Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 12046 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12046 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-32332	2 Ays-pro, Wordpress	2 Easy Form, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9.
CVE-2026-32445	2 Elementor, Wordpress	2 Elementor Website Builder, Wordpress	2026-04-22	2.7 Low
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
CVE-2026-32334	2 Rarathemes, Wordpress	2 Jobscout, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7.
CVE-2026-32335	2 Rarathemes, Wordpress	2 The Conference, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5.
CVE-2026-32358	2 Wordpress, Wpdevelop	2 Wordpress, Booking Calendar	2026-04-22	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.
CVE-2026-32360	2 Richplugins, Wordpress	2 Rich Showcase For Google Reviews, Wordpress	2026-04-22	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews: from n/a through <= 6.9.4.3.
CVE-2026-32362	2 Activity-log.com, Wordpress	2 Wp Sessions Time Monitoring Full Automatic, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.3.
CVE-2026-32363	2 Funlus Oy, Wordpress	2 Wplifecycle, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a through <= 3.3.1.
CVE-2026-32365	2 Robfelty, Wordpress	2 Collapsing Archives, Wordpress	2026-04-22	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through <= 3.0.7.
CVE-2026-32408	2 Themefusecom, Wordpress	2 Brizy, Wordpress	2026-04-22	4.3 Medium
Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.23.
CVE-2026-32387	2 Noorsplugin, Wordpress	2 Checkout For Paypal, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in Noor Alam Checkout for PayPal checkout-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout for PayPal: from n/a through <= 1.0.46.
CVE-2026-32390	2 Linethemes, Wordpress	2 Nanosoft, Wordpress	2026-04-22	5.4 Medium
Missing Authorization vulnerability in linethemes Nanosoft nanosoft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nanosoft: from n/a through < 1.3.2.
CVE-2026-32447	2 Vito Peleg, Wordpress	2 Atarim, Wordpress	2026-04-22	4.3 Medium
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2.
CVE-2026-32406	2 Wordpress, Wpclever	2 Wordpress, Wpc Product Bundles For Woocommerce	2026-04-22	4.3 Medium
Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through <= 8.4.5.
CVE-2026-32449	2 Themifyme, Wordpress	2 Themify Event Post, Wordpress	2026-04-22	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event Post: from n/a through <= 1.3.4.
CVE-2026-32486	2 Wordpress, Wptravelengine	2 Wordpress, Travel Booking	2026-04-22	5.3 Medium
Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through <= 1.3.9.
CVE-2026-32394	2 Publishpress, Wordpress	2 Publishpress Capabilities, Wordpress	2026-04-22	4.3 Medium
Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Capabilities: from n/a through <= 2.31.0.
CVE-2026-32396	2 Radiustheme, Wordpress	2 Team, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13.
CVE-2026-32487	2 Rarathemes, Wordpress	2 Lawyer Landing Page, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through <= 1.2.7.
CVE-2026-32415	2 Bogdan Bendziukov, Wordpress	2 Squeeze, Wordpress	2026-04-22	5 Medium
Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.

« first previous Page 309 of 603. next last »