Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 11174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11174 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-25343	2 Veronalabs, Wordpress	2 Wp Sms, Wordpress	2026-02-20	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through <= 7.1.
CVE-2026-25330	2 Publishpress, Wordpress	2 Publishpress Authors, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.
CVE-2026-25326	2 Cmsmasters, Wordpress	2 Cmsmasters Content Composer, Wordpress	2026-02-20	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through <= 1.4.5.
CVE-2026-25324	2 Expresstech, Wordpress	2 Quiz And Survey Master, Wordpress	2026-02-20	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.
CVE-2026-25322	2 Publishpress, Wordpress	2 Publishpress Revisions, Wordpress	2026-02-20	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through <= 3.7.22.
CVE-2026-25315	2 Hcaptcha, Wordpress	2 Hcaptcha For Wp, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.22.0.
CVE-2026-25313	2 Shahjahan Jewel, Wordpress	2 Fluentform, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <= 6.1.14.
CVE-2026-25307	2 8theme, Wordpress	2 Xstore Core, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.7.
CVE-2026-25008	2 Shahjahan Jewel, Wordpress	2 Ninja Tables, Wordpress	2026-02-20	4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5.
CVE-2026-2384	2 Ays-pro, Wordpress	2 Quiz Maker, Wordpress	2026-02-20	6.4 Medium
The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `vc_quizmaker` shortcode in all versions up to, and including, 6.7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This vulnerability requires WPBakery Page Builder to be installed and active
CVE-2026-27059	2 Pencidesign, Wordpress	2 Penci Recipe, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n/a through <= 4.1.
CVE-2026-27057	2 Pencidesign, Wordpress	2 Penci Filter Everything, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Filter Everything penci-filter-everything allows Stored XSS.This issue affects Penci Filter Everything: from n/a through <= 1.7.
CVE-2026-25472	2 Themefusion, Wordpress	2 Fusion Builder, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Stored XSS.This issue affects Fusion Builder: from n/a through <= 3.14.3.
CVE-2026-25451	2 Bold-themes, Wordpress	2 Bold Page Builder, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through <= 5.6.4.
CVE-2026-25420	2 Mailerlite, Wordpress	2 Mailerlite, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through <= 1.7.18.
CVE-2026-25388	2 Scripteo, Wordpress	2 Ads Pro, Wordpress	2026-02-20	5.4 Medium
Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0.
CVE-2026-25364	2 Boldgrid, Wordpress	2 Client Invoicing By Sprout Invoices, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.8.
CVE-2026-27094	2 Godaddy, Wordpress	2 Coblocks, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoDaddy CoBlocks coblocks allows Stored XSS.This issue affects CoBlocks: from n/a through <= 3.1.16.
CVE-2026-27069	2 Pencidesign, Wordpress	2 Soledad, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8.7.2.
CVE-2026-27328	2 Devsblink, Wordpress	2 Edublink, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through <= 2.0.7.

« first previous Page 56 of 559. next last »