Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11887 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-48275	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in dastan800 Visual Header visual-header allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Header: from n/a through <= 1.3.
CVE-2025-48269	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through <= 2.2.3.
CVE-2025-48262	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in M.Code Url Rewrite Analyzer url-rewrite-analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Url Rewrite Analyzer: from n/a through <= 1.3.3.
CVE-2025-48259	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Juan Carlos WP Mapa Politico España wp-mapa-politico-spain allows Cross Site Request Forgery.This issue affects WP Mapa Politico España: from n/a through <= 3.8.0.
CVE-2025-48258	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jetmonsters Mega Menu Block getwid-megamenu allows Stored XSS.This issue affects Mega Menu Block: from n/a through <= 1.0.6.
CVE-2025-48257	2 Projectopia, Wordpress	2 Projectopia, Wordpress	2026-04-23	6.5 Medium
Missing Authorization vulnerability in Projectopia Projectopia projectopia-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Projectopia: from n/a through <= 5.1.17.
CVE-2025-48231	2 Codepeople, Wordpress	2 Booking Calendar Contact Form, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Booking Calendar Contact Form booking-calendar-contact-form allows Stored XSS.This issue affects Booking Calendar Contact Form: from n/a through <= 1.2.58.
CVE-2025-48171	1 Wordpress	1 Wordpress	2026-04-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store cena allows PHP Local File Inclusion.This issue affects Cena Store: from n/a through <= 2.11.26.
CVE-2025-48169	2 Jordy Meow, Wordpress	2 Code Engine, Wordpress	2026-04-23	9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through <= 0.3.3.
CVE-2025-48168	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Apollo - Sticky Full Width HTML5 Audio Player lbg-audio5-html5-shoutcast-sticky allows Reflected XSS.This issue affects Apollo - Sticky Full Width HTML5 Audio Player: from n/a through <= 3.4.
CVE-2025-48167	1 Wordpress	1 Wordpress	2026-04-23	5.4 Medium
Missing Authorization vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chatbox Manager: from n/a through <= 1.2.5.
CVE-2025-48166	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in sminozzi Stop and Block bots plugin Anti bots antibots allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Stop and Block bots plugin Anti bots: from n/a through <= 1.48.
CVE-2025-48165	2 Delucks, Wordpress	2 Delucks Seo, Wordpress	2026-04-23	8.8 High
Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects DELUCKS SEO: from n/a through <= 2.6.0.
CVE-2025-48164	1 Wordpress	1 Wordpress	2026-04-23	8.8 High
Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash suredash allows Privilege Escalation.This issue affects SureDash: from n/a through <= 1.0.3.
CVE-2025-48161	2 Wordpress, Yaycommerce	2 Wordpress, Yaysmtp	2026-04-23	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YaySMTP smtp-sendinblue allows SQL Injection.This issue affects YaySMTP: from n/a through <= 1.3.
CVE-2025-48160	1 Wordpress	1 Wordpress	2026-04-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris caliris-wp allows PHP Local File Inclusion.This issue affects Caliris: from n/a through <= 1.5.
CVE-2025-48159	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Youtube Vimeo Video Player and Slider WP Plugin video-player-youtube-vimeo allows Reflected XSS.This issue affects Youtube Vimeo Video Player and Slider WP Plugin: from n/a through <= 3.8.
CVE-2025-48158	2 Buddypress, Wordpress	2 Buddypress, Wordpress	2026-04-23	8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field buddypress-xprofile-image-field allows Path Traversal.This issue affects BuddyPress XProfile Custom Image Field: from n/a through <= 3.0.1.
CVE-2025-48157	2 Giorgi, Wordpress	2 Formality, Wordpress	2026-04-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through <= 1.5.9.
CVE-2025-48156	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Parakoos Image Wall image-wall allows Stored XSS.This issue affects Image Wall: from n/a through <= 3.1.

« first previous Page 152 of 595. next last »