Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 12284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12284 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-67517	2 Artplacer, Wordpress	2 Artplacer Widget, Wordpress	2026-04-27	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Blind SQL Injection.This issue affects ArtPlacer Widget: from n/a through <= 2.22.9.2.
CVE-2025-67516	2 Agile Logix, Wordpress	2 Store Locator Wordpress, Wordpress Mu	2026-04-27	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through <= 1.6.2.
CVE-2025-67515	3 Mikado-themes, Qodeinteractive, Wordpress	3 Wilmer, Wilmer, Wordpress	2026-04-27	8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.5.
CVE-2025-67473	2 Codeworkweb, Wordpress	2 Cww Companion, Wordpress	2026-04-27	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in codeworkweb CWW Companion cww-companion allows Cross Site Request Forgery.This issue affects CWW Companion: from n/a through <= 1.3.2.
CVE-2025-67472	2 Vcita, Wordpress	3 Online Booking & Scheduling Calendar For Wordpress By Vcita, Online Booking \& Scheduling Calendar, Wordpress	2026-04-27	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.5.5.
CVE-2025-67471	1 Wordpress	1 Wordpress	2026-04-27	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Quick Contact Form quick-contact-form allows Cross Site Request Forgery.This issue affects Quick Contact Form: from n/a through <= 8.2.5.
CVE-2025-67469	2 Kubiq, Wordpress	2 Pdf Thumbnail Generator, Wordpress	2026-04-27	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in kubiq PDF Thumbnail Generator pdf-thumbnail-generator allows Cross Site Request Forgery.This issue affects PDF Thumbnail Generator: from n/a through <= 1.4.
CVE-2025-67466	2 Sergiotrinity, Wordpress	2 Trinity Audio, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in sergiotrinity Trinity Audio trinity-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trinity Audio: from n/a through <= 5.23.3.
CVE-2025-67465	2 Quantumcloud, Wordpress	2 Simple Link Directory, Wordpress	2026-04-27	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
CVE-2025-53586	1 Wordpress	1 Wordpress	2026-04-27	8.8 High
Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic allows Object Injection.This issue affects WeMusic: from n/a through <= 1.9.1.
CVE-2025-53585	1 Wordpress	1 Wordpress	2026-04-27	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme WeMusic noo-wemusic allows Reflected XSS.This issue affects WeMusic: from n/a through <= 1.9.1.
CVE-2025-53453	2 Axiomthemes, Wordpress	2 Hygia, Wordpress	2026-04-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Hygia hygia allows PHP Local File Inclusion.This issue affects Hygia: from n/a through <= 1.16.
CVE-2025-53424	3 Vanquish, Woocommerce, Wordpress	3 Woocommerce Orders Customers Exporter, Woocommerce, Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4.
CVE-2025-53421	2 Pickplugins, Wordpress	2 Accordion, Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.14.
CVE-2025-53316	2 Shahjahan Jewel, Wordpress	2 Wp Gdpr Cookie Consent, Wordpress	2026-04-27	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through <= 1.0.0.
CVE-2025-53252	2 Wordpress, Zozothemes	2 Wordpress, Zegen	2026-04-27	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Zegen zegen allows PHP Local File Inclusion.This issue affects Zegen: from n/a through <= 1.1.9.
CVE-2025-53246	1 Wordpress	1 Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in Gaurav Aggarwal Backup and Move backup-and-move allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup and Move: from n/a through <= 0.1.
CVE-2025-53214	1 Wordpress	1 Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sertifier Certificate & Badge Maker: from n/a through <= 1.21.
CVE-2025-66086	2 Cozyvision, Wordpress	2 Sms Alert Order Notifications, Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through <= 3.8.8.
CVE-2025-66083	1 Wordpress	1 Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 5.0.4.

« first previous Page 79 of 615. next last »