Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 12818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12818 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-52759	2 Unboundstudio, Wordpress	2 Accordion Faq, Wordpress	2026-06-02	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1.
CVE-2025-52766	2 Printeers, Wordpress	2 Printeers Print & Ship, Wordpress	2026-06-02	6.5 Medium
Missing Authorization vulnerability in Printeers Printeers Print & Ship allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printeers Print & Ship: from n/a through 1.17.0.
CVE-2025-53209	2 Themeisle, Wordpress	2 Masteriyo Lms Pro, Wordpress	2026-06-02	9.8 Critical
Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0.
CVE-2025-53302	2 Anton Shevchuk, Wordpress	2 Constructor, Wordpress	2026-06-02	5.3 Medium
Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5.
CVE-2025-53345	2 Thimpress, Wordpress	2 Thim Core, Wordpress	2026-06-02	8.8 High
Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3.
CVE-2025-53346	2 Thimpress, Wordpress	2 Thim Core, Wordpress	2026-06-02	4.3 Medium
Missing Authorization vulnerability in ThimPress Thim Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Core: from n/a through 2.3.3.
CVE-2025-53440	2 Axiomthemes, Wordpress	2 Confidant, Wordpress	2026-06-02	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4.
CVE-2025-58024	2 Unboundstudio, Wordpress	2 Accordion Faq, Wordpress	2026-06-02	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1.
CVE-2025-58705	2 Axiomthemes, Wordpress	2 Crafti, Wordpress	2026-06-02	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Crafti allows PHP Local File Inclusion. This issue affects Crafti: from n/a through 1.12.
CVE-2026-42670	2 Etoile Web Design Incorporated, Wordpress	2 Five Star Restaurant Reservations, Wordpress	2026-06-02	7.5 High
Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from n/a through 2.7.14.
CVE-2026-42684	2 Ahmad, Wordpress	2 Wp Job Portal, Wordpress	2026-06-02	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1.
CVE-2026-42685	2 Ahmad, Wordpress	2 Wp Job Portal, Wordpress	2026-06-02	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1.
CVE-2026-39550	2 Elated-themes, Wordpress	2 Aperitif, Wordpress	2026-06-02	8.1 High
Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6.
CVE-2026-39551	2 Elated-themes, Wordpress	2 Töbel, Wordpress	2026-06-02	8.1 High
Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1.
CVE-2026-39552	2 Code Supply Co., Wordpress	2 Blueprint, Wordpress	2026-06-02	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5.
CVE-2026-39553	2 Select-themes, Wordpress	2 Waveride, Wordpress	2026-06-02	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4.
CVE-2025-58707	2 Axiomthemes, Wordpress	2 Spin, Wordpress	2026-06-02	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8.
CVE-2025-58897	2 Axiomthemes, Wordpress	2 Fermentio, Wordpress	2026-06-02	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0.
CVE-2025-69369	2 Axiomthemes, Wordpress	2 Racquet, Wordpress	2026-06-02	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0.
CVE-2025-68886	2 Androthemes, Wordpress	2 Cookiteer, Wordpress	2026-06-02	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8.

« first previous Page 9 of 641. next last »