Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 12199 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12199 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-67623	1 Wordpress	1 Wordpress	2026-04-27	5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through <= 2.22.0.
CVE-2025-60052	1 Wordpress	1 Wordpress	2026-04-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes W&D wd allows PHP Local File Inclusion.This issue affects W&D: from n/a through <= 1.0.
CVE-2025-60054	1 Wordpress	1 Wordpress	2026-04-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes OnLeash onleash allows PHP Local File Inclusion.This issue affects OnLeash: from n/a through <= 1.5.2.
CVE-2025-60076	2 Jbhovik, Wordpress	2 Ray Enterprise Translation, Wordpress	2026-04-27	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows PHP Local File Inclusion.This issue affects Ray Enterprise Translation: from n/a through <= 1.7.1.
CVE-2025-62053	2 Favethemes, Wordpress	2 Houzez, Wordpress	2026-04-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez.This issue affects Houzez: from n/a through < 4.2.0.
CVE-2025-62062	1 Wordpress	1 Wordpress	2026-04-27	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Retrieve Embedded Sensitive Data.This issue affects Easy Post Submission: from n/a through <= 1.7.0.
CVE-2025-62066	1 Wordpress	1 Wordpress	2026-04-27	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Revolution revolution.This issue affects Revolution: from n/a through < 2.5.8.
CVE-2025-62067	1 Wordpress	1 Wordpress	2026-04-27	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through <= 2.5.
CVE-2025-62106	2 Mario Peshev, Wordpress	2 Wp-crm-system, Wordpress	2026-04-27	5.4 Medium
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5.
CVE-2025-62889	3 Elementor, Kingaddons, Wordpress	3 Elementor, King Addons For Elementor, Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects King Addons for Elementor: from n/a through <= 51.1.61.
CVE-2025-62890	2 Premmerce, Wordpress	2 Brands For Woocommerce, Wordpress	2026-04-27	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Brands for WooCommerce premmerce-woocommerce-brands allows Cross Site Request Forgery.This issue affects Premmerce Brands for WooCommerce: from n/a through <= 1.2.13.
CVE-2025-62891	1 Wordpress	1 Wordpress	2026-04-27	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows Cross Site Request Forgery.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through <= 0.5.8.5.
CVE-2025-62892	2 Sunshinephotocart, Wordpress	2 Sunshine Photo Cart, Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.3.
CVE-2025-62896	1 Wordpress	1 Wordpress	2026-04-27	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Stored XSS.This issue affects Multilang Contact Form: from n/a through <= 1.5.
CVE-2025-62918	1 Wordpress	1 Wordpress	2026-04-27	5.4 Medium
Missing Authorization vulnerability in ignitionwp IgnitionDeck ignitiondeck allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IgnitionDeck: from n/a through <= 2.0.15.
CVE-2025-62919	1 Wordpress	1 Wordpress	2026-04-27	5.4 Medium
Missing Authorization vulnerability in themeshopy TS Demo Importer ts-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Demo Importer: from n/a through <= 0.1.3.
CVE-2025-62922	1 Wordpress	1 Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in Shambhu Patnaik Export Categories export-categories allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export Categories: from n/a through <= 1.0.
CVE-2025-67582	1 Wordpress	1 Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in wbcomdesigns Wbcom Designs lock-my-bp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wbcom Designs: from n/a through <= 2.1.1.
CVE-2025-67566	2 Wofficeio, Wordpress	2 Woffice Core, Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.
CVE-2025-67535	2 Weplugins, Wordpress	2 Wp Maps, Wordpress	2026-04-27	6.6 Medium
Deserialization of Untrusted Data vulnerability in Flipper Code - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through <= 4.8.6.

« first previous Page 77 of 610. next last »