Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 18612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12271 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-22645	1 Wordpress	1 Wordpress	2026-04-29	5.3 Medium
Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Password Brute Forcing.This issue affects Real Estate Manager: from n/a through <= 7.3.
CVE-2025-23432	1 Wordpress	1 Wordpress	2026-04-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlTi5 AlT Report alt-report allows Reflected XSS.This issue affects AlT Report: from n/a through <= 1.12.0.
CVE-2025-22711	1 Wordpress	1 Wordpress	2026-04-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Maier Image Source Control image-source-control-isc allows Reflected XSS.This issue affects Image Source Control: from n/a through <= 2.29.0.
CVE-2024-54279	1 Wordpress	1 Wordpress	2026-04-29	7.5 High
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tobias Keller WP-NERD Toolkit wp-nerd-toolkit.This issue affects WP-NERD Toolkit: from n/a through <= 1.1.
CVE-2024-56000	1 Wordpress	1 Wordpress	2026-04-29	9.8 Critical
Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.This issue affects K Elements: from n/a through < 5.4.0.
CVE-2024-49316	1 Wordpress	1 Wordpress	2026-04-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zodiac Akismet htaccess writer akismet-htaccess-writer allows Reflected XSS.This issue affects Akismet htaccess writer: from n/a through <= 1.0.1.
CVE-2024-49246	1 Wordpress	1 Wordpress	2026-04-29	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login ajax-rating-with-custom-login allows SQL Injection.This issue affects Ajax Rating with Custom Login: from n/a through <= 1.1.
CVE-2024-37927	2 Nootheme, Wordpress	2 Jobmonster, Wordpress	2026-04-29	9.8 Critical
Incorrect Privilege Assignment vulnerability in NooTheme Jobmonster noo-jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through <= 4.7.5.
CVE-2023-49859	1 Wordpress	1 Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in Marcus (aka @msykes) Login With Ajax login-with-ajax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login With Ajax: from n/a through <= 4.1.
CVE-2023-49754	1 Wordpress	1 Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in Yogesh Pawar Bulk Edit Post Titles bulk-edit-post-titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Post Titles: from n/a through <= 5.0.0.
CVE-2023-49858	1 Wordpress	1 Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in Austin Custom Login custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login: from n/a through <= 4.1.0.
CVE-2023-48758	2 Crocoblock, Wordpress	2 Jetengine, Wordpress	2026-04-29	7.1 High
Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.2.4.
CVE-2023-49167	1 Wordpress	1 Wordpress	2026-04-29	6.5 Medium
Missing Authorization vulnerability in code4life Database for CF7 database-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database for CF7: from n/a through <= 1.2.4.
CVE-2023-49849	1 Wordpress	1 Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in vaakash Shortcoder shortcoder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcoder: from n/a through <= 6.3.
CVE-2023-48277	1 Wordpress	1 Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps super-progressive-web-apps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Progressive Web Apps: from n/a through <= 2.2.21.
CVE-2023-49832	1 Wordpress	1 Wordpress	2026-04-29	5.3 Medium
Missing Authorization vulnerability in Gemini Labs Site Reviews site-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through <= 6.10.2.
CVE-2023-49861	1 Wordpress	1 Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in socialmediafeather Social Media Feather social-media-feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through <= 2.1.3.
CVE-2023-49756	2 Themewinter, Wordpress	2 Eventin, Wordpress	2026-04-29	5.4 Medium
Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through <= 3.3.52.
CVE-2023-49156	2 Godaddy, Wordpress	2 Godaddy Email Marketing, Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in GoDaddy GoDaddy Email Marketing godaddy-email-marketing-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDaddy Email Marketing: from n/a through <= 1.4.3.
CVE-2023-49758	1 Wordpress	1 Wordpress	2026-04-29	4.3 Medium
Missing Authorization vulnerability in Roland Murg WP Booking System wp-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Booking System: from n/a through <= 2.0.19.2.

« first previous Page 25 of 614. next last »