Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 10313 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10313 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-68043	2 Lottiefiles, Wordpress	2 Lottiefiles, Wordpress	2026-02-24	7.3 High
Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.
CVE-2025-68026	2 Niaj Morshed, Wordpress	2 Lc Wizard, Wordpress	2026-02-24	6.5 Medium
Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1.
CVE-2025-68024	2 Addonify, Wordpress	2 Addonify – Woocommerce Wishlist, Wordpress	2026-02-24	6.5 Medium
Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – WooCommerce Wishlist: from n/a through <= 2.0.15.
CVE-2025-68022	2 Soporteblue, Wordpress	2 Plugin Bluex For Woocommerce, Wordpress	2026-02-24	6.3 Medium
Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin BlueX for WooCommerce: from n/a through <= 3.1.6.
CVE-2025-68005	2 Themewant, Wordpress	2 Easy Hotel Booking, Wordpress	2026-02-24	6.5 Medium
Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.8.7.
CVE-2025-68000	2 Pickplugins, Wordpress	2 Testimonial Slider, Wordpress	2026-02-24	6.5 Medium
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.
CVE-2025-67997	2 Boldthemes, Wordpress	2 Travelicious, Wordpress	2026-02-24	9.8 Critical
Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7.
CVE-2025-67993	2 Vito Peleg, Wordpress	2 Atarim, Wordpress	2026-02-24	6.5 Medium
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.2.1.
CVE-2025-67977	2 Villatheme, Wordpress	2 Happy, Wordpress	2026-02-24	8.2 High
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.8.
CVE-2025-67974	2 Wordpress, Wplegalpages	2 Wordpress, Wp Legal Pages	2026-02-24	7.5 High
Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4.
CVE-2025-67970	2 Vertim, Wordpress	2 Schedula, Wordpress	2026-02-24	5.3 Medium
Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schedula: from n/a through <= 1.0.
CVE-2025-67624	2 Arya Dhiratara, Wordpress	2 Optimize More! – Images, Wordpress	2026-02-24	6.5 Medium
Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! – Images: from n/a through <= 1.1.3.
CVE-2026-25316	2 Brainstormforce, Wordpress	2 Cartflows, Wordpress	2026-02-24	7.2 High
Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19.
CVE-2026-23803	2 Burhan Nasir, Wordpress	2 Smart Auto Upload Images, Wordpress	2026-02-24	6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart Auto Upload Images smart-auto-upload-images allows Server Side Request Forgery.This issue affects Smart Auto Upload Images: from n/a through <= 1.2.2.
CVE-2026-22379	2 Ancorathemes, Wordpress	2 Netmix, Wordpress	2026-02-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Netmix netmix allows PHP Local File Inclusion.This issue affects Netmix: from n/a through <= 1.0.10.
CVE-2026-22377	2 Ancorathemes, Wordpress	2 Saveo, Wordpress	2026-02-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Saveo saveo allows PHP Local File Inclusion.This issue affects Saveo: from n/a through <= 1.1.2.
CVE-2026-22375	2 Ancorathemes, Wordpress	2 Impacto Patronus, Wordpress	2026-02-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Impacto Patronus impacto-patronus allows PHP Local File Inclusion.This issue affects Impacto Patronus: from n/a through <= 1.2.3.
CVE-2026-22373	2 Ancorathemes, Wordpress	2 Fooddy, Wordpress	2026-02-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Fooddy fooddy allows PHP Local File Inclusion.This issue affects Fooddy: from n/a through <= 1.3.10.
CVE-2026-22371	2 Ancorathemes, Wordpress	2 Gustavo, Wordpress	2026-02-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gustavo gustavo allows PHP Local File Inclusion.This issue affects Gustavo: from n/a through <= 1.2.2.
CVE-2026-22369	2 Ancorathemes, Wordpress	2 Ironfit, Wordpress	2026-02-24	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ironfit ironfit allows PHP Local File Inclusion.This issue affects Ironfit: from n/a through <= 1.5.

« first previous Page 2 of 516. next last »