Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12197 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-33598	2 Twinpictures, Wordpress	2 Annual Archive, Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0.
CVE-2024-33573	1 Wordpress	1 Wordpress	2026-04-28	4.3 Medium
Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1.
CVE-2024-33548	2 Aa-team, Wordpress	2 Wzone, Wordpress	2026-04-28	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team WZone allows Reflected XSS.This issue affects WZone: from n/a through 14.0.10.
CVE-2024-33546	2 Aa-team, Wordpress	2 Wzone, Wordpress	2026-04-28	9.6 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10.
CVE-2024-33544	2 Aa-team, Wordpress	2 Wzone, Wordpress	2026-04-28	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10.
CVE-2024-33537	2 Themehorse, Wordpress	2 Wp Portfolio, Wordpress	2026-04-28	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Horse WP Portfolio allows Stored XSS.This issue affects WP Portfolio: from n/a through 2.4.
CVE-2024-33538	1 Wordpress	1 Wordpress	2026-04-28	5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through 1.4.9.1.
CVE-2024-33540	1 Wordpress	1 Wordpress	2026-04-28	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill ColorNews allows Stored XSS.This issue affects ColorNews: from n/a through 1.2.6.
CVE-2024-32954	2 Tribulant, Wordpress	2 Newsletters, Wordpress	2026-04-28	9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5.
CVE-2024-32833	1 Wordpress	1 Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick Halsey List Custom Taxonomy Widget allows Stored XSS.This issue affects List Custom Taxonomy Widget: from n/a through 4.1.
CVE-2024-32951	1 Wordpress	1 Wordpress	2026-04-28	6.5 Medium
Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.
CVE-2024-32819	1 Wordpress	1 Wordpress	2026-04-28	4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue affects Culqi: from n/a through 3.0.14.
CVE-2024-32831	1 Wordpress	1 Wordpress	2026-04-28	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lorna Timbah (webgrrrl) Accessibility Widget allows Stored XSS.This issue affects Accessibility Widget: from n/a through 2.2.
CVE-2024-32828	1 Wordpress	1 Wordpress	2026-04-28	4.3 Medium
Missing Authorization vulnerability in Octolize Flexible Shipping.This issue affects Flexible Shipping: from n/a through 4.24.15.
CVE-2024-32784	1 Wordpress	1 Wordpress	2026-04-28	4.3 Medium
Missing Authorization vulnerability in CookieHub.This issue affects CookieHub: from n/a through 1.1.0.
CVE-2024-32728	2 Cozmoslabs, Wordpress	2 Paid Member Subscriptions, Wordpress	2026-04-28	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0.
CVE-2024-32724	1 Wordpress	1 Wordpress	2026-04-28	7.5 High
Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1.
CVE-2024-32722	1 Wordpress	1 Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5.
CVE-2024-32708	2 Helderk, Wordpress	2 Maintenance Mode, Wordpress	2026-04-28	3.7 Low
Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality Bypass.This issue affects Maintenance Mode: from n/a through 3.0.1.
CVE-2024-32688	1 Wordpress	1 Wordpress	2026-04-28	6.5 Medium
Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0.

« first previous Page 54 of 610. next last »