Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 334771 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 10314 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (10314 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-25318	2 Wisernotify Team, Wordpress	2 Wiserreview Product Reviews For Woocommerce, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.
CVE-2026-25319	2 Wordpress, Wpzita	2 Wordpress, Zita Elementor Site Library	2026-02-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site-library allows Cross Site Request Forgery.This issue affects Zita Elementor Site Library: from n/a through <= 1.6.6.
CVE-2026-25320	2 Cool Plugins, Wordpress	2 Elementor Contact Form Db, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Contact Form DB: from n/a through <= 2.1.3.
CVE-2026-25321	2 Psm Plugins, Wordpress	2 Supportcandy, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4.
CVE-2026-25323	2 Mika, Wordpress	2 Osm, Wordpress	2026-02-20	N/A
Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through <= 6.1.12.
CVE-2026-25325	2 Rtcamp, Wordpress	2 Rtmedia For Wordpress, Buddypress And Bbpress, Wordpress	2026-02-20	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through <= 4.7.8.
CVE-2026-25329	2 Expresstech, Wordpress	2 Quiz And Survey Master, Wordpress	2026-02-20	N/A
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.4.
CVE-2026-25331	2 Melapress, Wordpress	2 Wp Activity Log, Wordpress	2026-02-20	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through <= 5.5.4.
CVE-2026-25332	2 Fahad Mahmood, Wordpress	2 Endless Posts Navigation, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Endless Posts Navigation: from n/a through <= 2.2.9.
CVE-2026-25333	2 Peregrinethemes, Wordpress	2 Shopwell, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through <= 1.0.11.
CVE-2026-25335	2 Ays-pro, Wordpress	2 Secure Copy Content Protection And Content Locking, Wordpress	2026-02-20	4.3 Medium
Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 5.0.0.
CVE-2026-25336	2 Wordpress, Wpcoachify	2 Wordpress, Coachify	2026-02-20	5.3 Medium
Missing Authorization vulnerability in wpcoachify Coachify coachify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coachify: from n/a through <= 1.1.5.
CVE-2026-25337	2 Wordpress, Wpcoachify	2 Wordpress, Coachify	2026-02-20	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.1.5.
CVE-2026-25338	2 Ays Pro, Wordpress	2 Ai Chatbot With Chatgpt And Content Generator By Ays, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through <= 2.7.4.
CVE-2026-25348	2 Alttextai, Wordpress	2 Download Alt Text Ai, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in alttextai Download Alt Text AI alttext-ai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Alt Text AI: from n/a through <= 1.10.15.
CVE-2026-25363	2 Fooplugins, Wordpress	2 Foogallery, Wordpress	2026-02-20	N/A
Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FooGallery: from n/a through <= 3.1.11.
CVE-2026-25367	2 Nootheme, Wordpress	2 Citilights, Wordpress	2026-02-20	5.3 Medium
Missing Authorization vulnerability in NooTheme CitiLights noo-citilights allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CitiLights: from n/a through < 3.7.2.
CVE-2026-25368	2 Codepeople, Wordpress	2 Calculated Fields Form, Wordpress	2026-02-20	6.5 Medium
Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fields Form: from n/a through <= 5.4.4.1.
CVE-2026-25370	2 Aresit, Wordpress	2 Wp Compress, Wordpress	2026-02-20	N/A
Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through <= 6.60.28.
CVE-2026-25372	2 Kodezen, Wordpress	2 Academy Lms, Wordpress	2026-02-20	6.5 Medium
Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3.

« first previous Page 16 of 516. next last »