Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11417 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-48153	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images import-cdn-remote-images allows Stored XSS.This issue affects Import CDN-Remote Images: from n/a through <= 2.1.2.
CVE-2025-48152	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dimafreund Rentsyst rentsyst allows Reflected XSS.This issue affects Rentsyst: from n/a through <= 2.0.100.
CVE-2025-48151	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations cm-map-locations allows Reflected XSS.This issue affects CM Map Locations: from n/a through <= 2.1.6.
CVE-2025-48150	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in sminozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin real-estate-right-now allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin: from n/a through <= 4.48.
CVE-2025-48149	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal cookandmeal allows PHP Local File Inclusion.This issue affects Cook&Meal: from n/a through <= 1.2.3.
CVE-2025-48148	2 Woocommerce, Wordpress	3 Storekeeper, Woocommerce, Wordpress	2026-04-01	N/A
Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4.
CVE-2025-48142	1 Wordpress	1 Wordpress	2026-04-01	N/A
Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify bookify allows Privilege Escalation.This issue affects Bookify: from n/a through <= 1.0.9.
CVE-2025-48140	2 Metalpriceapi, Wordpress	2 Metalpriceapi, Wordpress	2026-04-01	N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injection.This issue affects MetalpriceAPI: from n/a through <= 1.1.4.
CVE-2025-48123	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2026-04-01	N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Code Injection.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37.
CVE-2025-48121	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Puddick WP Notes Widget wp-notes-widget allows DOM-Based XSS.This issue affects WP Notes Widget: from n/a through <= 1.0.6.
CVE-2025-48116	1 Wordpress	1 Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in Ashan Perera EventON eventon-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through <= 2.4.4.
CVE-2025-48115	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify validar-certificados-de-cursos allows Cross Site Request Forgery.This issue affects ValidateCertify: from n/a through <= 1.6.4.
CVE-2025-48114	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger shayanweb-admin-fontchanger allows Stored XSS.This issue affects ShayanWeb Admin FontChanger: from n/a through <= 1.9.1.
CVE-2025-48109	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup xm-backup allows Stored XSS.This issue affects XM-Backup: from n/a through <= 0.9.1.
CVE-2025-48107	2 Undsgn, Wordpress	2 Uncode, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in undsgn Uncode uncode allows Reflected XSS.This issue affects Uncode: from n/a through < 2.9.4.4.
CVE-2025-48105	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Boiardt Easy Flash Embed easy-flash-embed allows Stored XSS.This issue affects Easy Flash Embed: from n/a through <= 1.0.
CVE-2025-48104	1 Wordpress	1 Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player floating-window-music-player allows Stored XSS.This issue affects Floating Window Music Player: from n/a through <= 3.4.2.
CVE-2025-48103	1 Wordpress	1 Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mulscully Today's Date Inserter todays-date-inserter allows Stored XSS.This issue affects Today's Date Inserter: from n/a through <= 1.2.1.
CVE-2025-48088	2 Brainstormforce, Wordpress	2 Ultimate Addons For Wpbakery Page Builder, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm_Force Ultimate Addons for WPBakery Page Builder ultimate_vc_addons allows Stored XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through < 3.21.1.
CVE-2025-47696	2 Solwin, Wordpress	2 Blog Designer Pro, Wordpress	2026-04-01	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through <= 3.4.7.

« first previous Page 68 of 571. next last »