Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9682 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-54691	2 Stylemix, Wordpress	2 Motors, Wordpress	2025-08-16	5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80.
CVE-2025-54699	2 Masteriyo, Wordpress	2 Masteriyo, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - LMS: from n/a through 1.18.3.
CVE-2025-52775	2 Ronik Unlimitedwp, Wordpress	2 Project Cost Calculator, Wordpress	2025-08-16	7.1 High
Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Project Cost Calculator: from n/a through 1.0.0.
CVE-2025-49038	2 Soflyy, Wordpress	2 Wp Dynamic Links, Wordpress	2025-08-16	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Dynamic Links allows Reflected XSS. This issue affects WP Dynamic Links: from n/a through 1.0.1.
CVE-2025-49267	2 Dynamiapps, Wordpress	2 Frontend Admin, Wordpress	2025-08-16	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Blind SQL Injection. This issue affects Frontend Admin by DynamiApps: from n/a through 3.28.3.
CVE-2025-47610	3 Wetail, Woocommerce, Wordpress	3 Woocommerce Fortnox Integration, Woocommerce, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wetail WooCommerce Fortnox Integration allows Stored XSS. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.6.
CVE-2025-28999	3 Woocommerce, Wordpress, Zoomit	3 Woocommerce, Wordpress, Woocommerce Shop Page Builder	2025-08-16	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7.
CVE-2025-54697	2 Kadencewp, Wordpress	2 Kadence Woocommerce Email Designer, Wordpress	2025-08-16	7.2 High
Incorrect Privilege Assignment vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Privilege Escalation. This issue affects Kadence WooCommerce Email Designer: from n/a through 1.5.16.
CVE-2025-54696	2 Getwpfunnels, Wordpress	2 Wpfunnels, Wordpress	2025-08-16	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a through 3.5.26.
CVE-2025-54684	2 Crmperks, Wordpress	2 Integration For Contact Form 7 And Constant Contact, Wordpress	2025-08-16	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Integration for Contact Form 7 and Constant Contact allows Stored XSS. This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.7.
CVE-2025-30998	2 Rico Macchi, Wordpress	2 Wp Links Page, Wordpress	2025-08-16	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page allows SQL Injection. This issue affects WP Links Page: from n/a through 4.9.6.
CVE-2025-54702	2 Motovnet, Wordpress	2 Ebook Store, Wordpress	2025-08-16	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store allows Cross Site Request Forgery. This issue affects Ebook Store: from n/a through 5.8013.
CVE-2025-54674	3 Product Configurator For Woocommerce Project, Woocommerce, Wordpress	3 Product Configurator For Woocommerce, Woocommerce, Wordpress	2025-08-16	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for WooCommerce: from n/a through 1.4.4.
CVE-2025-54675	2 Wordpress, Yithemes	2 Wordpress, Yith Woocommerce Compare	2025-08-16	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup allows Cross Site Request Forgery. This issue affects YITH WooCommerce Popup: from n/a through 1.48.0.
CVE-2025-30993	3 Villatheme, Woocommerce, Wordpress	4 Thank You Page Customizer For Woocommerce, Woocommerce Thank You Page Customizer, Woocommerce and 1 more	2025-08-16	6.5 Medium
Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thank You Page Customizer for WooCommerce – Increase Your Sales: from n/a through 1.1.7.
CVE-2025-54703	2 Prince, Wordpress	2 Integrate Google Drive, Wordpress	2025-08-16	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Prince Integrate Google Drive allows Cross Site Request Forgery. This issue affects Integrate Google Drive: from n/a through 1.5.2.
CVE-2025-6790	2 Quizandsurveymaster, Wordpress	2 Quiz And Survey Master, Wordpress	2025-08-16	4.3 Medium
The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
CVE-2025-54672	2 Jordy Meow, Wordpress	2 Photo Engine, Wordpress	2025-08-16	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine allows Cross Site Request Forgery. This issue affects Photo Engine: from n/a through 6.4.3.
CVE-2025-54667	2 Mycred, Wordpress	2 Mycred, Wordpress	2025-08-16	5.3 Medium
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue affects myCred: from n/a through 2.9.4.3.
CVE-2025-52820	3 Infosoftplugin, Woocommerce, Wordpress	3 Woocommerce Point Of Sale, Woocommerce, Wordpress	2025-08-16	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) allows SQL Injection. This issue affects WooCommerce Point Of Sale (POS): from n/a through 1.4.

« first previous Page 245 of 485. next last »