Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9558 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-9115	2 Etsy Shop Project, Wordpress	2 Etsy Shop, Wordpress	2025-09-23	5.6 Medium
The Etsy Shop WordPress plugin before 3.0.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
CVE-2025-58271	1 Wordpress	1 Wordpress	2025-09-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AnyClip Video Platform AnyClip Luminous Studio allows Stored XSS. This issue affects AnyClip Luminous Studio: from n/a through 1.3.3.
CVE-2025-58688	1 Wordpress	1 Wordpress	2025-09-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support allows Stored XSS. This issue affects Casengo Live Chat Support: from n/a through 2.1.4.
CVE-2025-58646	1 Wordpress	1 Wordpress	2025-09-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chtombleson Mobi2Go allows Stored XSS. This issue affects Mobi2Go: from n/a through 1.0.0.
CVE-2025-58680	2 Gutentor, Wordpress	2 Gutentor, Wordpress	2025-09-23	6.5 Medium
Missing Authorization vulnerability in gutentor Gutentor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutentor: from n/a through 3.5.2.
CVE-2025-58684	2 Themepoints, Wordpress	2 Logo Showcase, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Logo Showcase allows Stored XSS. This issue affects Logo Showcase: from n/a through 3.0.9.
CVE-2025-58676	1 Wordpress	1 Wordpress	2025-09-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in extendyourweb HORIZONTAL SLIDER allows Stored XSS. This issue affects HORIZONTAL SLIDER: from n/a through 2.4.
CVE-2025-58690	1 Wordpress	1 Wordpress	2025-09-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect allows Stored XSS. This issue affects Doliconnect: from n/a through 9.5.7.
CVE-2025-58263	2 Buddypress, Wordpress	2 Buddypress, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Notification Widget allows Stored XSS. This issue affects BuddyPress Notification Widget: from n/a through 1.3.3.
CVE-2025-58679	2 Appmysite, Wordpress	2 Appmysite, Wordpress	2025-09-23	5.3 Medium
Missing Authorization vulnerability in AppMySite AppMySite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AppMySite: from n/a through 3.14.0.
CVE-2025-58682	2 Wordpress, Wp-kama	2 Wordpress, Kama Click Counter	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timur Kamaev Kama Click Counter allows Stored XSS. This issue affects Kama Click Counter: from n/a through 4.0.4.
CVE-2025-58645	1 Wordpress	1 Wordpress	2025-09-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gravitate Gravitate Automated Tester allows Stored XSS. This issue affects Gravitate Automated Tester: from n/a through 1.4.5.
CVE-2025-58689	2 Tapfiliate, Wordpress	2 Tapfiliate, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tapfiliate Tapfiliate allows Stored XSS. This issue affects Tapfiliate: from n/a through 3.2.2.
CVE-2025-58265	1 Wordpress	1 Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stonehenge Creations Events Manager – OpenStreetMaps allows Stored XSS. This issue affects Events Manager – OpenStreetMaps: from n/a through 4.2.1.
CVE-2025-58687	1 Wordpress	1 Wordpress	2025-09-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin allows Stored XSS. This issue affects Current Age Plugin: from n/a through 1.6.
CVE-2025-58677	1 Wordpress	1 Wordpress	2025-09-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in puravida1976 ShrinkTheWeb (STW) Website Previews allows Stored XSS. This issue affects ShrinkTheWeb (STW) Website Previews: from n/a through 2.8.5.
CVE-2025-58264	2 Artbees, Wordpress	2 Jupiter X Core, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artbees JupiterX Core allows Stored XSS. This issue affects JupiterX Core: from n/a through 4.10.1.
CVE-2025-58703	1 Wordpress	1 Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skyword Skyword API Plugin allows Stored XSS. This issue affects Skyword API Plugin: from n/a through 2.5.3.
CVE-2025-58678	2 Pickplugins, Wordpress	2 Accordion, Wordpress	2025-09-23	6.5 Medium
Missing Authorization vulnerability in PickPlugins Accordion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accordion: from n/a through 2.3.14.
CVE-2025-58681	1 Wordpress	1 Wordpress	2025-09-23	5.3 Medium
Missing Authorization vulnerability in Jürgen Müller Easy Quotes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Quotes: from n/a through 1.2.4.

« first previous Page 204 of 478. next last »