Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 12044 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12044 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22439	2 Ancorathemes, Wordpress	2 Green Planet, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Green Planet green-planet allows PHP Local File Inclusion.This issue affects Green Planet: from n/a through <= 1.1.14.
CVE-2026-22440	2 Foreverpinetree, Wordpress	2 Thecs, Wordpress	2026-04-22	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree Thecs thecs allows Reflected XSS.This issue affects Thecs: from n/a through <= 1.4.7.
CVE-2026-22449	2 Select-themes, Wordpress	2 Don Peppe, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Don Peppe donpeppe allows PHP Local File Inclusion.This issue affects Don Peppe: from n/a through <= 1.3.
CVE-2026-22465	2 Seventhqueen, Wordpress	2 Buddyapp, Wordpress	2026-04-22	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen BuddyApp buddyapp allows Reflected XSS.This issue affects BuddyApp: from n/a through <= 1.9.2.
CVE-2026-22474	2 Themerex, Wordpress	2 Equestrian Centre, Wordpress	2026-04-22	9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5.
CVE-2026-22475	2 Axiomthemes, Wordpress	2 Estate, Wordpress	2026-04-22	9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4.
CVE-2026-27097	2 Ancorathemes, Wordpress	2 Casamia \| Property Rental Real Estate Wordpress Theme, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CasaMia \| Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue affects CasaMia \| Property Rental Real Estate WordPress Theme: from n/a through <= 1.1.2.
CVE-2026-27339	2 Ancorathemes, Wordpress	2 Buzz Stone \| Magazine & Viral Blog Wordpress Theme, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Buzz Stone \| Magazine & Viral Blog WordPress Theme buzzstone allows PHP Local File Inclusion.This issue affects Buzz Stone \| Magazine & Viral Blog WordPress Theme: from n/a through <= 1.0.2.
CVE-2026-27340	2 Ancorathemes, Wordpress	2 Apollo \| Night Club, Dj Event Wordpress Theme, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Apollo \| Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects Apollo \| Night Club, DJ Event WordPress Theme: from n/a through <= 1.3.1.
CVE-2026-27341	2 Mikado-themes, Wordpress	2 Topscorer - Sports Wordpress Theme, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through <= 1.2.
CVE-2026-27363	2 Kamleshyadav, Wordpress	2 Wp Bakery Autoresponder Addon, Wordpress	2026-04-22	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Stored XSS.This issue affects WP Bakery Autoresponder Addon: from n/a through <= 1.0.6.
CVE-2026-27374	2 Vanquish, Wordpress	2 Woocommerce Order Details, Wordpress	2026-04-22	7.5 High
Missing Authorization vulnerability in vanquish WooCommerce Order Details woocommerce-order-details allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Order Details: from n/a through <= 3.1.
CVE-2026-27375	2 Janstudio, Wordpress	2 Gecko, Wordpress	2026-04-22	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through <= 1.9.8.
CVE-2026-27384	2 Boldgrid, Wordpress	2 W3 Total Cache, Wordpress	2026-04-22	9 Critical
Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1.
CVE-2026-27385	2 Designthemes, Wordpress	2 Designthemes Portfolio, Wordpress	2026-04-22	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio designthemes-portfolio allows Reflected XSS.This issue affects DesignThemes Portfolio: from n/a through <= 1.3.
CVE-2026-27388	2 Designthemes, Wordpress	2 Designthemes Booking Manager, Wordpress	2026-04-22	7.5 High
Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Booking Manager: from n/a through <= 2.0.
CVE-2026-27390	2 Designthemes, Wordpress	2 Wedesigntech Ultimate Booking Addon, Wordpress	2026-04-22	8.8 High
Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1.
CVE-2026-27437	2 Themerex, Wordpress	2 Tennis Club, Wordpress	2026-04-22	9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through <= 1.2.3.
CVE-2026-27983	2 Designthemes, Wordpress	2 Lms Elementor Pro, Wordpress	2026-04-22	9.8 Critical
Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through <= 1.0.4.
CVE-2026-27987	2 Themerex, Wordpress	2 The Qlean, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX The Qlean the-qlean allows PHP Local File Inclusion.This issue affects The Qlean: from n/a through <= 2.12.

« first previous Page 320 of 603. next last »