Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11887 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11887 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-49450	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mhallmann SEPA Girocode sepa-girocode allows Stored XSS.This issue affects SEPA Girocode: from n/a through <= 0.5.1.
CVE-2025-49448	1 Wordpress	1 Wordpress	2026-04-23	8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Food Menu fw-food-menu allows Path Traversal.This issue affects FW Food Menu : from n/a through <= 6.0.0.
CVE-2025-49447	2 Fastw3b, Wordpress	2 Fw Food Menu Plugin, Wordpress	2026-04-23	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu fw-food-menu allows Using Malicious Files.This issue affects FW Food Menu : from n/a through <= 6.0.0.
CVE-2025-49446	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin Notes admin-note allows Cross Site Request Forgery.This issue affects Admin Notes: from n/a through <= 1.1.
CVE-2025-49444	2 Merkulove, Wordpress	2 Reformer For Elementor, Wordpress	2026-04-23	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor reformer-elementor allows Upload a Web Shell to a Web Server.This issue affects Reformer for Elementor: from n/a through <= 1.0.5.
CVE-2025-49443	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris McCoy Bacon Ipsum bacon-ipsum allows Stored XSS.This issue affects Bacon Ipsum: from n/a through <= 2.4.
CVE-2025-49442	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mostafa Shahiri Simple Nested Menu simple-nested-menu allows Stored XSS.This issue affects Simple Nested Menu: from n/a through <= 1.0.
CVE-2025-49439	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb Atelier Create CV atelier-create-cv allows Cross Site Request Forgery.This issue affects Atelier Create CV: from n/a through <= 1.1.5.
CVE-2025-49438	1 Wordpress	1 Wordpress	2026-04-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Max Chirkov Talemy talemy allows PHP Local File Inclusion.This issue affects Talemy: from n/a through <= 1.2.23.
CVE-2025-49436	1 Wordpress	1 Wordpress	2026-04-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Anotte anotte-wp allows PHP Local File Inclusion.This issue affects Anotte: from n/a through <= 1.8.
CVE-2025-49434	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2026-04-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes Cars4Rent cars4rent allows Object Injection.This issue affects Cars4Rent: from n/a through <= 1.4.2.
CVE-2025-49432	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through <= 10.1.
CVE-2025-49430	1 Wordpress	1 Wordpress	2026-04-23	7.2 High
Server-Side Request Forgery (SSRF) vulnerability in FWDesign Ultimate Video Player fwduvp allows Server Side Request Forgery.This issue affects Ultimate Video Player: from n/a through <= 10.1.
CVE-2025-49429	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Burnette Video Embeds video-embeds allows Stored XSS.This issue affects Video Embeds: from n/a through <= 0.1.1.
CVE-2025-49428	1 Wordpress	1 Wordpress	2026-04-23	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dourou Spirit Framework spirit-framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through <= 1.2.13.
CVE-2025-49427	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Burnette Abbie Expander abbie-expander allows Stored XSS.This issue affects Abbie Expander: from n/a through <= 1.0.1.
CVE-2025-49426	1 Wordpress	1 Wordpress	2026-04-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dahz Kitring kitring allows PHP Local File Inclusion.This issue affects Kitring: from n/a through <= 2.8.
CVE-2025-49425	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami Easter Egg konami-easter-egg allows Stored XSS.This issue affects Konami Easter Egg: from n/a through <= v0.4.
CVE-2025-49424	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Support Ticket support-ticket allows Reflected XSS.This issue affects Support Ticket: from n/a through <= 1.9.
CVE-2025-49422	1 Wordpress	1 Wordpress	2026-04-23	9.8 Critical
Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through <= 1.9.

« first previous Page 121 of 595. next last »