Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12300 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-39485	2 Embedplus, Wordpress	2 Youtube Embed Plus, Wordpress	2026-04-24	4.3 Medium
Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through <= 14.2.4.
CVE-2026-34890	2 Mark O’donnell, Wordpress	2 Mstw League Manager, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10.
CVE-2026-34896	2 Analytify, Wordpress	2 Under Construction, Coming Soon & Maintenance Mode, Wordpress	2026-04-24	7.5 High
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows Cross Site Request Forgery.This issue affects Under Construction, Coming Soon & Maintenance Mode: from n/a through 2.1.1.
CVE-2026-34899	2 Eniture Technology, Wordpress	2 Ltl Freight Quotes – Worldwide Express Edition, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1.
CVE-2026-34904	2 Analytify, Wordpress	2 Simple Social Media Share Buttons, Wordpress	2026-04-24	7.5 High
Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0.
CVE-2026-39495	2 Nsquared, Wordpress	2 Simply Schedule Appointments, Wordpress	2026-04-24	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.27.
CVE-2026-39509	2 Wordpress, Wpwax	2 Wordpress, Directorist	2026-04-24	5.3 Medium
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.
CVE-2026-39483	2 Hidekazu Ishikawa, Wordpress	2 Vk All In One Expansion Unit, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.This issue affects VK All in One Expansion Unit: from n/a through <= 9.113.3.
CVE-2026-39476	2 Syed Balkhi, Wordpress	2 User Feedback, Wordpress	2026-04-24	4.3 Medium
Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through <= 1.10.1.
CVE-2026-34903	2 Oceanwp, Wordpress	2 Ocean Extra, Wordpress	2026-04-24	5.4 Medium
Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3.
CVE-2026-39536	2 Wordpress, Wpchill	2 Wordpress, Rsvp And Event Management	2026-04-24	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and Event Management: from n/a through <= 2.7.16.
CVE-2026-39528	2 Wordpress, Wpdelicious	2 Wordpress, Wp Delicious	2026-04-24	5.3 Medium
Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= 1.9.5.
CVE-2026-39538	2 Mikado-themes, Wordpress	2 Mikado Core, Wordpress	2026-04-24	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This issue affects Mikado Core: from n/a through <= 1.6.
CVE-2026-39541	2 Themefic, Wordpress	2 Hydra Booking, Wordpress	2026-04-24	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through <= 1.1.38.
CVE-2026-39542	2 Doofinder, Wordpress	2 Doofinder For Woocommerce, Wordpress	2026-04-24	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through <= 2.10.13.
CVE-2026-39562	2 Boldgrid, Wordpress	2 Client Invoicing By Sprout Invoices, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.10.
CVE-2026-39564	2 Sunshinephotocart, Wordpress	2 Sunshine Photo Cart, Wordpress	2026-04-24	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through < 3.6.2.
CVE-2026-39570	2 Aa Web Servant, Wordpress	2 12 Step Meeting List, Wordpress	2026-04-24	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9.
CVE-2026-39575	2 Ronald Huereca, Wordpress	2 Custom Query Blocks, Wordpress	2026-04-24	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affects Custom Query Blocks: from n/a through <= 5.5.0.
CVE-2026-39586	2 Ateeq Rafeeq, Wordpress	2 Repairbuddy, Wordpress	2026-04-24	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through <= 4.1132.

« first previous Page 109 of 615. next last »