Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11922 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-25401	2 Arni Cinco, Wordpress	2 Wpcargo Track & Trace, Wordpress	2026-03-30	7.5 High
Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through <= 8.0.2.
CVE-2026-25400	2 Thememount, Wordpress	2 Apicona, Wordpress	2026-03-30	8.8 High
Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through <= 24.1.0.
CVE-2026-25383	2 Iqonic, Wordpress	2 Kivicare, Wordpress	2026-03-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Reflected XSS.This issue affects KiviCare: from n/a through <= 3.6.16.
CVE-2026-25382	2 Jwsthemes, Wordpress	2 Idealauto, Wordpress	2026-03-30	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes IdealAuto idealauto allows PHP Local File Inclusion.This issue affects IdealAuto: from n/a through < 3.8.6.
CVE-2026-25361	2 Magepeopleteam, Wordpress	2 Wpevently, Wordpress	2026-03-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam WpEvently mage-eventpress allows Reflected XSS.This issue affects WpEvently: from n/a through <= 5.1.4.
CVE-2026-25360	2 Rascals, Wordpress	2 Vex, Wordpress	2026-03-30	8.8 High
Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through < 1.2.9.
CVE-2026-25365	2 Wordpress, Özgür Karalar	2 Wordpress, Kargo Takip	2026-03-30	6.5 Medium
Missing Authorization vulnerability in Özgür KARALAR Kargo Takip kargo-takip-turkiye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kargo Takip: from n/a through < 0.2.4.
CVE-2026-25359	2 Rascals, Wordpress	2 Pendulum, Wordpress	2026-03-30	8.8 High
Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5.
CVE-2026-25358	2 Rascals, Wordpress	2 Meloo, Wordpress	2026-03-30	8.8 High
Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through < 2.8.2.
CVE-2026-25356	2 Skygroup, Wordpress	2 Yobazar, Wordpress	2026-03-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through < 1.6.7.
CVE-2026-25355	2 Skygroup, Wordpress	2 Sanzo, Wordpress	2026-03-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Sanzo sanzo allows Stored XSS.This issue affects Sanzo: from n/a through < 2.4.3.
CVE-2026-25354	2 Skygroup, Wordpress	2 Reebox, Wordpress	2026-03-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Reebox reebox allows Reflected XSS.This issue affects Reebox: from n/a through < 1.4.8.
CVE-2026-25342	2 Kutethemes, Wordpress	2 Boutique, Wordpress	2026-03-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kutethemes Boutique kute-boutique allows Reflected XSS.This issue affects Boutique: from n/a through < 2.4.6.
CVE-2026-25341	2 Rsjoomla, Wordpress	2 Rsfirewall!, Wordpress	2026-03-30	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through <= 1.1.45.
CVE-2026-25340	2 Nootheme, Wordpress	2 Jobmonster, Wordpress	2026-03-30	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through < 4.8.4.
CVE-2026-25339	2 Syed Balkhi, Wordpress	2 Contact Form By Wpforms, Wordpress	2026-03-30	6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Retrieve Embedded Sensitive Data.This issue affects Contact Form by WPForms: from n/a through <= 1.9.8.7.
CVE-2026-25328	2 Add-ons.org, Wordpress	2 Product File Upload For Woocommerce, Wordpress	2026-03-30	6.8 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Product File Upload for WooCommerce products-file-upload-for-woocommerce allows Path Traversal.This issue affects Product File Upload for WooCommerce: from n/a through <= 2.2.4.
CVE-2026-25327	2 Rustaurius, Wordpress	2 Five Star Restaurant Reservations, Wordpress	2026-03-30	6.5 Medium
Missing Authorization vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through <= 2.7.9.
CVE-2026-25317	2 Tychesoftwares, Wordpress	2 Print Invoice & Delivery Notes For Woocommerce, Wordpress	2026-03-30	7.5 High
Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through <= 5.9.0.
CVE-2026-25032	2 Park Of Ideas, Wordpress	2 Ricky, Wordpress	2026-03-30	9.8 Critical
Deserialization of Untrusted Data vulnerability in park_of_ideas Ricky ricky allows Object Injection.This issue affects Ricky: from n/a through < 2.31.

« first previous Page 509 of 597. next last »