Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 21483 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 11973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11973 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22370	2 Axiomthemes, Wordpress	2 Marveland, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Marveland marveland allows PHP Local File Inclusion.This issue affects Marveland: from n/a through <= 1.3.0.
CVE-2026-22372	2 Ancorathemes, Wordpress	2 Isida, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allows PHP Local File Inclusion.This issue affects Isida: from n/a through <= 1.4.2.
CVE-2026-22373	2 Ancorathemes, Wordpress	2 Fooddy, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Fooddy fooddy allows PHP Local File Inclusion.This issue affects Fooddy: from n/a through <= 1.3.10.
CVE-2026-22375	2 Ancorathemes, Wordpress	2 Impacto Patronus, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Impacto Patronus impacto-patronus allows PHP Local File Inclusion.This issue affects Impacto Patronus: from n/a through <= 1.2.3.
CVE-2026-22377	2 Ancorathemes, Wordpress	2 Saveo, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Saveo saveo allows PHP Local File Inclusion.This issue affects Saveo: from n/a through <= 1.1.2.
CVE-2026-22378	2 Ancorathemes, Wordpress	2 Blabber, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber allows PHP Local File Inclusion.This issue affects Blabber: from n/a through <= 1.7.0.
CVE-2026-22379	2 Ancorathemes, Wordpress	2 Netmix, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Netmix netmix allows PHP Local File Inclusion.This issue affects Netmix: from n/a through <= 1.0.10.
CVE-2026-22381	2 Mikado-themes, Wordpress	2 Pawfriends - Pet Shop And Veterinary Wordpress Theme, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows PHP Local File Inclusion.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3.
CVE-2026-22384	2 Leafcolor, Wordpress	2 Applay - Shortcodes, Wordpress	2026-04-16	8.8 High
Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through <= 3.7.
CVE-2026-24944	2 Wedevs, Wordpress	2 Subscribe2, Wordpress	2026-04-16	6.5 Medium
Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.
CVE-2026-24956	2 Shahjada, Wordpress	2 Download Manager Addons For Elementor, Wordpress	2026-04-16	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada Download Manager Addons for Elementor wpdm-elementor allows Blind SQL Injection.This issue affects Download Manager Addons for Elementor: from n/a through <= 1.3.0.
CVE-2026-1369	2 Conditional Captcha, Wordpress	2 Conditional Captcha, Wordpress	2026-04-16	4.3 Medium
The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
CVE-2026-28083	2 Uxthemes, Wordpress	2 Flatsome, Wordpress	2026-04-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through <= 3.20.1.
CVE-2026-22389	2 Mikado-themes, Wordpress	2 Cocco, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects Cocco: from n/a through <= 1.5.1.
CVE-2026-22390	2 Builderall, Wordpress	2 Builder For Wordpress, Wordpress	2026-04-16	9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.
CVE-2026-22394	2 Mikado-themes, Wordpress	2 Evently, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Evently evently allows PHP Local File Inclusion.This issue affects Evently: from n/a through <= 1.7.
CVE-2026-22405	2 Mikado-themes, Wordpress	2 Overton, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Overton overton allows PHP Local File Inclusion.This issue affects Overton: from n/a through <= 1.3.
CVE-2026-22408	2 Mikado-themes, Wordpress	2 Justicia, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Justicia justicia allows PHP Local File Inclusion.This issue affects Justicia: from n/a through <= 1.2.
CVE-2026-22412	2 Mikado-themes, Wordpress	2 Eona, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Eona eona allows PHP Local File Inclusion.This issue affects Eona: from n/a through <= 1.3.
CVE-2026-22413	2 Mikado-themes, Wordpress	2 Malgré, Wordpress	2026-04-16	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Malgré malgre allows PHP Local File Inclusion.This issue affects Malgré: from n/a through <= 1.0.3.

« first previous Page 94 of 599. next last »