Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9048 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62146	1 Wordpress	1 Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maksym Marko MX Time Zone Clocks allows Stored XSS.This issue affects MX Time Zone Clocks: from n/a through 5.1.1.
CVE-2025-49358	1 Wordpress	1 Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ruhul Amin Content Fetcher allows DOM-Based XSS.This issue affects Content Fetcher: from n/a through 1.1.
CVE-2025-63022	2 Illia, Wordpress	2 Simple Like Page, Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in Illia Simple Like Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Like Page: from n/a through 1.5.3.
CVE-2025-62143	1 Wordpress	1 Wordpress	2026-01-05	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through 1.163.
CVE-2025-62150	1 Wordpress	1 Wordpress	2026-01-05	4.3 Medium
Missing Authorization vulnerability in Themesawesome History Timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects History Timeline: from n/a through 1.0.6.
CVE-2025-63020	2 Wayne Allen, Wordpress	2 Postie, Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wayne Allen Postie postie allows Stored XSS.This issue affects Postie: from n/a through 1.9.73.
CVE-2025-62142	2 Cincopa, Wordpress	2 Video And Media Plug-in, Wordpress	2026-01-05	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicashmu Cincopa video and media plugin allows Stored XSS.This issue affects Cincopa video and media plug-in: from n/a through 1.163.
CVE-2025-63032	1 Wordpress	1 Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Consulting allows Stored XSS.This issue affects Consulting: from n/a through 1.5.0.
CVE-2025-62114	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcelo Torres Download Media Library allows Retrieve Embedded Sensitive Data.This issue affects Download Media Library: from n/a through 0.2.1.
CVE-2025-62096	2 Wordpress, Wpfactory	2 Wordpress, Maximum Products Per User For Woocommerce	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Maximum Products per User for WooCommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through 4.4.2.
CVE-2025-62141	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in 101gen Wawp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through 4.0.5.
CVE-2025-62742	2 Curator, Wordpress	2 Curator.io, Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Curator.Io allows Stored XSS.This issue affects Curator.Io: from n/a through 1.9.5.
CVE-2025-62092	2 Wiremo, Wordpress	2 Wiremo, Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in Wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through 1.4.99.
CVE-2025-63031	1 Wordpress	1 Wordpress	2026-01-05	5.3 Medium
Missing Authorization vulnerability in WP Grids EasyTest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through 1.0.1.
CVE-2025-62111	1 Wordpress	1 Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webvitaly Extra Shortcodes allows Stored XSS.This issue affects Extra Shortcodes: from n/a through 2.2.
CVE-2025-62118	1 Wordpress	1 Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kcseopro AdWords Conversion Tracking Code allows Stored XSS.This issue affects AdWords Conversion Tracking Code: from n/a through 1.0.
CVE-2025-62743	1 Wordpress	1 Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.5.5.
CVE-2025-62757	1 Wordpress	1 Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebMan Design \| Oliver Juhas WebMan Amplifier allows DOM-Based XSS.This issue affects WebMan Amplifier: from n/a through 1.5.12.
CVE-2025-62755	2 Gsplugins, Wordpress	2 Gs Portfolio For Envato, Wordpress	2026-01-05	5.3 Medium
Unauthenticated Broken Access Control in GS Portfolio for Envato <= 1.4.2 versions.
CVE-2025-62095	1 Wordpress	1 Wordpress	2026-01-05	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Neilgee Bootstrap Modals allows Stored XSS.This issue affects Bootstrap Modals: from n/a through 1.3.2.

« first previous Page 33 of 453. next last »