Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11174 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-32403	2 Toocheke, Wordpress	2 Toocheke Companion, Wordpress	2026-03-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through <= 1.194.
CVE-2026-32404	2 Studio99, Wordpress	2 Studio99 Wp Monitor, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: from n/a through <= 1.0.3.
CVE-2026-32407	2 Wordpress, Wpclever	2 Wordpress, Wpc Smart Wishlist For Woocommerce	2026-03-16	4.3 Medium
Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8.
CVE-2026-32409	2 Wordpress, Wpmu Dev - Your All-in-one Wordpress Platform	2 Wordpress, Forminator	2026-03-16	5.3 Medium
Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Forminator: from n/a through <= 1.50.2.
CVE-2026-32410	2 Woobewoo, Wordpress	2 Wbw Currency Switcher For Woocommerce, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in WBW Plugins WBW Currency Switcher for WooCommerce woo-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WBW Currency Switcher for WooCommerce: from n/a through <= 2.2.5.
CVE-2026-32411	2 Simpma, Wordpress	2 Embed Calendly, Wordpress	2026-03-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendly: from n/a through <= 4.4.
CVE-2026-32412	2 Giftup, Wordpress	2 Gift Up Gift Cards For Wordpress And Woocommerce, Wordpress	2026-03-16	5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through <= 3.1.7.
CVE-2026-32414	2 Illid, Wordpress	2 Advanced Woo Labels, Wordpress	2026-03-16	7.2 High
Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through <= 2.36.
CVE-2026-32416	2 Bplugins, Wordpress	2 Pdf Poster, Wordpress	2026-03-16	5.4 Medium
Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.
CVE-2026-32417	2 Wordpress, Wppochipp	2 Wordpress, Pochipp	2026-03-16	5.4 Medium
Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through < 1.18.9.
CVE-2026-32418	2 Jordy Meow, Wordpress	2 Meow Gallery, Wordpress	2026-03-16	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.
CVE-2026-32421	2 Agilelogix, Wordpress	2 Post Timeline, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1.
CVE-2026-32422	2 Levelfourdevelopment, Wordpress	2 Wp-easycart, Wordpress	2026-03-16	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
CVE-2026-32423	2 Bowo, Wordpress	2 Admin And Site Enhancements Ase, Wordpress	2026-03-16	5.4 Medium
Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.4.0.
CVE-2026-32424	2 Boldgrid, Wordpress	2 Sprout Clients, Wordpress	2026-03-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n/a through <= 3.2.2.
CVE-2026-32425	2 Linknacional, Wordpress	2 Payment Gateway Pix For Givewp, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Pix For GiveWP: from n/a through <= 2.2.3.
CVE-2026-32426	2 Themelexus, Wordpress	2 Medilazar Core, Wordpress	2026-03-16	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through < 1.4.7.
CVE-2026-32428	2 Ays-pro, Wordpress	2 Popup Like Box, Wordpress	2026-03-16	5.3 Medium
Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through <= 3.7.7.
CVE-2026-32429	2 Noor Alam, Wordpress	2 Magical Addons For Elementor, Wordpress	2026-03-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through <= 1.4.1.
CVE-2026-32433	2 Codepeople, Wordpress	2 Cp Contact Form With Paypal, Wordpress	2026-03-16	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through <= 1.3.61.

« first previous Page 20 of 559. next last »