Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6177 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-57937	2 Etruel, Wordpress	2 Wpematico Rss Feed Fetcher, Wordpress	2025-09-23	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher allows Retrieve Embedded Sensitive Data. This issue affects WPeMatico RSS Feed Fetcher: from n/a through 2.8.10.
CVE-2025-57936	2 Meitar, Wordpress	2 Subresource Integrity Manager, Wordpress	2025-09-23	4.3 Medium
Missing Authorization vulnerability in Meitar Subresource Integrity (SRI) Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Subresource Integrity (SRI) Manager: from n/a through 0.4.0.
CVE-2025-57935	1 Wordpress	1 Wordpress	2025-09-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ricky Dawn Bot Block – Stop Spam Referrals in Google Analytics allows Stored XSS. This issue affects Bot Block – Stop Spam Referrals in Google Analytics: from n/a through 2.6.
CVE-2025-57934	2 Lws, Wordpress	2 Affiliation, Wordpress	2025-09-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Aurélien LWS LWS Affiliation allows Cross Site Request Forgery. This issue affects LWS Affiliation: from n/a through 2.3.6.
CVE-2025-57933	2 Piotnet, Wordpress	2 Piotnet Forms, Wordpress	2025-09-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in piotnetdotcom Piotnet Forms allows Cross Site Request Forgery. This issue affects Piotnet Forms: from n/a through 1.0.30.
CVE-2025-57932	1 Wordpress	1 Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Diego Pereira PowerFolio allows Stored XSS. This issue affects PowerFolio: from n/a through 3.2.1.
CVE-2025-57930	1 Wordpress	1 Wordpress	2025-09-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in kanwei_doublethedonation Double the Donation allows Cross Site Request Forgery. This issue affects Double the Donation: from n/a through 2.0.0.
CVE-2025-57905	3 Amin, Woocommerce, Wordpress	3 Agreeme Checkboxes, Woocommerce, Wordpress	2025-09-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Amin Y AgreeMe Checkboxes For WooCommerce allows Cross Site Request Forgery. This issue affects AgreeMe Checkboxes For WooCommerce: from n/a through 1.1.3.
CVE-2025-57904	3 Woocommerce, Wordpress, Wp-experts	3 Woocommerce, Wordpress, Sales Count Manager	2025-09-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-EXPERTS.IN Sales Count Manager for WooCommerce allows Stored XSS. This issue affects Sales Count Manager for WooCommerce: from n/a through 2.5.
CVE-2025-53451	2 Mihdan, Wordpress	2 No External Links Project, Wordpress	2025-09-23	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in mihdan Mihdan: No External Links allows Cross Site Request Forgery. This issue affects Mihdan: No External Links: from n/a through 5.1.4.
CVE-2025-53452	2 Barry, Wordpress	2 Event Rocket, Wordpress	2025-09-23	4.3 Medium
Missing Authorization vulnerability in Barry Event Rocket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Rocket: from n/a through 3.3.
CVE-2025-59590	2 Davidlingren, Wordpress	2 Media Library Assistant, Wordpress	2025-09-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media Library Assistant allows Stored XSS. This issue affects Media Library Assistant: from n/a through 3.28.
CVE-2025-59589	2 Pencidesign, Wordpress	2 Soledad, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad allows DOM-Based XSS. This issue affects Soledad: from n/a through 8.6.8.
CVE-2025-59587	1 Wordpress	1 Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance allows DOM-Based XSS. This issue affects Penci Shortcodes & Performance: from n/a through n/a.
CVE-2025-59586	1 Wordpress	1 Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Portfolio allows DOM-Based XSS. This issue affects Penci Portfolio: from n/a through 3.5.
CVE-2025-59581	1 Wordpress	1 Wordpress	2025-09-23	6.5 Medium
Missing Authorization vulnerability in VW THEMES Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ibtana: from n/a through 1.2.5.3.
CVE-2025-59577	2 Stylemixthemes, Wordpress	2 Masterstudy Lms, Wordpress	2025-09-23	4.3 Medium
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Stylemix MasterStudy LMS allows Leveraging Race Conditions. This issue affects MasterStudy LMS: from n/a through 3.6.20.
CVE-2025-59576	2 Stylemixthemes, Wordpress	2 Masterstudy Lms, Wordpress	2025-09-23	6.5 Medium
Missing Authorization vulnerability in Stylemix MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.6.20.
CVE-2025-59574	2 Wordpress, Wptravelengine	2 Wordpress, Wp Travel Engine	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Travel Engine WP Travel Engine allows Stored XSS. This issue affects WP Travel Engine: from n/a through 1.4.2.
CVE-2025-59569	2 Cubewp, Wordpress	2 Cubewp, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emraan Cheema CubeWP allows Stored XSS. This issue affects CubeWP: from n/a through 1.1.26.

« first previous Page 18 of 309. next last »