Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 10800 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-22438	2 Foreverpinetree, Wordpress	2 Thebi, Wordpress	2026-03-09	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheBi thebi allows Reflected XSS.This issue affects TheBi: from n/a through <= 1.0.5.
CVE-2026-22436	2 Elated-themes, Wordpress	2 Helvig, Wordpress	2026-03-09	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Helvig helvig allows PHP Local File Inclusion.This issue affects Helvig: from n/a through <= 1.0.
CVE-2026-22434	2 Ancorathemes, Wordpress	2 Crown Art, Wordpress	2026-03-09	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Crown Art crown-art allows PHP Local File Inclusion.This issue affects Crown Art: from n/a through <= 1.2.11.
CVE-2026-22432	2 Ancorathemes, Wordpress	2 Woopy, Wordpress	2026-03-09	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Woopy woopy allows PHP Local File Inclusion.This issue affects Woopy: from n/a through <= 1.2.
CVE-2026-22429	2 Mikado-themes, Wordpress	2 Verdure, Wordpress	2026-03-09	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Verdure verdure allows PHP Local File Inclusion.This issue affects Verdure: from n/a through <= 1.6.
CVE-2026-22427	2 Mikado-themes, Wordpress	2 Gotravel, Wordpress	2026-03-09	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes GoTravel gotravel allows PHP Local File Inclusion.This issue affects GoTravel: from n/a through <= 2.1.
CVE-2026-22424	2 Ancorathemes, Wordpress	2 Shaha, Wordpress	2026-03-09	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Shaha shaha allows PHP Local File Inclusion.This issue affects Shaha: from n/a through <= 1.1.2.
CVE-2026-22421	2 Ancorathemes, Wordpress	2 Quantum, Wordpress	2026-03-09	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Quantum quantum allows PHP Local File Inclusion.This issue affects Quantum: from n/a through <= 1.0.
CVE-2026-22419	2 Ancorathemes, Wordpress	2 Honor, Wordpress	2026-03-09	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Honor honor allows PHP Local File Inclusion.This issue affects Honor: from n/a through <= 2.3.
CVE-2026-22417	2 Themegoods, Wordpress	2 Grand Wedding, Wordpress	2026-03-09	8.1 High
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows Object Injection.This issue affects Grand Wedding: from n/a through <= 3.1.0.
CVE-2026-22415	2 Ancorathemes, Wordpress	2 The Mounty, Wordpress	2026-03-09	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes The Mounty the-mounty allows PHP Local File Inclusion.This issue affects The Mounty: from n/a through <= 1.1.
CVE-2026-27411	2 Jp-secure, Wordpress	2 Siteguard Wp Plugin, Wordpress	2026-03-09	5.3 Medium
Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9.
CVE-2026-27396	2 E-plugins, Wordpress	2 Directory Pro, Wordpress	2026-03-09	7.3 High
Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.
CVE-2026-27389	2 Designthemes, Wordpress	2 Wedesigntech Ultimate Booking Addon, Wordpress	2026-03-09	9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1.
CVE-2026-27386	2 Designthemes, Wordpress	2 Designthemes Directory Addon, Wordpress	2026-03-09	7.5 High
Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Directory Addon: from n/a through <= 1.8.
CVE-2026-27384	2 Boldgrid, Wordpress	2 W3 Total Cache, Wordpress	2026-03-09	9 Critical
Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1.
CVE-2026-27382	2 Radiustheme, Wordpress	2 Metro, Wordpress	2026-03-09	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through <= 2.13.
CVE-2026-27379	2 Nextscripts, Wordpress	2 Nextscripts, Wordpress	2026-03-09	8.8 High
Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through <= 4.4.7.
CVE-2026-27332	2 Skygroup, Wordpress	2 Agrofood, Wordpress	2026-03-09	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Agrofood agrofood allows Reflected XSS.This issue affects Agrofood: from n/a through <= 1.3.0.
CVE-2026-22477	2 Ancorathemes, Wordpress	2 Felizia, Wordpress	2026-03-09	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Felizia felizia allows PHP Local File Inclusion.This issue affects Felizia: from n/a through <= 1.3.4.

« first previous Page 7 of 540. next last »