Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 324797 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8387 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-27387	2 Designinvento, Wordpress	2 Directorypress, Wordpress	2026-02-20	5.4 Medium
Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.
CVE-2026-27360	2 10web, Wordpress	2 Photo Gallery, Wordpress	2026-02-20	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.
CVE-2026-27058	2 Pencidesign, Wordpress	2 Penci Podcast, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: from n/a through <= 1.7.
CVE-2026-27055	2 Pencidesign, Wordpress	2 Penci Ai Smartcontent Creator, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in PenciDesign Penci AI SmartContent Creator penci-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Penci AI SmartContent Creator: from n/a through <= 2.0.
CVE-2026-25453	2 Mdempfle, Wordpress	2 Advanced Iframe, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: from n/a through <= 2025.10.
CVE-2026-25005	2 N-media, Wordpress	2 Frontend File Manager, Wordpress	2026-02-20	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through <= 23.5.
CVE-2026-23547	2 Cmsmasters, Wordpress	2 Cmsmasters Content Composer, Wordpress	2026-02-20	7.1 High
Missing Authorization vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CMSMasters Content Composer: from n/a through <= 2.5.8.
CVE-2026-22422	2 Wordpress, Wpeverest	2 Wordpress, Everest Forms	2026-02-20	5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through <= 3.4.1.
CVE-2026-27440	2 Saadiqbal, Wordpress	2 Mycred, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.7.6.
CVE-2026-27343	2 Vankarwai, Wordpress	2 Airtifact, Wordpress	2026-02-20	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through <= 1.2.91.
CVE-2026-25362	2 Fooplugins, Wordpress	2 Foogallery, Wordpress	2026-02-20	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FooPlugins FooGallery foogallery allows Stored XSS.This issue affects FooGallery: from n/a through <= 3.1.11.
CVE-2026-25343	2 Veronalabs, Wordpress	2 Wp Sms, Wordpress	2026-02-20	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through <= 7.1.
CVE-2026-25330	2 Publishpress, Wordpress	2 Publishpress Authors, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress Authors: from n/a through <= 4.10.1.
CVE-2026-25326	2 Cmsmasters, Wordpress	2 Cmsmasters Content Composer, Wordpress	2026-02-20	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through <= 1.4.5.
CVE-2026-25324	2 Expresstech, Wordpress	2 Quiz And Survey Master, Wordpress	2026-02-20	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.
CVE-2026-25322	2 Publishpress, Wordpress	2 Publishpress Revisions, Wordpress	2026-02-20	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through <= 3.7.22.
CVE-2026-25315	2 Hcaptcha, Wordpress	2 Hcaptcha For Wp, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.22.0.
CVE-2026-25313	2 Shahjahan Jewel, Wordpress	2 Fluentform, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <= 6.1.14.
CVE-2026-25307	2 8theme, Wordpress	2 Xstore Core, Wordpress	2026-02-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through < 5.7.
CVE-2026-25008	2 Shahjahan Jewel, Wordpress	2 Ninja Tables, Wordpress	2026-02-20	4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5.

« first previous Page 16 of 420. next last »