Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11960 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11960 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22474	2 Themerex, Wordpress	2 Equestrian Centre, Wordpress	2026-04-22	9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5.
CVE-2026-28020	2 Themerex, Wordpress	2 Chroma, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Chroma chroma allows PHP Local File Inclusion.This issue affects Chroma: from n/a through <= 1.11.
CVE-2026-22475	2 Axiomthemes, Wordpress	2 Estate, Wordpress	2026-04-22	9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4.
CVE-2026-28009	2 Themerex, Wordpress	2 Dronex, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX DroneX dronex allows PHP Local File Inclusion.This issue affects DroneX: from n/a through <= 1.1.12.
CVE-2026-22501	2 Axiomthemes, Wordpress	2 Mounthood, Wordpress	2026-04-22	9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2.
CVE-2026-28013	2 Themerex, Wordpress	2 Kratz, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Kratz kratz allows PHP Local File Inclusion.This issue affects Kratz: from n/a through <= 1.0.12.
CVE-2026-23798	2 Blubrry, Wordpress	2 Powerpress Podcasting, Wordpress	2026-04-22	8.8 High
Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10.
CVE-2026-28019	2 Themerex, Wordpress	2 Manoir, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Manoir: from n/a through <= 1.11.
CVE-2026-27361	2 Webcodingplace, Wordpress	2 Responsive Posts Carousel Pro, Wordpress	2026-04-22	7.5 High
Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Posts Carousel Pro: from n/a through <= 15.1.
CVE-2026-28011	2 Themerex, Wordpress	2 Yottis, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yottis yottis allows PHP Local File Inclusion.This issue affects Yottis: from n/a through <= 1.0.10.
CVE-2025-68555	2 Wordpress, Zozothemes	2 Wordpress, Nutrie	2026-04-22	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through < 2.0.1.
CVE-2026-22425	2 Elated-themes, Wordpress	2 Sweet Jane, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Sweet Jane sweetjane allows PHP Local File Inclusion.This issue affects Sweet Jane: from n/a through <= 1.2.
CVE-2026-23801	2 Fuelthemes, Wordpress	2 The Issue, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affects The Issue: from n/a through <= 1.6.11.
CVE-2026-28014	2 Themerex, Wordpress	2 Translogic, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Translogic translogic allows PHP Local File Inclusion.This issue affects Translogic: from n/a through <= 1.2.11.
CVE-2026-27986	2 Themerex, Wordpress	2 Ostende, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX OsTende ostende allows PHP Local File Inclusion.This issue affects OsTende: from n/a through <= 1.4.3.
CVE-2026-27375	2 Janstudio, Wordpress	2 Gecko, Wordpress	2026-04-22	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through <= 1.9.8.
CVE-2026-27341	2 Mikado-themes, Wordpress	2 Topscorer - Sports Wordpress Theme, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through <= 1.2.
CVE-2026-22497	2 Ancorathemes, Wordpress	2 Jardi, Wordpress	2026-04-22	9.8 Critical
Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2.
CVE-2026-27337	2 Ancorathemes, Wordpress	2 Chronicle - Lifestyle Magazine & Blog Wordpress Theme, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme chronicle allows PHP Local File Inclusion.This issue affects Chronicle - Lifestyle Magazine & Blog WordPress Theme: from n/a through <= 1.0.
CVE-2025-68515	2 Roland Murg, Wordpress	2 Wp Booking System, Wordpress	2026-04-22	5.8 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allows Retrieve Embedded Sensitive Data.This issue affects WP Booking System: from n/a through <= 2.0.19.12.

« first previous Page 322 of 598. next last »