Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12767 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22457	2 Mikado-themes, Wordpress	2 Wanderland, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.5.
CVE-2026-22501	2 Axiomthemes, Wordpress	2 Mounthood, Wordpress	2026-04-22	9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2.
CVE-2026-22456	2 Elated-themes, Wordpress	2 Askka, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Askka askka allows PHP Local File Inclusion.This issue affects Askka: from n/a through <= 1.0.
CVE-2026-22418	2 Ancorathemes, Wordpress	2 Great Lotus, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Great Lotus great-lotus allows PHP Local File Inclusion.This issue affects Great Lotus: from n/a through <= 1.3.1.
CVE-2026-23798	2 Blubrry, Wordpress	2 Powerpress Podcasting, Wordpress	2026-04-22	8.8 High
Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10.
CVE-2026-22478	2 Elated Themes, Wordpress	2 Findall, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes FindAll findall allows PHP Local File Inclusion.This issue affects FindAll: from n/a through <= 1.4.
CVE-2026-22477	2 Ancorathemes, Wordpress	2 Felizia, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Felizia felizia allows PHP Local File Inclusion.This issue affects Felizia: from n/a through <= 1.3.4.
CVE-2026-22476	2 Elated-themes, Wordpress	2 Etchy, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Etchy etchy allows PHP Local File Inclusion.This issue affects Etchy: from n/a through <= 1.0.
CVE-2026-22475	2 Axiomthemes, Wordpress	2 Estate, Wordpress	2026-04-22	9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4.
CVE-2026-22474	2 Themerex, Wordpress	2 Equestrian Centre, Wordpress	2026-04-22	9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5.
CVE-2026-22473	2 Designthemes, Wordpress	2 Dental Clinic, Wordpress	2026-04-22	8.8 High
Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7.
CVE-2026-22467	2 Mwtemplates, Wordpress	2 Deepdigital, Wordpress	2026-04-22	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mwtemplates DeepDigital deepdigital allows Reflected XSS.This issue affects DeepDigital: from n/a through <= 1.0.2.
CVE-2026-22465	2 Seventhqueen, Wordpress	2 Buddyapp, Wordpress	2026-04-22	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen BuddyApp buddyapp allows Reflected XSS.This issue affects BuddyApp: from n/a through <= 1.9.2.
CVE-2026-22455	2 Foreverpinetree, Wordpress	2 Thebe, Wordpress	2026-04-22	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree Thebe thebe allows Reflected XSS.This issue affects Thebe: from n/a through <= 1.3.0.
CVE-2026-22441	2 Elated-themes, Wordpress	2 Zentrum, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Zentrum zentrum allows PHP Local File Inclusion.This issue affects Zentrum: from n/a through <= 1.0.
CVE-2026-22437	2 Ancorathemes, Wordpress	2 Playa, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Playa playa allows PHP Local File Inclusion.This issue affects Playa: from n/a through <= 1.3.9.
CVE-2026-22436	2 Elated-themes, Wordpress	2 Helvig, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Helvig helvig allows PHP Local File Inclusion.This issue affects Helvig: from n/a through <= 1.0.
CVE-2026-22435	2 Ancorathemes, Wordpress	2 Electroserv, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ElectroServ electroserv allows PHP Local File Inclusion.This issue affects ElectroServ: from n/a through <= 1.3.2.
CVE-2026-22434	2 Ancorathemes, Wordpress	2 Crown Art, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Crown Art crown-art allows PHP Local File Inclusion.This issue affects Crown Art: from n/a through <= 1.2.11.
CVE-2026-22433	2 Ancorathemes, Wordpress	2 Cloudme, Wordpress	2026-04-22	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CloudMe cloudme allows PHP Local File Inclusion.This issue affects CloudMe: from n/a through <= 1.2.2.

« first previous Page 373 of 639. next last »