Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 13338 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (13338 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62060	2 Themepoints, Wordpress	2 Tab Ultimate, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Tab Ultimate tabs-pro.This issue affects Tab Ultimate: from n/a through <= 1.8.
CVE-2025-48106	1 Wordpress	1 Wordpress	2026-04-15	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue affects Clanora: from n/a through < 1.3.1.
CVE-2025-62054	2 Favethemes, Wordpress	2 Houzez, Wordpress	2026-04-15	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through <= 4.1.8.
CVE-2025-62029	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themesion Grevo grevo.This issue affects Grevo: from n/a through <= 2.4.
CVE-2025-62007	1 Wordpress	1 Wordpress	2026-04-15	8.8 High
Incorrect Privilege Assignment vulnerability in bPlugins Voice Feedback voice-feedback allows Privilege Escalation.This issue affects Voice Feedback: from n/a through <= 1.0.3.
CVE-2025-60246	1 Wordpress	1 Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weissmike Simple Finance Calculator simple-finance-calculator allows Reflected XSS.This issue affects Simple Finance Calculator: from n/a through <= 1.0.
CVE-2025-60232	1 Wordpress	1 Wordpress	2026-04-15	9.8 Critical
Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through <= 8.0.5.
CVE-2025-60215	1 Wordpress	1 Wordpress	2026-04-15	8.8 High
Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object Injection.This issue affects Kriya: from n/a through <= 3.4.
CVE-2025-60213	1 Wordpress	1 Wordpress	2026-04-15	9.8 Critical
Deserialization of Untrusted Data vulnerability in Whitebox-Studio Scape scape allows Object Injection.This issue affects Scape: from n/a through <= 1.5.13.
CVE-2025-60212	1 Wordpress	1 Wordpress	2026-04-15	8.8 High
Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through <= 4.2.
CVE-2025-60225	1 Wordpress	1 Wordpress	2026-04-15	9.8 Critical
Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through <= 1.5.0.
CVE-2025-60211	3 Extendons, Woocommerce, Wordpress	3 Woocommerce Registration Fields Plugin, Woocommerce, Wordpress	2026-04-15	8.8 High
Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3.
CVE-2025-60224	1 Wordpress	1 Wordpress	2026-04-15	9.8 Critical
Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through <= 2.0.9.
CVE-2025-60209	1 Wordpress	1 Wordpress	2026-04-15	9.8 Critical
Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.6.
CVE-2025-60221	1 Wordpress	1 Wordpress	2026-04-15	9.8 Critical
Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through <= 3.0.3.
CVE-2025-60208	1 Wordpress	1 Wordpress	2026-04-15	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through <= 2.0.9.
CVE-2025-60151	2 Crm Perks, Wordpress	2 Wp Gravity Forms Hubspot, Wordpress	2026-04-15	4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.5.
CVE-2025-5983	2 Msykes, Wordpress	2 Meta Tag Manager, Wordpress	2026-04-15	6.5 Medium
The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags.
CVE-2025-59579	2 Presstigers, Wordpress	2 Simple Job Board, Wordpress	2026-04-15	7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in PressTigers Simple Job Board simple-job-board allows Retrieve Embedded Sensitive Data.This issue affects Simple Job Board: from n/a through <= 2.13.7.
CVE-2025-59578	1 Wordpress	1 Wordpress	2026-04-15	5.8 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects ShopMagic: from n/a through <= 4.5.6.

« first previous Page 593 of 667. next last »