Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 346989 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11920 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-30634	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IWEBIX WP Featured Content Slider wp-featured-content-slider allows Stored XSS.This issue affects WP Featured Content Slider: from n/a through <= 2.6.
CVE-2025-30633	1 Wordpress	1 Wordpress	2026-04-23	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations woozone-contextual allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through <= 1.3.
CVE-2025-30632	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in pozzad Global Translator global-translator allows Cross Site Request Forgery.This issue affects Global Translator: from n/a through <= 2.0.2.
CVE-2025-30631	3 Aa-team, Woocommerce, Wordpress	4 Amazon Affiliates Addon For Wpbakery Page Builder, Woocommerce Sales Funnel Builder, Woocommerce and 1 more	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) azon-addon-js-composer allows Reflected XSS.This issue affects Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer): from n/a through <= 1.2.
CVE-2025-30630	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pozzad Global Translator global-translator allows Stored XSS.This issue affects Global Translator: from n/a through <= 2.0.2.
CVE-2025-30628	2 Aa-team, Wordpress	2 Amazon Affiliates Addon For Wpbakery Page Builder, Wordpress	2026-04-23	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) azon-addon-js-composer allows SQL Injection.This issue affects Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer): from n/a through <= 1.2.
CVE-2025-30627	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regolithsjk Elegant Visitor Counter elegant-visitor-counter allows Stored XSS.This issue affects Elegant Visitor Counter: from n/a through <= 3.1.
CVE-2025-30626	3 Lambertgroup, Wordpress, Wpbakery	4 Multimedia Playlist Slider Addon For Wpbakery Page Builder, Wordpress, Page Builder and 1 more	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbg_vp_youtube_vimeo_addon_visual_composer allows Reflected XSS.This issue affects Multimedia Playlist Slider Addon for WPBakery Page Builder: from n/a through <= 2.1.
CVE-2025-30623	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry wA11y – The Web Accessibility Toolbox wa11y allows Stored XSS.This issue affects wA11y – The Web Accessibility Toolbox: from n/a through <= 1.0.3.
CVE-2025-30621	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator translator allows Stored XSS.This issue affects Translator: from n/a through <= 0.3.
CVE-2025-30619	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in SpeakPipe SpeakPipe speakpipe-voicemail-for-websites allows Cross Site Request Forgery.This issue affects SpeakPipe: from n/a through <= 0.2.
CVE-2025-30617	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in takien Rewrite rewrite allows Cross Site Request Forgery.This issue affects Rewrite: from n/a through <= 0.2.1.
CVE-2025-30616	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Wood Latest Custom Post Type Updates latest-custom-post-type-updates allows Reflected XSS.This issue affects Latest Custom Post Type Updates: from n/a through <= 1.3.0.
CVE-2025-30612	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace Default Words replace-default-words allows Stored XSS.This issue affects Replace Default Words: from n/a through <= 1.3.
CVE-2025-30611	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wptobe Wptobe-signinup wptobe-signinup allows Reflected XSS.This issue affects Wptobe-signinup: from n/a through <= 1.1.2.
CVE-2025-30610	2 Catchsquare, Wordpress	2 Wp Social Widget, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widget: from n/a through <= 2.2.7.
CVE-2025-30607	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Name.ly Quick Localization quick-localization allows Reflected XSS.This issue affects Quick Localization: from n/a through <= 0.1.0.
CVE-2025-30606	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Logan Carlile Easy Page Transition easy-page-transition allows Stored XSS.This issue affects Easy Page Transition: from n/a through <= 1.0.1.
CVE-2025-30605	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in ldwin79 sourceplay-navermap sourceplay-navermap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects sourceplay-navermap: from n/a through <= 0.0.2.
CVE-2025-30602	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alphasis Related Posts via Categories related-posts-via-categories allows Stored XSS.This issue affects Related Posts via Categories: from n/a through <= 2.1.2.

« first previous Page 178 of 596. next last »