Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12071 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-69411	2 Robert Seyfriedsberger, Wordpress	2 Ioncube Tester Plus, Wordpress	2026-04-22	7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through <= 1.3.
CVE-2026-28013	2 Themerex, Wordpress	2 Kratz, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Kratz kratz allows PHP Local File Inclusion.This issue affects Kratz: from n/a through <= 1.0.12.
CVE-2026-22455	2 Foreverpinetree, Wordpress	2 Thebe, Wordpress	2026-04-22	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree Thebe thebe allows Reflected XSS.This issue affects Thebe: from n/a through <= 1.3.0.
CVE-2026-22439	2 Ancorathemes, Wordpress	2 Green Planet, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Green Planet green-planet allows PHP Local File Inclusion.This issue affects Green Planet: from n/a through <= 1.1.14.
CVE-2026-28006	2 Themerex, Wordpress	2 Yungen, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yungen yungen allows PHP Local File Inclusion.This issue affects Yungen: from n/a through <= 1.0.12.
CVE-2026-28014	2 Themerex, Wordpress	2 Translogic, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Translogic translogic allows PHP Local File Inclusion.This issue affects Translogic: from n/a through <= 1.2.11.
CVE-2026-22456	2 Elated-themes, Wordpress	2 Askka, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Askka askka allows PHP Local File Inclusion.This issue affects Askka: from n/a through <= 1.0.
CVE-2026-28018	2 Themerex, Wordpress	2 Global Logistics, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Global Logistics globallogistics allows PHP Local File Inclusion.This issue affects Global Logistics: from n/a through <= 3.20.
CVE-2026-22442	2 Launchandsell, Wordpress	2 Tribe, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LaunchandSell Tribe tribe allows PHP Local File Inclusion.This issue affects Tribe: from n/a through <= 1.7.3.
CVE-2026-27991	2 Themerex, Wordpress	2 Avventure, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Avventure avventure allows PHP Local File Inclusion.This issue affects Avventure: from n/a through <= 1.1.12.
CVE-2026-22387	2 Mikado-themes, Wordpress	2 Aviana, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Aviana aviana allows PHP Local File Inclusion.This issue affects Aviana: from n/a through <= 2.1.
CVE-2026-27339	2 Ancorathemes, Wordpress	2 Buzz Stone \| Magazine & Viral Blog Wordpress Theme, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Buzz Stone \| Magazine & Viral Blog WordPress Theme buzzstone allows PHP Local File Inclusion.This issue affects Buzz Stone \| Magazine & Viral Blog WordPress Theme: from n/a through <= 1.0.2.
CVE-2026-27370	2 Premio, Wordpress	2 Chaty, Wordpress	2026-04-22	7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty: from n/a through <= 3.5.1.
CVE-2026-27335	2 Ancorathemes, Wordpress	2 Ekoterra - Nonprofit, Green Energy & Ecology Theme, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ekoterra - NonProfit, Green Energy & Ecology Theme ekoterra allows PHP Local File Inclusion.This issue affects Ekoterra - NonProfit, Green Energy & Ecology Theme: from n/a through <= 1.0.0.
CVE-2026-27388	2 Designthemes, Wordpress	2 Designthemes Booking Manager, Wordpress	2026-04-22	7.5 High
Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Booking Manager: from n/a through <= 2.0.
CVE-2026-28009	2 Themerex, Wordpress	2 Dronex, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX DroneX dronex allows PHP Local File Inclusion.This issue affects DroneX: from n/a through <= 1.1.12.
CVE-2026-22475	2 Axiomthemes, Wordpress	2 Estate, Wordpress	2026-04-22	9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4.
CVE-2026-22432	2 Ancorathemes, Wordpress	2 Woopy, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Woopy woopy allows PHP Local File Inclusion.This issue affects Woopy: from n/a through <= 1.2.
CVE-2026-28020	2 Themerex, Wordpress	2 Chroma, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Chroma chroma allows PHP Local File Inclusion.This issue affects Chroma: from n/a through <= 1.11.
CVE-2025-69090	2 Ovatheme, Wordpress	2 Remons, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Remons remons allows PHP Local File Inclusion.This issue affects Remons: from n/a through <= 1.3.4.

« first previous Page 322 of 604. next last »