Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11469 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11469 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-25400	2 Thememount, Wordpress	2 Apicona, Wordpress	2026-03-30	8.8 High
Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through <= 24.1.0.
CVE-2026-25414	2 Iqonicdesign, Wordpress	2 Wpbookit Pro, Wordpress	2026-03-30	8.8 High
Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through <= 1.6.18.
CVE-2026-25430	2 Crm Perks, Wordpress	2 Integration For Mailchimp And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in CRM Perks Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms cf7-mailchimp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through <= 1.2.2.
CVE-2026-25437	2 Wordpress, سید محمدامین هاشمی	2 Wordpress, Gzseo	2026-03-30	6.5 Medium
Missing Authorization vulnerability in سید محمدامین هاشمی GZSEO gzseo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GZSEO: from n/a through <= 2.0.14.
CVE-2026-25454	2 Mvpthemes, Wordpress	2 The League, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through <= 4.4.1.
CVE-2026-25456	2 Aarsiv Groups, Wordpress	2 Automated Fedex Live/manual Rates With Shipping Labels, Wordpress	2026-03-30	7.5 High
Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automated FedEx live/manual rates with shipping labels: from n/a through <= 5.1.8.
CVE-2026-25457	2 Select-themes, Wordpress	2 Mixtape, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Mixtape mixtape allows PHP Local File Inclusion.This issue affects Mixtape: from n/a through <= 2.1.
CVE-2026-25460	2 Liquidthemes, Wordpress	2 Ave Core, Wordpress	2026-03-30	6.3 Medium
Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1.
CVE-2026-25462	2 Avalex, Wordpress	2 Avalex, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in avalex avalex avalex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects avalex: from n/a through <= 3.1.3.
CVE-2026-25465	2 Codepeople, Wordpress	2 Cp Multi View Event Calendar, Wordpress	2026-03-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.35.
CVE-2026-25469	2 Viabill For Woocommerce, Wordpress	2 Viabill – Woocommerce, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill – WooCommerce viabill-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ViaBill – WooCommerce: from n/a through <= 1.1.53.
CVE-2026-27040	2 Aa-team, Wordpress	2 Wzone, Wordpress	2026-03-30	8.8 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AA-Team WZone woozone allows Path Traversal.This issue affects WZone: from n/a through <= 14.0.31.
CVE-2026-27044	2 Totalsuite, Wordpress	2 Total Poll Lite, Wordpress	2026-03-30	9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0.
CVE-2026-27046	2 Kaira, Wordpress	2 Storecustomizer, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StoreCustomizer: from n/a through <= 2.6.3.
CVE-2026-27047	2 Mikado-themes, Wordpress	2 Curly, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue affects Curly Core: from n/a through <= 2.1.6.
CVE-2026-27048	2 Elated-themes, Wordpress	2 The Aisle Core, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This issue affects The Aisle Core: from n/a through <= 2.0.5.
CVE-2026-27049	2 Nootheme, Wordpress	2 Jobica Core, Wordpress	2026-03-30	9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2.
CVE-2026-27075	2 Mikado-themes, Wordpress	2 Belfort, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through <= 1.0.
CVE-2026-27077	2 Mikado-themes, Wordpress	2 Multioffice, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through <= 1.2.
CVE-2026-27079	2 Mikado-themes, Wordpress	2 Amfissa, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through <= 1.1.

« first previous Page 9 of 574. next last »