Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 10819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10819 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-24995	1 Wordpress	1 Wordpress	2026-02-04	4.3 Medium
Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Shortcode: from n/a through <= 14.2.0.
CVE-2026-24996	1 Wordpress	1 Wordpress	2026-02-04	4.3 Medium
Missing Authorization vulnerability in wpelemento WPElemento Importer wpelemento-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPElemento Importer: from n/a through <= 0.6.4.
CVE-2026-24967	1 Wordpress	1 Wordpress	2026-02-04	5.3 Medium
Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.38.
CVE-2026-25024	1 Wordpress	1 Wordpress	2026-02-04	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Cross Site Request Forgery.This issue affects ThirstyAffiliates: from n/a through <= 3.11.9.
CVE-2026-24994	2 Sunshinephotocart, Wordpress	2 Sunshine Photo Cart, Wordpress	2026-02-04	5.3 Medium
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.2.
CVE-2026-25020	2 Wordpress, Wp Connect	2 Wordpress, Wp Sync For Notion	2026-02-04	4.3 Medium
Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through <= 1.7.0.
CVE-2026-25016	1 Wordpress	1 Wordpress	2026-02-04	4.3 Medium
Missing Authorization vulnerability in Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Popups: from n/a through <= 1.3.5.
CVE-2026-24966	1 Wordpress	1 Wordpress	2026-02-04	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape Premium copyscape-premium allows Cross Site Request Forgery.This issue affects Copyscape Premium: from n/a through <= 1.4.1.
CVE-2026-24991	1 Wordpress	1 Wordpress	2026-02-04	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extensions For CF7: from n/a through <= 3.4.0.
CVE-2026-25019	2 Vito Peleg, Wordpress	2 Atarim, Wordpress	2026-02-04	5.3 Medium
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.1.
CVE-2026-24982	2 Brainstormforce, Wordpress	2 Spectra, Wordpress	2026-02-04	5.3 Medium
Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.17.
CVE-2026-24990	2 Fahad Mahmood, Wordpress	2 Wp Docs, Wordpress	2026-02-04	5.4 Medium
Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through <= 2.2.8.
CVE-2026-25010	2 Illid, Wordpress	2 Share This Image, Wordpress	2026-02-04	5.3 Medium
Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through <= 2.09.
CVE-2026-24602	2 Raptive, Wordpress	2 Raptive Ads, Wordpress	2026-02-04	N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. This is a false positive. According to the vendor, the function identified as a vulnerability is intentional and part of the expected design.
CVE-2025-68891	2 Ryan Sutana, Wordpress	2 Wp App Bar, Wordpress	2026-02-03	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Sutana WP App Bar wp-app-bar allows Reflected XSS.This issue affects WP App Bar: from n/a through <= 1.5.
CVE-2025-67937	3 Mikado-themes, Qodeinteractive, Wordpress	3 Hendon, Hendon, Wordpress	2026-02-03	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through < 1.7.
CVE-2025-67936	3 Mikado-themes, Qodeinteractive, Wordpress	3 Curly, Curly, Wordpress	2026-02-03	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3.
CVE-2025-67935	3 Mikado-themes, Qodeinteractive, Wordpress	3 Optimize, Optimize, Wordpress	2026-02-03	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through < 2.4.
CVE-2025-67925	1 Wordpress	1 Wordpress	2026-02-03	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Corpkit corpkit allows PHP Local File Inclusion.This issue affects Corpkit: from n/a through <= 2.0.
CVE-2022-50797	2 Halfdata, Wordpress	2 Stripe Green Downloads, Wordpress	2026-02-03	6.4 Medium
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and application module manipulation.

« first previous Page 61 of 541. next last »