Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11802 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-23799	2 Themeum, Wordpress	2 Tutor Lms, Wordpress	2026-04-16	6.5 Medium
Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5.
CVE-2026-24385	2 Gerritvanaaken, Wordpress	2 Podlove Web Player, Wordpress	2026-04-16	7.5 High
Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through <= 5.9.1.
CVE-2026-24960	2 Wordpress, Zozothemes	2 Wordpress, Charety	2026-04-16	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Charety charety allows Using Malicious Files.This issue affects Charety: from n/a through < 2.0.2.
CVE-2026-27326	2 Axiomthemes, Wordpress	2 Ac Services \| Hvac, Air Conditioning & Heating Company Wordpress Theme, Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes AC Services \| HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local File Inclusion.This issue affects AC Services \| HVAC, Air Conditioning & Heating Company WordPress Theme: from n/a through <= 1.2.5.
CVE-2026-27338	2 Aivahthemes, Wordpress	2 Car Zone, Wordpress	2026-04-15	8.8 High
Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through <= 3.7.
CVE-2026-27339	2 Ancorathemes, Wordpress	2 Buzz Stone \| Magazine & Viral Blog Wordpress Theme, Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Buzz Stone \| Magazine & Viral Blog WordPress Theme buzzstone allows PHP Local File Inclusion.This issue affects Buzz Stone \| Magazine & Viral Blog WordPress Theme: from n/a through <= 1.0.2.
CVE-2026-27341	2 Mikado-themes, Wordpress	2 Topscorer - Sports Wordpress Theme, Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through <= 1.2.
CVE-2026-27342	2 Mikado-themes, Wordpress	2 Topfit - Fitness And Gym Wordpress Theme, Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit allows PHP Local File Inclusion.This issue affects TopFit - Fitness and Gym WordPress Theme: from n/a through <= 1.9.
CVE-2026-27348	2 Themegoods, Wordpress	2 Photography, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography allows DOM-Based XSS.This issue affects Photography: from n/a before 7.7.6.
CVE-2026-27353	2 Themegoods, Wordpress	2 Grand News, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand News grandnews allows Reflected XSS.This issue affects Grand News: from n/a through <= 3.4.3.
CVE-2026-27359	2 Fox-themes, Wordpress	2 Awa Plugins, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Awa Plugins awa-plugins allows Reflected XSS.This issue affects Awa Plugins: from n/a through <= 1.4.4.
CVE-2026-27361	2 Webcodingplace, Wordpress	2 Responsive Posts Carousel Pro, Wordpress	2026-04-15	7.5 High
Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Posts Carousel Pro: from n/a through <= 15.1.
CVE-2026-27362	2 Kamleshyadav, Wordpress	2 Wp Bakery Autoresponder Addon, Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bakery Autoresponder Addon: from n/a through <= 1.0.6.
CVE-2026-27367	2 Themegoods, Wordpress	2 Musico, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico allows Reflected XSS.This issue affects Musico: from n/a before 3.4.5.
CVE-2026-27374	2 Vanquish, Wordpress	2 Woocommerce Order Details, Wordpress	2026-04-15	7.5 High
Missing Authorization vulnerability in vanquish WooCommerce Order Details woocommerce-order-details allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Order Details: from n/a through <= 3.1.
CVE-2026-27376	2 Janstudio, Wordpress	2 Claue - Clean, Minimal Elementor Woocommerce Theme, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through <= 2.2.7.
CVE-2026-27379	2 Nextscripts, Wordpress	2 Nextscripts, Wordpress	2026-04-15	8.8 High
Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through <= 4.4.7.
CVE-2026-27382	2 Radiustheme, Wordpress	2 Metro, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through <= 2.13.
CVE-2026-27384	2 Boldgrid, Wordpress	2 W3 Total Cache, Wordpress	2026-04-15	9 Critical
Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1.
CVE-2026-27385	2 Designthemes, Wordpress	2 Designthemes Portfolio, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio designthemes-portfolio allows Reflected XSS.This issue affects DesignThemes Portfolio: from n/a through <= 1.3.

« first previous Page 32 of 591. next last »