Wordpress CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (11803 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-33695	1 Wordpress	1 Wordpress	2025-07-12	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode Fan Page Widget by ThemeNcode allows Stored XSS.This issue affects Fan Page Widget by ThemeNcode: from n/a through 2.0.
CVE-2024-30453	2 Brave, Wordpress	2 Brave Popup Builder, Wordpress	2025-07-12	5.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.6.5.
CVE-2024-38705	2 Elementinvader, Wordpress	2 Elementinvader Addons For Elementor, Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.4.
CVE-2024-54285	1 Wordpress	1 Wordpress	2025-07-12	9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10.
CVE-2024-43348	2 Iznyn, Wordpress	2 Purity Of Soul, Wordpress	2025-07-12	7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iznyn Purity Of Soul allows Reflected XSS.This issue affects Purity Of Soul: from n/a through 1.9.
CVE-2024-43262	1 Wordpress	1 Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webriti Busiprof allows Stored XSS.This issue affects Busiprof: from n/a through 2.4.8.
CVE-2024-34380	2 Quantumcloud, Wordpress	2 Conversational Forms For Chatbot, Wordpress	2025-07-12	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0.
CVE-2024-34548	1 Wordpress	1 Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.4.8.
CVE-2025-31593	1 Wordpress	1 Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OpenMenu OpenMenu allows Stored XSS. This issue affects OpenMenu: from n/a through 3.5.
CVE-2024-37950	1 Wordpress	1 Wordpress	2025-07-12	5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodexHelp Master Popups allows Stored XSS.This issue affects Master Popups: from n/a through 1.0.3.
CVE-2023-49741	2 Wordpress, Wpdevart	2 Wordpress, Coming Soon And Maintenance Mode	2025-07-12	3.7 Low
Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through 3.7.3.
CVE-2023-29237	1 Wordpress	1 Wordpress	2025-07-12	6.3 Medium
Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n/a through 1.3.5.
CVE-2024-32530	2 Presstigers, Wordpress	2 Simple Testimonials Showcase, Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PressTigers Simple Testimonials Showcase allows Stored XSS.This issue affects Simple Testimonials Showcase: from n/a through 1.1.5.
CVE-2024-43133	2 Themify, Wordpress	2 Themify Shortcodes, Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1.
CVE-2024-35174	2 Flothemes, Wordpress	2 Flo Forms, Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.
CVE-2024-32554	1 Wordpress	1 Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Knight Lab Knight Lab Timeline allows Stored XSS.This issue affects Knight Lab Timeline: from n/a through 3.9.3.4.
CVE-2025-31068	1 Wordpress	1 Wordpress	2025-07-12	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4.
CVE-2023-7251	1 Wordpress	1 Wordpress	2025-07-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901.
CVE-2024-25915	1 Wordpress	1 Wordpress	2025-07-12	4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2.
CVE-2025-48337	1 Wordpress	1 Wordpress	2025-07-12	5.3 Medium
Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.

« first previous Page 555 of 591. next last »