Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11853 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11853 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-24543	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in Horea Radu Materialis Companion materialis-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Materialis Companion: from n/a through <= 1.3.52.
CVE-2025-23564	1 Wordpress	1 Wordpress	2026-04-15	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mohsenshahbazi WP FixTag wp-fixtag allows Reflected XSS.This issue affects WP FixTag: from n/a through <= v2.0.2.
CVE-2026-24544	2 Harmonicdesign, Wordpress	2 Hd Quiz, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in Harmonic Design HD Quiz hd-quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz: from n/a through <= 2.0.9.
CVE-2026-24550	1 Wordpress	1 Wordpress	2026-04-15	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.19.
CVE-2026-24553	2 Dotstore, Wordpress	2 Fraud Prevention For Woocommerce, Wordpress	2026-04-15	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.2.
CVE-2026-24580	2 Lightspeedhq, Wordpress	2 Ecwid Ecommerce Shopping Cart, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.5.
CVE-2026-24588	1 Wordpress	1 Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in topdevs Smart Product Viewer smart-product-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Product Viewer: from n/a through <= 1.5.4.
CVE-2026-24589	2 Cargus Ecommerce, Wordpress	2 Cargus, Wordpress	2026-04-15	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Cargus eCommerce Cargus cargus allows Retrieve Embedded Sensitive Data.This issue affects Cargus: from n/a through <= 1.5.8.
CVE-2026-24595	2 Wordpress, Zohocorp	2 Wordpress, Zoho Crm Lead Magnet	2026-04-15	5.4 Medium
Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.8.1.9.
CVE-2026-24598	2 Bestwebsoft, Wordpress	2 Multilanguage, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through <= 1.5.2.
CVE-2026-24603	1 Wordpress	1 Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Universal Google Adsense and Ads manager: from n/a through <= 1.1.8.
CVE-2026-24606	3 Web Impian, Woocommerce, Wordpress	3 Bayarcash Woo Commerce, Woocommerce, Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: from n/a through <= 4.3.13.
CVE-2026-24612	2 Themebeez, Wordpress	2 Orchid Store, Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15.
CVE-2026-24620	2 Pluginops, Wordpress	2 Landing Page Builder, Wordpress	2026-04-15	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page Builder: from n/a through <= 1.5.3.4.
CVE-2026-24626	2 Logichunt, Wordpress	2 Logo Slider, Wordpress	2026-04-15	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt Logo Slider logo-slider-wp allows Stored XSS.This issue affects Logo Slider: from n/a through <= 4.9.0.
CVE-2026-24627	2 Trusona, Wordpress	2 Trusona For Wordpress, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a through <= 2.0.0.
CVE-2026-24630	2 Design, Wordpress	2 Stylish Cost Calculator, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows Stored XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.2.5.
CVE-2026-24634	2 Rustaurius, Wordpress	2 Ultimate Reviews, Wordpress	2026-04-15	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through <= 3.2.16.
CVE-2022-50797	2 Halfdata, Wordpress	2 Stripe Green Downloads, Wordpress	2026-04-15	6.4 Medium
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and application module manipulation.
CVE-2026-24635	1 Wordpress	1 Wordpress	2026-04-15	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DevsBlink EduBlink Core edublink-core allows PHP Local File Inclusion.This issue affects EduBlink Core: from n/a through <= 2.0.7.

« first previous Page 19 of 593. next last »