Wordpress CVEs and Security Vulnerabilities

Export limit exceeded: 359582 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (12936 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-69183	2 E-plugins, Wordpress	2 Hospital & Doctor Directory, Wordpress	2026-04-15	8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
CVE-2025-69186	2 E-plugins, Wordpress	2 Hospital & Doctor Directory, Wordpress	2026-04-15	7.3 High
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
CVE-2025-69187	2 E-plugins, Wordpress	2 Final User, Wordpress	2026-04-15	7.3 High
Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5.
CVE-2025-69188	2 E-plugins, Wordpress	2 Fitness Trainer, Wordpress	2026-04-15	7.3 High
Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through <= 1.7.1.
CVE-2025-69190	1 Wordpress	1 Wordpress	2026-04-15	7.3 High
Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through <= 1.0.6.
CVE-2025-69193	2 E-plugins, Wordpress	2 Wp Membership, Wordpress	2026-04-15	7.3 High
Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2025-69292	2 E-plugins, Wordpress	2 Wp Membership, Wordpress	2026-04-15	8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2025-69295	2 Teconcetheme, Wordpress	2 Coven Core, Wordpress	2026-04-15	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injection.This issue affects Coven Core: from n/a through <= 1.3.
CVE-2025-69296	2 Ghostpool, Wordpress	2 Aardvark, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhostPool Aardvark aardvark allows Reflected XSS.This issue affects Aardvark: from n/a through <= 4.6.3.
CVE-2025-69297	2 Ghostpool, Wordpress	2 Aardvark Plugin, Wordpress	2026-04-15	7.5 High
Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19.
CVE-2025-69299	2 Laborator, Wordpress	2 Oxygen, Wordpress	2026-04-15	7.2 High
Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8.
CVE-2025-69301	2 Themegoods, Wordpress	2 Photome, Wordpress	2026-04-15	9.8 Critical
Deserialization of Untrusted Data vulnerability in ThemeGoods PhotoMe photome allows Object Injection.This issue affects PhotoMe: from n/a through <= 5.6.11.
CVE-2025-69302	2 Designthemes, Wordpress	2 Designthemes Core Features, Wordpress	2026-04-15	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core Features designthemes-core-features allows Reflected XSS.This issue affects DesignThemes Core Features: from n/a through <= 2.3.
CVE-2025-69304	2 Teconcetheme, Wordpress	2 Allmart, Wordpress	2026-04-15	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Allmart allmart-core allows Blind SQL Injection.This issue affects Allmart: from n/a through <= 1.1.
CVE-2025-69307	2 Teconcetheme, Wordpress	2 Medinik Core, Wordpress	2026-04-15	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through <= 1.3.6.
CVE-2025-69308	2 Teconcetheme, Wordpress	2 Nestbyte Core, Wordpress	2026-04-15	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Nestbyte Core nestbyte-core allows Blind SQL Injection.This issue affects Nestbyte Core: from n/a through <= 1.2.
CVE-2025-69309	2 Teconcetheme, Wordpress	2 Saasplate Core, Wordpress	2026-04-15	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Saasplate Core saasplate-core allows Blind SQL Injection.This issue affects Saasplate Core: from n/a through <= 1.2.8.
CVE-2025-69313	2 Wordpress, Wpxpo	2 Wordpress, Postx	2026-04-15	7.5 High
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3.
CVE-2025-69314	1 Wordpress	1 Wordpress	2026-04-15	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Werkstatt werkstatt allows PHP Local File Inclusion.This issue affects Werkstatt: from n/a through < 4.8.3.
CVE-2025-69315	2 Nsquared, Wordpress	2 Simply Schedule Appointments, Wordpress	2026-04-15	6.5 Medium
Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.15.

« first previous Page 600 of 647. next last »