Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 346973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11920 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-30860	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows DOM-Based XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through <= 0.5.8.2.
CVE-2025-30850	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sfaerber Dr. Flex dr-flex allows Stored XSS.This issue affects Dr. Flex: from n/a through <= 2.0.0.
CVE-2025-30845	2 Webangon, Wordpress	2 The Pack Elementor Addons, Wordpress	2026-04-23	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webangon The Pack Elementor addons the-pack-addon allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through <= 2.1.1.
CVE-2025-30843	1 Wordpress	1 Wordpress	2026-04-23	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in setriosoft bizcalendar-web bizcalendar-web allows SQL Injection.This issue affects bizcalendar-web: from n/a through <= 1.1.0.34.
CVE-2025-30842	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in pixolette Christmas Panda christmas-panda allows Cross Site Request Forgery.This issue affects Christmas Panda: from n/a through <= 1.0.4.
CVE-2025-30838	2 Cozythemes, Wordpress	2 Cozy Blocks, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CozyThemes Cozy Blocks cozy-addons allows Stored XSS.This issue affects Cozy Blocks: from n/a through <= 2.1.6.
CVE-2025-30836	2 Latepoint, Wordpress	2 Latepoint, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LatePoint LatePoint latepoint allows Stored XSS.This issue affects LatePoint: from n/a through <= 5.1.6.
CVE-2025-30830	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in Hossni Mubarak Cool Author Box hm-cool-author-box-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cool Author Box: from n/a through <= 2.9.9.
CVE-2025-30829	2 Themewinter, Wordpress	2 Wpcafe, Wordpress	2026-04-23	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics WPCafe wp-cafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through <= 2.2.31.
CVE-2025-30828	2 Arraytics, Wordpress	2 Timetics, Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.29.
CVE-2025-30826	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy IP Locator ip-locator allows DOM-Based XSS.This issue affects IP Locator: from n/a through <= 4.1.0.
CVE-2025-30823	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Boone Gorges Anthologize anthologize allows Cross Site Request Forgery.This issue affects Anthologize: from n/a through <= 0.8.2.
CVE-2025-30821	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in otacke SNORDIAN's H5PxAPIkatchu h5pxapikatchu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SNORDIAN's H5PxAPIkatchu: from n/a through <= 0.4.14.
CVE-2025-30818	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mlaza jAlbum Bridge jalbum-bridge allows DOM-Based XSS.This issue affects jAlbum Bridge: from n/a through <= 2.0.17.
CVE-2025-30817	2 Wordpress, Wpzita	2 Wordpress, Z Companion	2026-04-23	5.4 Medium
Missing Authorization vulnerability in wpzita Z Companion z-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Z Companion: from n/a through <= 1.0.13.
CVE-2025-30815	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Cross Site Request Forgery.This issue affects Hesabfa Accounting: from n/a through <= 2.1.8.
CVE-2025-30814	2 Radiustheme, Wordpress	2 The Post Grid, Wordpress	2026-04-23	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme The Post Grid the-post-grid allows PHP Local File Inclusion.This issue affects The Post Grid: from n/a through <= 7.7.17.
CVE-2025-30813	2 Listamester, Wordpress	2 Listamester, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in listamester Listamester listamester allows Stored XSS.This issue affects Listamester: from n/a through <= 2.3.5.
CVE-2025-30811	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify validar-certificados-de-cursos allows Cross Site Request Forgery.This issue affects ValidateCertify: from n/a through <= 1.6.1.
CVE-2025-30809	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in Shahjada Live Forms liveforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Forms: from n/a through <= 4.8.4.

« first previous Page 176 of 596. next last »