, Wordpress	2 Optimize More! – Images, Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! – Images: from n/a through <= 1.1.3.
CVE-2025-67625	1 Wordpress	1 Wordpress	2026-04-15	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery.This issue affects Trade Runner: from n/a through <= 3.14.
CVE-2025-67626	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1.
CVE-2025-67627	1 Wordpress	1 Wordpress	2026-04-15	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TouchOfTech Draft Notify draft-notify allows Stored XSS.This issue affects Draft Notify: from n/a through <= 1.5.
CVE-2025-67628	1 Wordpress	1 Wordpress	2026-04-15	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AMP-MODE Review Disclaimer review-disclaimer allows Stored XSS.This issue affects Review Disclaimer: from n/a through <= 2.0.3.
CVE-2025-67629	2 Basticom, Wordpress	2 Framework, Wordpress	2026-04-15	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basticom Basticom Framework basticom-framework allows Stored XSS.This issue affects Basticom Framework: from n/a through <= 1.5.2.
CVE-2025-67912	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premio Stars Testimonials stars-testimonials-with-slider-and-masonry-grid allows Stored XSS.This issue affects Stars Testimonials: from n/a through <= 3.3.4.
CVE-2025-67914	2 Beeteam368, Wordpress	2 Vidmov, Wordpress	2026-04-15	7.5 High
Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8.
CVE-2025-67915	2 Arraytics, Wordpress	2 Timetics, Wordpress	2026-04-15	9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46.

« first previous Page 430 of 596. next last »