Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11934 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11934 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-28997	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword wp-autokeyword allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP AutoKeyword: from n/a through <= 1.0.
CVE-2025-28995	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through <= 3.8.1.
CVE-2025-28994	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in viralloops Viral Loops WP Integration viral-loops-wp-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Loops WP Integration: from n/a through <= 3.8.1.
CVE-2025-28990	1 Wordpress	1 Wordpress	2026-04-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Vicky snsvicky allows PHP Local File Inclusion.This issue affects SNS Vicky: from n/a through <= 3.7.
CVE-2025-28989	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arildur Read More Login read-more-login allows Stored XSS.This issue affects Read More Login: from n/a through <= 2.0.3.
CVE-2025-28988	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor front-editor allows Reflected XSS.This issue affects WP Front User Submit / Front Editor: from n/a through <= 4.9.3.
CVE-2025-28987	2 Pressforward, Wordpress	2 Pressforward, Wordpress	2026-04-23	6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through <= 5.9.5.
CVE-2025-28986	1 Wordpress	1 Wordpress	2026-04-23	8.2 High
Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin epicwin-subscribers allows SQL Injection.This issue affects Epicwin Plugin: from n/a through <= 1.5.
CVE-2025-28980	1 Wordpress	1 Wordpress	2026-04-23	7.7 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in machouinard Aviation Weather from NOAA aviation-weather-from-noaa allows Path Traversal.This issue affects Aviation Weather from NOAA: from n/a through <= 0.7.2.
CVE-2025-28978	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hung Trang Si SB Breadcrumbs sb-breadcrumbs allows Reflected XSS.This issue affects SB Breadcrumbs: from n/a through <= 1.0.
CVE-2025-28975	2 Redqteam, Wordpress	2 Alike Wordpress Custom Post Comparison, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison alike allows Reflected XSS.This issue affects Alike - WordPress Custom Post Comparison: from n/a through <= 3.0.1.
CVE-2025-28971	1 Wordpress	1 Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CWD Web Designer Easy Elements Hider easy-elements-hider allows Stored XSS.This issue affects Easy Elements Hider: from n/a through <= 2.0.
CVE-2025-28970	1 Wordpress	1 Wordpress	2026-04-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through <= 5.1.6.
CVE-2025-28968	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac WP Wall wp-wall allows Reflected XSS.This issue affects WP Wall: from n/a through <= 1.7.3.
CVE-2025-28965	1 Wordpress	1 Wordpress	2026-04-23	8.6 High
Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects URL Shortener: from n/a through <= 3.0.7.
CVE-2025-28964	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon personal-favicon allows Stored XSS.This issue affects Personal Favicon: from n/a through <= 2.0.
CVE-2025-28963	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Server Side Request Forgery.This issue affects URL Shortener: from n/a through <= 3.0.7.
CVE-2025-28962	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics advanced-google-universal-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Universal Analytics: from n/a through <= 1.0.3.
CVE-2025-28961	1 Wordpress	1 Wordpress	2026-04-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Object Injection.This issue affects URL Shortener: from n/a through <= 3.0.7.
CVE-2025-28960	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regibaer Evangelische Termine evangtermine allows Reflected XSS.This issue affects Evangelische Termine: from n/a through <= 3.3.

« first previous Page 215 of 597. next last »