Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (13154 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-52716	2 Purethemes, Wordpress	2 Workscout Core, Wordpress	2026-06-17	6.5 Medium
Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.
CVE-2026-54818	2 Veronalabs, Wordpress	2 Slimstat Analytics, Wordpress	2026-06-17	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection. This issue affects Slimstat Analytics: from n/a through 5.4.11.
CVE-2026-54817	2 Fluxbuilder, Wordpress	2 Mstore Api, Wordpress	2026-06-17	6.5 Medium
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4.
CVE-2024-24709	2 Shareaholic, Wordpress	2 Shareaholic, Wordpress	2026-06-17	4.3 Medium
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.
CVE-2026-34888	2 Bricksforge, Wordpress	2 Bricksforge, Wordpress	2026-06-17	7.5 High
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
CVE-2026-24611	2 Wordpress, Wpmet	2 Wordpress, Metform Pro	2026-06-17	9.1 Critical
Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-24610	2 Wordpress, Wpmet	2 Wordpress, Metform Pro	2026-06-17	4.3 Medium
Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-27410	2 Veronalabs, Wordpress	2 Slimstat Analytics, Wordpress	2026-06-17	6.5 Medium
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
CVE-2026-39595	2 Boldgrid, Wordpress	2 W3 Total Cache, Wordpress	2026-06-17	4.7 Medium
Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.
CVE-2024-32729	2 Quantumcloud, Wordpress	2 Conversational Forms For Chatbot, Wordpress	2026-06-17	7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8.
CVE-2026-40723	2 Bricks, Wordpress	2 Bricks Builder, Wordpress	2026-06-17	4.3 Medium
Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.
CVE-2026-49071	2 Opmc, Wordpress	2 Woocommerce Dropshipping, Wordpress	2026-06-17	6.5 Medium
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
CVE-2026-24575	2 Wishlist Member, Wordpress	2 Wishlist Member X, Wordpress	2026-06-17	4.3 Medium
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
CVE-2026-39597	2 Wordpress, Wpzoom	2 Wordpress, Wpzoom Addons For Elementor	2026-06-17	7.1 High
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
CVE-2025-49403	2 Aa-team, Wordpress	2 Premium Age Verification Restriction For Wordpress, Wordpress	2026-06-17	7.5 High
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.
CVE-2026-39546	2 Techspawn, Wordpress	2 Multiloca, Wordpress	2026-06-17	7.6 High
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
CVE-2026-54192	2 Ays-pro, Wordpress	2 Popup Box, Wordpress	2026-06-17	7.1 High
Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.
CVE-2026-54195	2 Jetmonsters, Wordpress	2 Jetformbuilder, Wordpress	2026-06-17	7.1 High
Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.
CVE-2026-54196	2 Jetmonsters, Wordpress	2 Jetformbuilder, Wordpress	2026-06-17	6.8 Medium
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
CVE-2026-54806	2 Melapress, Wordpress	2 Wp Activity Log, Wordpress	2026-06-17	9.8 Critical
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.

« first previous Page 9 of 658. next last »