Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 10162 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12047 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-32330	2 10web, Wordpress	2 Photo Gallery, Wordpress	2026-04-22	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.
CVE-2026-32335	2 Rarathemes, Wordpress	2 The Conference, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5.
CVE-2026-32338	2 Rarathemes, Wordpress	2 Construction Landing Page, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through <= 1.4.1.
CVE-2026-32350	2 Wordpress, Wpradiant	2 Wordpress, Chocolate House	2026-04-22	5.3 Medium
Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a through <= 1.1.5.
CVE-2026-32360	2 Richplugins, Wordpress	2 Rich Showcase For Google Reviews, Wordpress	2026-04-22	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews: from n/a through <= 6.9.4.3.
CVE-2026-32362	2 Activity-log.com, Wordpress	2 Wp Sessions Time Monitoring Full Automatic, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.3.
CVE-2026-32385	2 Metagauss, Wordpress	2 Registrationmagic, Wordpress	2026-04-22	5.4 Medium
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.
CVE-2026-32387	2 Noorsplugin, Wordpress	2 Checkout For Paypal, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46.
CVE-2026-32393	2 Creatives Planet, Wordpress	2 Greenly Theme Addons, Wordpress	2026-04-22	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2.
CVE-2026-32406	2 Wordpress, Wpclever	2 Wordpress, Wpc Product Bundles For Woocommerce	2026-04-22	4.3 Medium
Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through <= 8.4.5.
CVE-2026-32418	2 Jordy Meow, Wordpress	2 Meow Gallery, Wordpress	2026-04-22	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.
CVE-2026-32420	2 Ruben Garcia, Wordpress	2 Gamipress, Wordpress	2026-04-22	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through <= 7.6.6.
CVE-2026-32423	2 Bowo, Wordpress	2 Admin And Site Enhancements Ase, Wordpress	2026-04-22	5.4 Medium
Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.4.0.
CVE-2026-32426	2 Themelexus, Wordpress	2 Medilazar Core, Wordpress	2026-04-22	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through < 1.4.7.
CVE-2026-32428	2 Ays-pro, Wordpress	2 Popup Like Box, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through <= 3.7.7.
CVE-2026-32440	2 Ex-themes, Wordpress	2 Wp Food, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1.
CVE-2026-32454	2 Theme-fusion, Wordpress	2 Avada, Wordpress	2026-04-22	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a through < 5.15.0.
CVE-2026-32456	2 Janis Elsts, Wordpress	2 Admin Menu Editor, Wordpress	2026-04-22	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1.
CVE-2026-32462	2 Liton Arefin, Wordpress	2 Master Addons For Elementor, Wordpress	2026-04-22	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.1.3.
CVE-2026-31918	2 Immonex, Wordpress	2 Immonex Kickstart, Wordpress	2026-04-22	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in immonex immonex Kickstart immonex-kickstart allows Stored XSS.This issue affects immonex Kickstart: from n/a through <= 1.13.0.

« first previous Page 310 of 603. next last »