Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11836 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11836 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-25418	2 Bitpressadmin, Wordpress	2 Bit Form, Wordpress	2026-04-16	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
CVE-2026-25419	2 Flycart, Wordpress	2 Upsellwp, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.5.
CVE-2026-25420	2 Mailerlite, Wordpress	2 Mailerlite, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through <= 1.7.18.
CVE-2026-25423	2 Creativeinteractivemedia, Wordpress	2 Real3d Flipbook, Wordpress	2026-04-16	3.8 Low
Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.19.1.
CVE-2026-25428	2 Total-soft, Wordpress	2 Ts Poll, Wordpress	2026-04-16	4.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.
CVE-2026-25459	2 Uixthemes, Wordpress	2 Sober, Wordpress	2026-04-16	4.3 Medium
Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through <= 3.5.12.
CVE-2026-27042	2 Wordpress, Wpdeveloper	2 Wordpress, Notificationx	2026-04-16	5.3 Medium
Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1.
CVE-2026-27050	2 Thimpress, Wordpress	2 Realpress, Wordpress	2026-04-16	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress realpress allows Cross Site Request Forgery.This issue affects RealPress: from n/a through <= 1.1.0.
CVE-2026-27057	2 Pencidesign, Wordpress	2 Penci Filter Everything, Wordpress	2026-04-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through <= 1.7.
CVE-2026-27058	2 Pencidesign, Wordpress	2 Penci Podcast, Wordpress	2026-04-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: from n/a through <= 1.7.
CVE-2026-27059	2 Pencidesign, Wordpress	2 Penci Recipe, Wordpress	2026-04-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n/a through <= 4.1.
CVE-2026-27066	2 Pi Web Solution, Wordpress	2 Live Sales Notification For Woocommerce, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through <= 2.3.49.
CVE-2026-27069	2 Pencidesign, Wordpress	2 Soledad, Wordpress	2026-04-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8.7.2.
CVE-2026-27092	2 Greg Winiarski, Wordpress	2 Wpadverts, Wordpress	2026-04-16	6.5 Medium
Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through <= 2.3.0.
CVE-2026-27094	2 Godaddy, Wordpress	2 Coblocks, Wordpress	2026-04-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoDaddy CoBlocks coblocks allows Stored XSS.This issue affects CoBlocks: from n/a through <= 3.1.16.
CVE-2026-27328	2 Devsblink, Wordpress	2 Edublink, Wordpress	2026-04-16	5.3 Medium
Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7.
CVE-2026-27360	2 10web, Wordpress	2 Photo Gallery, Wordpress	2026-04-16	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.38.
CVE-2026-24943	2 Themegoods, Wordpress	2 Grand Conference, Wordpress	2026-04-16	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference grandconference allows Reflected XSS.This issue affects Grand Conference: from n/a through <= 5.3.4.
CVE-2026-24946	2 Tychesoftwares, Wordpress	2 Print Invoice & Delivery Notes For Woocommerce, Wordpress	2026-04-16	6.5 Medium
Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.8.0.
CVE-2026-24948	2 Fox-themes, Wordpress	2 Reflector, Wordpress	2026-04-16	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Reflector reflector-plugins allows Reflected XSS.This issue affects Reflector: from n/a through <= 1.2.2.

« first previous Page 71 of 592. next last »