Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11973 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-32247	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator ai-content-creator allows Cross Site Request Forgery.This issue affects AI Content Creator: from n/a through <= 1.2.6.
CVE-2025-32246	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in Tim Nguyen 1-Click Backup & Restore Database 1-click-backup-restore-database-by-sunbytes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1-Click Backup & Restore Database: from n/a through <= 1.0.3.
CVE-2025-32240	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in wpvsingh Site Notify site-notify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Notify: from n/a through <= 1.0.
CVE-2025-32232	2 Era404, Wordpress	2 Stafflist, Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaffList: from n/a through <= 3.2.7.
CVE-2025-32230	2 Themeum, Wordpress	2 Tutor Lms, Wordpress	2026-04-23	4.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through <= 3.4.0.
CVE-2025-32226	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in Anzar Ahmed Display product variations dropdown on shop page display-product-variations-dropdown-on-shop-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display product variations dropdown on shop page: from n/a through <= 1.1.3.
CVE-2025-32224	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in Shivam Mani Tripathi Privyr CRM Integration privy-crm-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Privyr CRM Integration: from n/a through <= 1.0.2.
CVE-2025-32222	1 Wordpress	1 Wordpress	2026-04-23	9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Widgetlogic.org Widget Logic widget-logic allows Code Injection.This issue affects Widget Logic: from n/a through <= 6.0.5.
CVE-2025-32221	2 Spider-themes, Wordpress	2 Eazydocs, Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in Spider Themes EazyDocs eazydocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through <= 2.7.1.
CVE-2025-32213	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in flothemesplugins Flo Forms flo-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through <= 1.0.43.
CVE-2025-32212	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in Specia Theme Specia Companion specia-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Specia Companion: from n/a through <= 6.3.
CVE-2025-32204	2 Rocketelements, Wordpress	2 Split Test For Elementor, Wordpress	2026-04-23	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in rocketelements Split Test For Elementor split-test-for-elementor allows SQL Injection.This issue affects Split Test For Elementor: from n/a through <= 1.8.3.
CVE-2025-32203	1 Wordpress	1 Wordpress	2026-04-23	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in manu225 Falling things falling-things allows SQL Injection.This issue affects Falling things: from n/a through <= 1.08.
CVE-2025-32201	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in Xpro Xpro Theme Builder xpro-theme-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xpro Theme Builder: from n/a through <= 1.2.8.4.
CVE-2025-32196	2 Blazethemes, Wordpress	2 News Kit Elementor Addons, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through <= 1.4.2.
CVE-2025-32193	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMinds Simple WP Events simple-wp-events allows Stored XSS.This issue affects Simple WP Events: from n/a through <= 1.8.17.
CVE-2025-32179	2 Icopydoc, Wordpress	2 Maps For Wp, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Maps for WP maps-for-wp allows Stored XSS.This issue affects Maps for WP: from n/a through <= 1.2.4.
CVE-2025-32178	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 6Storage Rentals: from n/a through <= 2.22.0.
CVE-2025-32177	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pgn4web Embed Chessboard embed-chessboard allows Stored XSS.This issue affects Embed Chessboard: from n/a through <= 3.08.00.
CVE-2025-32174	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tockify Tockify Events Calendar tockify-events-calendar allows DOM-Based XSS.This issue affects Tockify Events Calendar: from n/a through <= 2.2.13.

« first previous Page 158 of 599. next last »