Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11888 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-25359	2 Rascals, Wordpress	2 Pendulum, Wordpress	2026-03-30	8.8 High
Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5.
CVE-2026-25327	2 Rustaurius, Wordpress	2 Five Star Restaurant Reservations, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.9.
CVE-2026-25309	2 Publishpress, Wordpress	2 Publishpress Authors, Wordpress	2026-03-30	7.5 High
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.
CVE-2026-25033	2 Uixthemes, Wordpress	2 Motta Addons, Wordpress	2026-03-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uixthemes Motta Addons motta-addons allows Reflected XSS.This issue affects Motta Addons: from n/a through < 1.6.1.
CVE-2026-24987	2 Activity-log.com, Wordpress	2 Wp System Log, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a through <= 1.2.7.
CVE-2026-27044	2 Totalsuite, Wordpress	2 Total Poll Lite, Wordpress	2026-03-30	9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0.
CVE-2026-24974	2 Nootheme, Wordpress	2 Citilights, Wordpress	2026-03-30	8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through <= 3.7.1.
CVE-2026-24373	2 Metagauss, Wordpress	2 Registrationmagic, Wordpress	2026-03-30	8.1 High
Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1.
CVE-2026-32567	2 Icopydoc, Wordpress	2 Yml For Yandex Market, Wordpress	2026-03-30	6.8 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through < 5.3.0.
CVE-2026-32562	2 Wordpress, Wp Folio Team	2 Wordpress, Ppwp	2026-03-30	5.4 Medium
Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through <= 1.9.15.
CVE-2026-32573	2 Neliosoftware, Wordpress	2 Nelio Ab Testing, Wordpress	2026-03-30	9.1 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.7.
CVE-2026-33559	2 Mika, Wordpress	2 Openstreetmap, Wordpress	2026-03-30	N/A
WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin enabled, a logged-in user with a page-creating/editing privilege can embed some malicious script with a crafted HTTP request. When a victim user accesses this page, the script may be executed in the user's web browser.
CVE-2026-22209	2 Gvectors, Wordpress	2 Wpdiscuz, Wordpress	2026-03-27	5.5 Medium
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like </style><script>alert(1)</script> in the custom CSS setting to execute arbitrary JavaScript in user browsers.
CVE-2026-28073	2 Tipsandtricks-hq, Wordpress	2 Wp Emember, Wordpress	2026-03-25	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tips and Tricks HQ WP eMember allows Reflected XSS.This issue affects WP eMember: from n/a through v10.2.2.
CVE-2026-28070	2 Tipsandtricks-hq, Wordpress	2 Wp Emember, Wordpress	2026-03-25	5.3 Medium
Missing Authorization vulnerability in Tips and Tricks HQ WP eMember allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP eMember: from n/a through v10.2.2.
CVE-2026-28044	2 Wordpress, Wp Media	2 Wordpress, Wp Rocket	2026-03-25	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocket: from n/a through 3.19.4.
CVE-2026-27542	2 Rymera Web Co Pty Ltd., Wordpress	2 Woocommerce Wholesale Lead Capture, Wordpress	2026-03-25	9.8 Critical
Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1.
CVE-2026-27540	2 Rymera Web Co Pty Ltd., Wordpress	2 Woocommerce Wholesale Lead Capture, Wordpress	2026-03-25	9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture allows Using Malicious Files.This issue affects Woocommerce Wholesale Lead Capture: from n/a through 2.0.3.1.
CVE-2026-32583	2 Webnus, Wordpress	2 Modern Events Calendar, Wordpress	2026-03-24	5.3 Medium
Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modern Events Calendar: from n/a through 7.29.0.
CVE-2026-22191	2 Gvectors, Wordpress	2 Wpdiscuz, Wordpress	2026-03-23	6.5 Medium
wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [user_meta] in comments, which are executed server-side when the WpdiscuzHelperEmail class processes notifications through do_shortcode() before wp_mail().

« first previous Page 557 of 595. next last »