Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 351444 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12224 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12224 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-52735	2 Wordpress, Xlplugins	2 Wordpress, Nextmove	2026-04-27	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through <= 2.24.0.
CVE-2025-52734	1 Wordpress	1 Wordpress	2026-04-27	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ERA404 CropRefine croprefine allows Reflected XSS.This issue affects CropRefine: from n/a through <= 1.2.1.
CVE-2025-23993	1 Wordpress	1 Wordpress	2026-04-27	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RiceTheme Felan Framework felan-framework allows SQL Injection.This issue affects Felan Framework: from n/a through <= 1.1.3.
CVE-2025-62965	2 Admin Management Xtended Project, Wordpress	2 Admin Management Xtended, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through <= 2.5.1.
CVE-2025-62956	1 Wordpress	1 Wordpress	2026-04-27	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through <= 2.0.1.
CVE-2025-62954	2 Revive, Wordpress	2 Revive Old Posts, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in rsocial Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through <= 9.3.3.
CVE-2025-62952	2 Quantumcloud, Wordpress	2 Chatbot, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.7.3.
CVE-2025-62946	2 Everestthemes, Wordpress	2 Everest Backup, Wordpress	2026-04-27	5.3 Medium
Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a through <= 2.3.8.
CVE-2025-62945	2 Eduard Pinuaga Linares, Wordpress	2 Did Prestashop Display, Wordpress	2026-04-27	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through <= 1.0.30.
CVE-2025-66136	2 Merkulove, Wordpress	2 Carter For Elementor, Wordpress	2026-04-27	5.4 Medium
Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2.
CVE-2025-62938	2 Reoon Technology, Wordpress	2 Reoon Email Verifier, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reoon Email Verifier: from n/a through <= 2.0.1.
CVE-2025-62935	3 Ilmosys, Woocommerce, Wordpress	3 Open Close Woocommerce Store, Woocommerce, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through <= 5.0.0.
CVE-2025-62934	1 Wordpress	1 Wordpress	2026-04-27	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Mejar WP Business Hours wp-business-hours allows Stored XSS.This issue affects WP Business Hours: from n/a through <= 1.4.
CVE-2025-62933	1 Wordpress	1 Wordpress	2026-04-27	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through <= 2.2.1.
CVE-2025-62932	1 Wordpress	1 Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in wprio Table Block by RioVizual riovizual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by RioVizual: from n/a through <= 3.0.0.
CVE-2025-62931	1 Wordpress	1 Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in microsoftstart MSN Partner Hub microsoft-start allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSN Partner Hub: from n/a through <= 2.9.
CVE-2025-62929	2 Pluginops, Wordpress	2 Testimonial Slider, Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.
CVE-2025-62928	1 Wordpress	1 Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Meta Description Updater: from n/a through <= 1.2.0.
CVE-2025-62927	1 Wordpress	1 Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Content: from n/a through <= 4.0.5.
CVE-2025-62925	2 Conversios, Wordpress	2 Conversios.io, Wordpress	2026-04-27	5.4 Medium
Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.13.

« first previous Page 81 of 612. next last »