Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 12047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12047 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-32352	2 Elementor, Wordpress	2 Elementor Website Builder, Wordpress	2026-04-22	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
CVE-2026-31922	2 Ays-pro, Wordpress	2 Fox Lms, Wordpress	2026-04-22	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3.
CVE-2026-32460	2 Themefic, Wordpress	2 Ultimate Addons For Contact Form 7, Wordpress	2026-04-22	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through <= 3.5.36.
CVE-2026-32487	2 Rarathemes, Wordpress	2 Lawyer Landing Page, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7.
CVE-2026-32358	2 Wordpress, Wpdevelop	2 Wordpress, Booking Calendar	2026-04-22	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.
CVE-2026-32364	2 Redqteam, Wordpress	2 Turbo Manager, Wordpress	2026-04-22	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issue affects Turbo Manager: from n/a through < 4.0.8.
CVE-2026-32337	2 Rarathemes, Wordpress	2 Preschool And Kindergarten, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Preschool and Kindergarten: from n/a through <= 1.2.5.
CVE-2026-32342	2 Ays-pro, Wordpress	2 Quiz Maker, Wordpress	2026-04-22	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.1.2.
CVE-2026-32443	2 Josh Kohlbach, Wordpress	2 Product Feed Pro For Woocommerce, Wordpress	2026-04-22	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2.
CVE-2026-32446	2 Syed Balkhi, Wordpress	2 Contact Form By Wpforms, Wordpress	2026-04-22	4.3 Medium
Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through <= 1.9.9.3.
CVE-2026-32449	2 Themifyme, Wordpress	2 Themify Event Post, Wordpress	2026-04-22	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4.
CVE-2026-32455	2 Realmag777, Wordpress	2 Mdtf, Wordpress	2026-04-22	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MDTF: from n/a through <= 1.3.5.
CVE-2026-32457	2 Wombat Plugins, Wordpress	2 Advanced Product Fields Product Addons For Woocommerce, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields (Product Addons) for WooCommerce: from n/a through <= 1.6.18.
CVE-2026-32400	2 Themetechmount, Wordpress	2 Boldman, Wordpress	2026-04-22	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.
CVE-2026-32401	2 Boldgrid, Wordpress	2 Client Invoicing By Sprout Invoices, Wordpress	2026-04-22	7.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.9.
CVE-2026-32402	2 Ays-pro, Wordpress	2 Image Slider, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider by Ays: from n/a through <= 2.7.1.
CVE-2026-32405	2 Wordpress, Xtemos	2 Wordpress, Woodmart	2026-04-22	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9.
CVE-2026-31918	2 Immonex, Wordpress	2 Immonex Kickstart, Wordpress	2026-04-22	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in immonex immonex Kickstart immonex-kickstart allows Stored XSS.This issue affects immonex Kickstart: from n/a through <= 1.13.0.
CVE-2026-32412	2 Giftup, Wordpress	2 Gift Up Gift Cards For Wordpress And Woocommerce, Wordpress	2026-04-22	5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through <= 3.1.7.
CVE-2026-32415	2 Bogdan Bendziukov, Wordpress	2 Squeeze, Wordpress	2026-04-22	5 Medium
Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.

« first previous Page 314 of 603. next last »