Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 10162 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12064 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12064 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-28056	2 Themerex, Wordpress	2 Mckinney's Politics, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX MCKinney's Politics mckinney-politics allows PHP Local File Inclusion.This issue affects MCKinney's Politics: from n/a through <= 1.2.8.
CVE-2026-28090	2 Themerex, Wordpress	2 Gamezone, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gamezone gamezone allows PHP Local File Inclusion.This issue affects Gamezone: from n/a through <= 1.1.11.
CVE-2026-28071	2 Pixfort, Wordpress	2 Pixfort Core, Wordpress	2026-04-22	6.3 Medium
Missing Authorization vulnerability in PixFort pixfort Core pixfort-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects pixfort Core: from n/a through <= 3.2.22.
CVE-2026-28077	2 Themerex, Wordpress	2 Vapester, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Vapester vapester allows PHP Local File Inclusion.This issue affects Vapester: from n/a through <= 1.1.10.
CVE-2026-28059	2 Themerex, Wordpress	2 Dermatology Clinic, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.This issue affects Dermatology Clinic: from n/a through <= 1.4.3.
CVE-2026-28034	2 Themerex, Wordpress	2 Progress, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Progress progress allows PHP Local File Inclusion.This issue affects Progress: from n/a through <= 1.2.
CVE-2024-35644	2 Pascal Birchler, Wordpress	2 Preferred Languages, Wordpress	2026-04-22	5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pascal Birchler Preferred Languages allows DOM-Based XSS.This issue affects Preferred Languages: from n/a through 2.2.2.
CVE-2026-28035	2 Themerex, Wordpress	2 Printy, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Printy printy allows PHP Local File Inclusion.This issue affects Printy: from n/a through <= 1.8.
CVE-2026-28058	2 Themerex, Wordpress	2 Dixon, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dixon dixon allows PHP Local File Inclusion.This issue affects Dixon: from n/a through <= 1.4.2.1.
CVE-2026-28088	2 Themerex, Wordpress	2 Aqualots, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Aqualots aqualots allows PHP Local File Inclusion.This issue affects Aqualots: from n/a through <= 1.1.6.
CVE-2026-28045	2 Themerex, Wordpress	2 N7 \| Golf Club Sports & Events, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX N7 \| Golf Club Sports & Events n7-golf-club allows PHP Local File Inclusion.This issue affects N7 \| Golf Club Sports & Events: from n/a through <= 2.16.0.
CVE-2026-28047	2 Magentech, Wordpress	2 Victo, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo: from n/a through <= 1.4.16.
CVE-2026-28050	2 Themerex, Wordpress	2 Beacon, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Beacon beacon allows PHP Local File Inclusion.This issue affects Beacon: from n/a through <= 2.24.
CVE-2026-28122	2 Cridio, Wordpress	2 Listingpro, Wordpress	2026-04-22	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from n/a through <= 2.9.8.
CVE-2026-28105	2 Themerex, Wordpress	2 Good Energy, Wordpress	2026-04-22	9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through <= 1.7.7.
CVE-2026-28027	2 Themerex, Wordpress	2 Kayon, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Kayon kayon allows PHP Local File Inclusion.This issue affects Kayon: from n/a through <= 1.3.
CVE-2026-28028	2 Themerex, Wordpress	2 Moneyflow, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX MoneyFlow moneyflow allows PHP Local File Inclusion.This issue affects MoneyFlow: from n/a through <= 1.0.
CVE-2026-28036	2 Skatdesign, Wordpress	2 Ratatouille, Wordpress	2026-04-22	6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.This issue affects Ratatouille: from n/a through <= 1.2.6.
CVE-2026-28043	2 Themerex, Wordpress	2 Healer - Doctor, Clinic & Medical Wordpress Theme, Wordpress	2026-04-22	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Healer - Doctor, Clinic & Medical WordPress Theme healer allows PHP Local File Inclusion.This issue affects Healer - Doctor, Clinic & Medical WordPress Theme: from n/a through <= 1.0.0.
CVE-2026-28063	2 Themerex, Wordpress	2 Asia Garden, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Asia Garden asia-garden allows PHP Local File Inclusion.This issue affects Asia Garden: from n/a through <= 1.3.1.

« first previous Page 317 of 604. next last »