Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 12046 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12046 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-32419	2 Fernandobriano, Wordpress	2 List Category Posts, Wordpress	2026-04-22	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through <= 0.93.1.
CVE-2026-32377	2 Raratheme, Wordpress	2 Pranayama Yoga, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through <= 1.2.2.
CVE-2026-32362	2 Activity-log.com, Wordpress	2 Wp Sessions Time Monitoring Full Automatic, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.1.3.
CVE-2026-32355	2 Crocoblock, Wordpress	2 Jetengine, Wordpress	2026-04-22	8.8 High
Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.
CVE-2026-32422	2 Levelfourdevelopment, Wordpress	2 Wp-easycart, Wordpress	2026-04-22	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
CVE-2026-32396	2 Radiustheme, Wordpress	2 Team, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.13.
CVE-2026-32348	2 Madrasthemes, Wordpress	2 Mas Videos, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3.2.
CVE-2026-32379	2 Raratheme, Wordpress	2 Rara Academic, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in raratheme Rara Academic rara-academic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rara Academic: from n/a through <= 1.2.2.
CVE-2026-31922	2 Ays-pro, Wordpress	2 Fox Lms, Wordpress	2026-04-22	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3.
CVE-2026-4063	2 Wordpress, Wpzoom	2 Wordpress, Social Icons Widget & Block – Social Media Icons & Share Buttons	2026-04-22	4.3 Medium
The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up to, and including, 4.5.8. This is due to the method performing wp_insert_post() and update_post_meta() calls to create a sharing configuration without verifying the current user has administrator-level capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the creation of a published wpzoom-sharing configuration post with default sharing button settings, which causes social sharing buttons to be automatically injected into all post content on the frontend via the the_content filter.
CVE-2026-32344	2 Desertthemes, Wordpress	2 Corpiva, Wordpress	2026-04-22	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in desertthemes Corpiva corpiva allows Cross Site Request Forgery.This issue affects Corpiva: from n/a through <= 1.0.96.
CVE-2026-32397	2 Wordpress, Ymc-22	2 Wordpress, Filter & Grids	2026-04-22	5.3 Medium
Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <= 3.5.1.
CVE-2026-32404	2 Studio99, Wordpress	2 Studio99 Wp Monitor, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3.
CVE-2026-32457	2 Wombat Plugins, Wordpress	2 Advanced Product Fields Product Addons For Woocommerce, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields (Product Addons) for WooCommerce: from n/a through <= 1.6.18.
CVE-2026-32335	2 Rarathemes, Wordpress	2 The Conference, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5.
CVE-2026-32334	2 Rarathemes, Wordpress	2 Jobscout, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in raratheme JobScout jobscout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobScout: from n/a through <= 1.1.7.
CVE-2026-32332	2 Ays-pro, Wordpress	2 Easy Form, Wordpress	2026-04-22	5.3 Medium
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.9.
CVE-2026-32424	2 Boldgrid, Wordpress	2 Sprout Clients, Wordpress	2026-04-22	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through <= 3.2.2.
CVE-2026-32458	2 Realmag777, Wordpress	2 Wolf, Wordpress	2026-04-22	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.
CVE-2026-32330	2 10web, Wordpress	2 Photo Gallery, Wordpress	2026-04-22	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.

« first previous Page 309 of 603. next last »