Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 12746 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12746 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-64219	2 Strategy11, Wordpress	2 Business Directory Plugin - Easy Listing Directories, Wordpress	2026-04-15	4.3 Medium
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18.
CVE-2025-64218	2 Wordpress, Wpchill	2 Wordpress, Passster	2026-04-15	7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through <= 4.2.19.
CVE-2025-64216	2 Themesphere, Wordpress	2 Smartmag, Wordpress	2026-04-15	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeSphere SmartMag smart-mag allows PHP Local File Inclusion.This issue affects SmartMag: from n/a through <= 10.3.0.
CVE-2025-64210	2 Stylemixthemes, Wordpress	2 Masterstudy Elementor Widgets, Wordpress	2026-04-15	5.4 Medium
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through <= 1.2.4.
CVE-2025-64208	2 Tielabs, Wordpress	2 Jannah, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Jannah - Extensions jannah-extensions allows DOM-Based XSS.This issue affects Jannah - Extensions: from n/a through <= 1.1.4.
CVE-2025-64204	2 Themesphere, Wordpress	2 Smartmag, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeSphere SmartMag smart-mag allows Stored XSS.This issue affects SmartMag: from n/a through <= 10.3.1.
CVE-2025-64202	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through < 5.8.6.
CVE-2025-66090	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar skt-skill-bar allows DOM-Based XSS.This issue affects SKT Skill Bar: from n/a through <= 2.5.
CVE-2025-66091	2 Design, Wordpress	2 Stylish Cost Calculator, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows DOM-Based XSS.This issue affects Stylish Cost Calculator: from n/a through <= 8.1.5.
CVE-2025-66092	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bqworks Accordion Slider accordion-slider allows Stored XSS.This issue affects Accordion Slider: from n/a through <= 1.9.13.
CVE-2025-66093	2 Hupe13, Wordpress	2 Extensions For Leaflet Map, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through <= 4.8.
CVE-2025-64200	3 Villatheme, Woocommerce, Wordpress	3 Woocommerce Email Template Customizer, Woocommerce, Wordpress	2026-04-15	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through <= 1.2.17.
CVE-2025-64197	2 Sizam Design, Wordpress	2 Rehub, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam Rehub rehub-theme allows Stored XSS.This issue affects Rehub: from n/a through < 19.9.9.1.
CVE-2025-64195	2 Thimpress, Wordpress	2 Eduma, Wordpress	2026-04-15	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Eduma eduma allows PHP Local File Inclusion.This issue affects Eduma: from n/a through <= 5.7.6.
CVE-2025-66098	1 Wordpress	1 Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Camille V Travelers' Map travelers-map allows Stored XSS.This issue affects Travelers' Map: from n/a through <= 2.3.2.
CVE-2025-66099	1 Wordpress	1 Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through <= 3.1.3.
CVE-2025-64194	2 Thimpress, Wordpress	2 Eduma, Wordpress	2026-04-15	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Eduma eduma allows Stored XSS.This issue affects Eduma: from n/a through <= 5.7.6.
CVE-2025-66102	1 Wordpress	1 Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Antispam fv-antispam allows Reflected XSS.This issue affects FV Antispam: from n/a through <= 2.7.
CVE-2025-64198	2 Appscreo, Wordpress	2 Easy Social Share Buttons, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in appscreo Easy Social Share Buttons easy-social-share-buttons3 allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through < 10.7.1.
CVE-2025-66107	2 Scott Paterson, Wordpress	2 Subscriptions & Memberships For Paypal, Wordpress	2026-04-15	5.3 Medium
Missing Authorization vulnerability in Scott Paterson Subscriptions & Memberships for PayPal subscriptions-memberships-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscriptions & Memberships for PayPal: from n/a through <= 1.1.7.

« first previous Page 539 of 638. next last »