Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 10091 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10091 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-25399	2 Cryoutcreations, Wordpress	2 Serious Slider, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: from n/a through <= 1.2.7.
CVE-2026-25402	2 Echoplugins, Wordpress	2 Knowledge Base For Documentation, Faqs With Ai Assistance, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through <= 16.011.0.
CVE-2026-25404	2 Automattic, Wordpress	2 Wp Job Manager, Wordpress	2026-02-20	N/A
Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.0.
CVE-2026-25407	2 Cookiebot, Wordpress	2 Cookiebot, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.
CVE-2026-25408	2 Pluginrx, Wordpress	2 Broken Link Notifier, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifier: from n/a through <= 1.3.5.
CVE-2026-25409	2 Crgeary, Wordpress	2 Jamstack Deployments, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deployments: from n/a through <= 1.1.1.
CVE-2026-25410	2 Tstephenson, Wordpress	2 Wp-cors, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2.
CVE-2026-25411	2 Themastercut, Wordpress	2 Revision Manager Tmc, Wordpress	2026-02-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in themastercut Revision Manager TMC revision-manager-tmc allows Cross Site Request Forgery.This issue affects Revision Manager TMC: from n/a through <= 2.8.22.
CVE-2026-25415	2 Iqonicdesign, Wordpress	2 Wpbookit Pro, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through <= 1.6.18.
CVE-2026-25416	2 Blazethemes, Wordpress	2 News Kit Elementor Addons, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through <= 1.4.2.
CVE-2026-25418	2 Bitpressadmin, Wordpress	2 Bit Form, Wordpress	2026-02-20	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.21.10.
CVE-2026-25419	2 Flycart, Wordpress	2 Upsellwp, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.3.
CVE-2026-25422	2 Themes4wp, Wordpress	2 Popularis Extra, Wordpress	2026-02-20	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through <= 1.2.10.
CVE-2026-25423	2 Creativeinteractivemedia, Wordpress	2 Real3d Flipbook, Wordpress	2026-02-20	3.8 Low
Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3D FlipBook: from n/a through <= 4.16.4.
CVE-2026-25428	2 Total-soft, Wordpress	2 Ts Poll, Wordpress	2026-02-20	4.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.
CVE-2026-25432	2 Omnipressteam, Wordpress	2 Omnipress, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through <= 1.6.7.
CVE-2026-25441	2 Leadconnector, Wordpress	2 Leadconnector, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in LeadConnector LeadConnector leadconnector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LeadConnector: from n/a through <= 3.0.21.
CVE-2026-25459	2 Uixthemes, Wordpress	2 Sober, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in uixthemes Sober sober allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sober: from n/a through <= 3.5.12.
CVE-2026-25463	2 Wordpress, Wpestate	2 Wordpress, Wpresidence Core	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate Wpresidence Core wpresidence-core allows Stored XSS.This issue affects Wpresidence Core: from n/a through <= 5.4.0.
CVE-2026-25473	2 Aa-team, Wordpress	2 Wzone, Wordpress	2026-02-20	5.4 Medium
Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.

« first previous Page 6 of 505. next last »