Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 12021 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-4214	1 Wordpress	1 Wordpress	2026-04-28	2.7 Low
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Bill Minozzi Car Dealer allows Code Injection.This issue affects Car Dealer: from n/a through 4.15.
CVE-2024-38758	1 Wordpress	1 Wordpress	2026-04-28	4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4.
CVE-2024-38715	1 Wordpress	1 Wordpress	2026-04-28	6.5 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1.
CVE-2024-37932	2 Anhvnit, Wordpress	2 Woocommerce Openpos, Wordpress	2026-04-28	8.6 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.
CVE-2024-37938	1 Wordpress	1 Wordpress	2026-04-28	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop SociallyViral.This issue affects SociallyViral: from n/a through 1.0.10.
CVE-2024-35640	1 Wordpress	1 Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tomas Cordero Safety Exit allows Stored XSS.This issue affects Safety Exit: from n/a through 1.7.0.
CVE-2024-34806	1 Wordpress	1 Wordpress	2026-04-28	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1.
CVE-2024-34760	1 Wordpress	1 Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockart Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.6.
CVE-2024-34752	2 Pluginops, Wordpress	2 Landing Page Builder, Wordpress	2026-04-28	7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builder: from n/a through 1.5.1.8.
CVE-2024-34571	2 Themegrill, Wordpress	2 Himalayas, Wordpress	2026-04-28	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.0.
CVE-2024-34565	1 Wordpress	1 Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debug Info allows Stored XSS.This issue affects Debug Info: from n/a through 1.3.10.
CVE-2024-34574	1 Wordpress	1 Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpsoul Table Maker allows Stored XSS.This issue affects Table Maker: from n/a through 1.9.1.
CVE-2024-34568	2 Themeqx, Wordpress	2 Letterpress, Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeqx LetterPress allows Stored XSS.This issue affects LetterPress: from n/a through 1.2.1.
CVE-2024-34560	1 Wordpress	1 Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GOMO gee Search Plus allows Stored XSS.This issue affects gee Search Plus: from n/a through 1.4.4.
CVE-2024-34550	1 Wordpress	1 Wordpress	2026-04-28	5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17.
CVE-2024-34549	2 Automattic, Wordpress	2 Wp Job Manager, Wordpress	2026-04-28	5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.2.2.
CVE-2024-34548	1 Wordpress	1 Wordpress	2026-04-28	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.4.8.
CVE-2024-34427	1 Wordpress	1 Wordpress	2026-04-28	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8.
CVE-2024-34425	1 Wordpress	1 Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Baylog QuickieBar allows Stored XSS.This issue affects QuickieBar: from n/a through 1.8.4.
CVE-2024-34439	1 Wordpress	1 Wordpress	2026-04-28	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in divSpot DS Site Message.This issue affects DS Site Message: from n/a through 1.14.4.

« first previous Page 42 of 602. next last »