930 Total CVEs
732 AI Analyzed
0 CISA KEV
261 Critical
All Vendors
Showing 1-930 of 930 CVEs
CVE-2026-9860
Analyzed
8.8
WordPress Offload, AI & Optimize with Cloudflare Images

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1

2026-06-18
CVE-2026-9843
Analyzed
8.1
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path...

2026-06-21
CVE-2026-9725
Analyzed
9.1
WordPress Printcart Web to Print Product Designer for WooCommerce

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to unauthenticated arbitrary file deletion via improper...

2026-07-03
CVE-2026-9711
Analyzed
9.8
WordPress EventON (Pro) - WordPress Virtual Event Calendar Plugin

The EventON WordPress plugin is vulnerable to unauthenticated SQL injection via the search parameter due to insufficient input escaping and lack of pa...

2026-07-01
CVE-2026-9662
Analyzed
8.1
WordPress Recover Exit For WooCommerce Plugin

The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1

2026-06-09
CVE-2026-9227
Analyzed
8.8
WordPress is vulnerable

The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2

2026-05-28
CVE-2026-9018
Analyzed
8.8
WordPress is vulnerable

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and inc...

2026-05-22
CVE-2026-9010
Analyzed
7.5
WordPress is vulnerable

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current_url' and 'user_name' parameters in versions up to, and inclu...

2026-05-20
CVE-2026-9009
Analyzed
8.8
WordPress is vulnerable

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2

2026-05-28
CVE-2026-8935
Analyzed
9.8
WordPress WP MAPS PRO Plugin

The WP MAPS PRO WordPress plugin allows unauthenticated attackers to create administrator accounts via an improperly secured AJAX action.

2026-06-16
CVE-2026-8912
Analyzed
7.5
WordPress is vulnerable

The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form_input' parameter in versions up to, and including, 28

2026-05-20
CVE-2026-8832
Analyzed
8.8
WordPress Code Manager Plugin

The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in...

2026-05-27
CVE-2026-8809
Analyzed
9.8
WordPress Advanced Custom Fields: Extended Plugin

The Advanced Custom Fields: Extended plugin for WordPress contains a validation bypass vulnerability that allows unauthenticated attackers to create n...

2026-05-29
CVE-2026-8787
Analyzed
8.8
WordPress Support & Chat Management Plugin

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3

2026-05-27
CVE-2026-8760
Analyzed
9.8
WordPress Login with OTP

The WordPress "Login with OTP" plugin is vulnerable to authentication bypass via brute-forcing of the 6-digit OTP, which lacks expiration and rate-lim...

2026-05-27
CVE-2026-8732
Analyzed
9.8
WordPress is vulnerable

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6....

2026-05-29
CVE-2026-8719
Analyzed
8.8
WordPress plugin for

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3

2026-05-17
CVE-2026-8444
Analyzed
8.8
WordPress WP Review Slider Pro

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in...

2026-06-16
CVE-2026-8443
Analyzed
8.8
WordPress WP Review Slider Pro

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_cha...

2026-06-16
CVE-2026-8206
Analyzed
9.8
WordPress Kirki Plugin

The Kirki plugin for WordPress is vulnerable to unauthenticated privilege escalation via an account takeover flaw in the password reset process.

2026-06-02
CVE-2026-8163
Analyzed
8.8
WordPress Infility Global Plugin

The Infility Global WordPress plugin before 2

2026-06-24
CVE-2026-8157
Analyzed
8.8
WordPress Vitepos

The Vitepos WordPress plugin before 3

2026-06-23
CVE-2026-8095
Analyzed
8.1
WordPress Frontend File Manager Plugin

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23

2026-06-28
CVE-2026-8073
Analyzed
7.5
WordPress is vulnerable

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file...

2026-05-20
CVE-2026-8071
Analyzed
8.8
WordPress Anti-Spam by CleanTalk plugin

The Anti-Spam by CleanTalk

2026-06-11
CVE-2026-7862
Analyzed
8.6
WordPress plugin before

The Eupago Gateway For Woocommerce WordPress plugin before 4

2026-05-29
CVE-2026-7802
Analyzed
8.8
WordPress is vulnerable

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3

2026-05-28
CVE-2026-7761
Analyzed
8.8
WordPress Ultimate Member Plugin

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2

2026-06-24
CVE-2026-7649
7.5
WordPress is vulnerable

The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to time-based blin...

2026-05-02
CVE-2026-7641
8.8
WordPress is vulnerable

The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2

2026-05-02
CVE-2026-7567
Analyzed
9.8
WordPress is vulnerable

The Temporary Login plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any temporary user.

2026-05-02
CVE-2026-7522
Analyzed
8.8
WordPress is vulnerable

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4

2026-05-20
CVE-2026-7467
Analyzed
8.8
WordPress is vulnerable

The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3

2026-05-20
CVE-2026-7465
Analyzed
8.8
WordPress is vulnerable

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to,...

2026-05-31
CVE-2026-7458
Analyzed
9.8
WordPress is vulnerable

The User Verification plugin for WordPress is vulnerable to authentication bypass due to loose comparison of OTP codes, allowing unauthenticated login...

2026-05-02
CVE-2026-7448
7.2
WordPress is vulnerable

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first_n...

2026-05-06
CVE-2026-7332
7.2
WordPress is vulnerable

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking...

2026-05-06
CVE-2026-7311
Analyzed
8.1
WordPress JPEG, PNG & WebP image compression plugin

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validatio...

2026-07-03
CVE-2026-7284
Analyzed
9.8
WordPress is vulnerable

The Easy Elements for Elementor plugin is vulnerable to privilege escalation, allowing unauthenticated users to register as administrators.

2026-05-20
CVE-2026-7252
8.1
WordPress is vulnerable

The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary fi...

2026-05-07
CVE-2026-7106
Analyzed
8.8
WordPress is vulnerable

The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1

2026-04-27
CVE-2026-6963
8.8
WordPress is vulnerable

The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmg_save_provider_config AJAX a...

2026-05-02
CVE-2026-6960
Analyzed
9.8
WordPress BookingPress Pro

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads, potentially allowing unauthenticated remote code execution.

2026-05-22
CVE-2026-6933
Analyzed
8.8
WordPress Dev Tools

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2

2026-06-16
CVE-2026-6898
Analyzed
8.8
WordPress WishList Member

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember3_...

2026-05-27
CVE-2026-6897
Analyzed
8.8
WordPress WishList Member

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\F...

2026-05-27
CVE-2026-6895
Analyzed
8.8
WordPress WishList Member

The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation i...

2026-05-27
CVE-2026-6858
Analyzed
7.1
WordPress Webpay WordPress Plugin

The Transbank Webpay WordPress plugin before 1

2026-06-23
CVE-2026-6741
8.8
WordPress is vulnerable

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and i...

2026-04-28
CVE-2026-6692
8.8
WordPress is vulnerable

The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7

2026-05-07
CVE-2026-6555
Analyzed
9.8
WordPress is vulnerable

The ProSolution WP Client WordPress plugin is vulnerable to arbitrary file upload due to improper validation of the upload array, allowing remote code...

2026-05-20
CVE-2026-6518
8.8
WordPress is vulnerable

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all...

2026-04-18
CVE-2026-6512
Analyzed
9.1
WordPress is vulnerable

The InfusedWoo Pro plugin for WordPress is vulnerable to an authorization bypass that allows unauthenticated attackers to perform destructive actions...

2026-05-15
CVE-2026-6510
Analyzed
9.8
WordPress is vulnerable

The InfusedWoo Pro WordPress plugin is vulnerable to authentication bypass and privilege escalation via an insecure AJAX handler.

2026-05-14
CVE-2026-6506
8.8
WordPress is vulnerable

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5

2026-05-14
CVE-2026-6495
Analyzed
7.1
WordPress plugin before

The Ajax Load More WordPress plugin before 7

2026-05-19
CVE-2026-6456
Analyzed
8.8
WordPress is vulnerable

The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1

2026-05-20
CVE-2026-6443
Analyzed
9.8
WordPress is vulnerable

The Accordion and Accordion Slider plugin for WordPress version 1.4.6 contains a malicious backdoor injected by threat actors.

2026-04-17
CVE-2026-6419
Analyzed
8.8
WordPress WishList Member

The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3

2026-05-27
CVE-2026-6403
Analyzed
7.5
WordPress is vulnerable

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1

2026-05-17
CVE-2026-6382
Analyzed
9.1
WordPress FileOrganizer, Advanced File Manager, File Manager Pro, File Manager

Several WordPress file management plugins are vulnerable to OS Command Injection when processing images, allowing authenticated users with administrat...

2026-07-07
CVE-2026-6381
Analyzed
7.5
WordPress plugin before

The WP Maps WordPress plugin before 4

2026-05-19
CVE-2026-6379
Analyzed
8.6
WordPress plugin before

The WP Photo Album Plus WordPress plugin before 9

2026-05-19
CVE-2026-6320
7.5
WordPress is vulnerable

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10

2026-05-03
CVE-2026-6271
Analyzed
9.8
WordPress is vulnerable

The Career Section WordPress plugin is vulnerable to arbitrary file upload due to missing file type validation, enabling remote code execution.

2026-05-14
CVE-2026-6261
Analyzed
8.8
WordPress is vulnerable

The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28

2026-05-06
CVE-2026-6248
8.1
WordPress is vulnerable

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3

2026-04-21
CVE-2026-6235
Analyzed
9.8
WordPress plugin for

The Sendmachine for WordPress plugin is vulnerable to an authorization bypass, allowing unauthenticated attackers to modify SMTP configurations.

2026-04-23
CVE-2026-6228
8.8
WordPress is vulnerable

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3

2026-05-15
CVE-2026-6227
7.2
WordPress is vulnerable

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST end...

2026-04-14
CVE-2026-6226
Analyzed
8.8
WordPress is vulnerable

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3

2026-05-29
CVE-2026-6070
Analyzed
9.1
WordPress WP-BusinessDirectory

The WP-BusinessDirectory plugin for WordPress contains an unauthenticated arbitrary file deletion vulnerability due to insufficient path validation in...

2026-07-01
CVE-2026-5821
Analyzed
8.1
WordPress Image Optimizer – Optimize Images and Convert to WebP or AVIF

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1

2026-07-03
CVE-2026-5809
7.1
WordPress is vulnerable

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3

2026-04-12
CVE-2026-57766
Analyzed
8.8
WordPress File Manager & Code Editor

Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3

2026-07-03
CVE-2026-57692
Analyzed
9.8
WordPress PrivateContent

LCweb PrivateContent is vulnerable to an incorrect privilege assignment flaw, potentially allowing an attacker to escalate privileges within the appli...

2026-07-02
CVE-2026-57683
Analyzed
9.3
WordPress WP Fast Total Search

An unauthenticated SQL injection vulnerability exists in Epsiloncool WP Fast Total Search versions 1.80.280 and earlier, allowing remote attackers to...

2026-07-03
CVE-2026-57667
Analyzed
8.5
WordPress Groundhogg

Sales Representative SQL Injection in Groundhogg <= 4

2026-06-27
CVE-2026-57663
Analyzed
8.5
WordPress Recipe Maker For Your Food Blog

Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8

2026-06-27
CVE-2026-57655
Analyzed
8.2
WordPress Child Theme Wizard

Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1

2026-06-27
CVE-2026-57653
Analyzed
8.5
WordPress WP Job Portal

Contributor SQL Injection in WP Job Portal <= 2

2026-06-27
CVE-2026-57644
Analyzed
8.5
WordPress Restaurant Menu

Contributor SQL Injection in Restaurant Menu by MotoPress <= 2

2026-06-27
CVE-2026-57636
Analyzed
8.5
WordPress wpForo Forum

Contributor SQL Injection in wpForo Forum <= 3

2026-06-27
CVE-2026-57628
Analyzed
7.6
WordPress WP All Import

Administrator SQL Injection in WP All Import <= 4

2026-06-28
CVE-2026-57315
Analyzed
8.5
WordPress Blocksy Companion Pro

Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2

2026-06-27
CVE-2026-5722
Analyzed
9.8
WordPress is vulnerable

An authentication bypass vulnerability in MoreConvert Pro for WordPress allows unauthenticated attackers to hijack administrator accounts by manipulat...

2026-05-05
CVE-2026-5718
8.1
WordPress is vulnerable

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including...

2026-04-18
CVE-2026-5710
7.5
WordPress is vulnerable

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versi...

2026-04-18
CVE-2026-5617
8.8
WordPress is vulnerable

The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1

2026-04-16
CVE-2026-56070
Analyzed
9.3
WordPress Advance Product Search

The Advance Product Search plugin for WordPress is susceptible to an unauthenticated SQL injection vulnerability in versions 1.4.4 and earlier.

2026-06-27
CVE-2026-56068
Analyzed
9.3
WordPress JetEngine

JetEngine versions 3.8.10.2 and earlier are vulnerable to an unauthenticated SQL injection, potentially allowing remote attackers to manipulate databa...

2026-06-27
CVE-2026-56063
Analyzed
8.3
WordPress MailChimp Block

Unauthenticated Broken Access Control in MailChimp Block <= 1

2026-06-27
CVE-2026-56059
Analyzed
9.9
WordPress Travel Booking

The Travel Booking WordPress plugin contains an arbitrary file upload vulnerability exploitable by authenticated subscribers.

2026-06-27
CVE-2026-56058
Analyzed
9.9
WordPress Quform

The Quform WordPress plugin is susceptible to an arbitrary file upload vulnerability exploitable by authenticated subscribers.

2026-06-27
CVE-2026-56049
Analyzed
8.5
WordPress Post Snippets

Contributor Remote Code Execution (RCE) in Post Snippets <= 4

2026-06-26
CVE-2026-56037
Analyzed
8.8
WordPress Themify Popup

Deserialization of Untrusted Data vulnerability in Themify Themify Popup allows Object Injection

2026-07-03
CVE-2026-56036
Analyzed
9.3
WordPress 워드프레스 결제 심플페이 (WordPress Simple Pay)

An unauthenticated SQL injection vulnerability exists in the Codemstory 워드프레스 결제 심플페이 plugin, allowing remote attackers to execute arbitrary database...

2026-06-27
CVE-2026-56030
Analyzed
9.8
WordPress Paytium

A critical unauthenticated privilege escalation vulnerability in the Paytium plugin allows remote attackers to gain unauthorized administrative privil...

2026-06-27
CVE-2026-56028
Analyzed
9.8
WordPress Easy Elements for Elementor

A critical unauthenticated privilege escalation vulnerability exists in the Easy Elements for Elementor plugin, allowing attackers to elevate their ac...

2026-06-27
CVE-2026-56027
Analyzed
9.9
WordPress Booster for WooCommerce

Booster for WooCommerce contains an arbitrary file upload vulnerability allowing unauthenticated remote code execution.

2026-06-27
CVE-2026-56010
Analyzed
8.8
WordPress Abandoned Cart Pro for WooCommerce

Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10

2026-06-27
CVE-2026-56008
Analyzed
8.8
WordPress Fusion Builder

Contributor Privilege Escalation in Fusion Builder <= 3

2026-06-27
CVE-2026-5524
Analyzed
9.8
WordPress Divi Form Builder

The Divi Form Builder plugin for WordPress contains an arbitrary file upload vulnerability allowing unauthenticated remote code execution via insuffic...

2026-07-03
CVE-2026-5513
Analyzed
7.2
WordPress Online Scheduling and Appointment Booking System

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-custom...

2026-06-15
CVE-2026-54849
Analyzed
9.3
WordPress Wishlist for WooCommerce

Premmerce Wishlist for WooCommerce contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries...

2026-06-26
CVE-2026-54843
Analyzed
9.3
WordPress MDTF

The MDTF plugin for WordPress contains an unauthenticated SQL injection vulnerability in versions 1.3.7 and earlier, allowing remote attackers to exec...

2026-06-26
CVE-2026-54842
Analyzed
8.1
WordPress Royal MCP

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels

2026-06-27
CVE-2026-54838
Analyzed
8.5
WordPress WC Vendors Marketplace

Subscriber SQL Injection in WC Vendors Marketplace <= 2

2026-06-26
CVE-2026-54832
Analyzed
7.5
WordPress Gutenverse Companion

Unauthenticated Broken Access Control in Gutenverse Companion <= 2

2026-06-28
CVE-2026-54831
Analyzed
9.3
WordPress GeoDirectory

GeoDirectory versions 2.8.162 and earlier are susceptible to an unauthenticated SQL injection vulnerability, enabling database manipulation by remote...

2026-06-27
CVE-2026-54827
Analyzed
9.3
WordPress Real Estate 7

Real Estate 7 contains an unauthenticated SQL injection vulnerability in versions 3.5.9 and earlier, allowing remote attackers to manipulate database...

2026-06-27
CVE-2026-54825
Analyzed
9.3
WordPress wpDataTables

The wpDataTables plugin for WordPress contains an unauthenticated SQL injection vulnerability that enables remote attackers to manipulate database que...

2026-06-27
CVE-2026-54824
Analyzed
7.5
WordPress Ads by WPQuads

Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3

2026-06-28
CVE-2026-54820
Analyzed
9.3
WordPress JetBooking

An unauthenticated SQL injection vulnerability in the JetBooking plugin for WordPress allows remote attackers to execute arbitrary SQL queries and acc...

2026-06-27
CVE-2026-5478
8.1
WordPress is vulnerable

The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3

2026-04-21
CVE-2026-5465
8.8
WordPress is vulnerable

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to...

2026-04-07
CVE-2026-5436
8.1
WordPress is vulnerable

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5

2026-04-09
CVE-2026-5425
Analyzed
7.2
WordPress is vulnerable

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feed_data' parameter keys in all versions...

2026-04-05
CVE-2026-5396
8.2
WordPress is vulnerable

The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6

2026-05-14
CVE-2026-5395
8.2
WordPress is vulnerable

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Objec...

2026-05-14
CVE-2026-5364
8.1
WordPress is vulnerable

The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1

2026-04-24
CVE-2026-5324
7.2
WordPress is vulnerable

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2

2026-05-04
CVE-2026-5305
Analyzed
8.8
WordPress Email Address Encoder

The Email Address Encoder WordPress plugin before 1

2026-06-26
CVE-2026-5294
Analyzed
9.8
WordPress is vulnerable

The Geeky Bot plugin for WordPress contains a missing authorization vulnerability that allows unauthenticated attackers to achieve remote code executi...

2026-05-05
CVE-2026-52703
Analyzed
9.6
WordPress FastDup

An unauthenticated path traversal vulnerability exists in the FastDup plugin for WordPress, allowing attackers to access sensitive files.

2026-06-16
CVE-2026-5231
7.2
WordPress is vulnerable

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up to, and includin...

2026-04-18
CVE-2026-5229
Analyzed
9.8
WordPress is vulnerable

The Form Notify plugin for WordPress suffers from an authentication bypass vulnerability due to improper verification of user-controlled cookie data d...

2026-05-15
CVE-2026-5217
7.2
WordPress is vulnerable

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Sc...

2026-04-12
CVE-2026-5200
Analyzed
8.8
WordPress plugin for

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authoriza...

2026-05-20
CVE-2026-5192
7.5
WordPress is vulnerable

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions up to, and in...

2026-05-05
CVE-2026-5144
8.8
WordPress is vulnerable

The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1

2026-04-11
CVE-2026-5130
8.8
WordPress was vulnerable

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1

2026-03-31
CVE-2026-5127
8.8
WordPress is vulnerable

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserial...

2026-05-08
CVE-2026-5118
Analyzed
9.8
WordPress Divi Form Builder

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation, allowing unauthenticated users to register as administrators.

2026-05-22
CVE-2026-5113
7.2
WordPress is vulnerable

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2

2026-05-02
CVE-2026-5112
7.2
WordPress is vulnerable

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2

2026-05-02
CVE-2026-5111
7.2
WordPress is vulnerable

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2

2026-05-02
CVE-2026-5110
7.2
WordPress is vulnerable

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2

2026-05-02
CVE-2026-5109
7.2
WordPress is vulnerable

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2

2026-05-02
CVE-2026-5100
Analyzed
7.5
WordPress is vulnerable

The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and including, 4

2026-05-05
CVE-2026-5076
Analyzed
9.8
WordPress ARMember Premium Plugin

The ARMember Premium plugin for WordPress stores plaintext password reset keys, allowing unauthenticated attackers to reset user passwords and hijack...

2026-06-03
CVE-2026-5063
7.2
WordPress plugin for

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in...

2026-05-04
CVE-2026-5032
7.5
WordPress is vulnerable

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2

2026-04-03
CVE-2026-4987
7.5
WordPress is vulnerable

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up...

2026-03-29
CVE-2026-49780
Analyzed
8.8
WordPress Dokan Plugin

Customer Privilege Escalation in Dokan <= 5

2026-06-16
CVE-2026-49777
Analyzed
10
WordPress Product Slider Pro for WooCommerce

An improper validation vulnerability in ShapedPlugin Product Slider Pro for WooCommerce allows unauthenticated attackers to perform malicious software...

2026-06-06
CVE-2026-49766
Analyzed
9.9
WordPress WP User Manager

An arbitrary file deletion vulnerability in the WP User Manager plugin for WordPress allows authenticated users to delete sensitive system files.

2026-06-16
CVE-2026-49764
Analyzed
9.8
WordPress RegistrationMagic

A broken authentication vulnerability in the RegistrationMagic plugin for WordPress allows unauthenticated attackers to bypass security controls.

2026-06-16
CVE-2026-4935
8.6
WordPress plugin before

The OttoKit: All-in-One Automation Platform WordPress plugin before 1

2026-05-09
CVE-2026-49111
Analyzed
8.8
WordPress Masteriyo - LMS

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation

2026-06-16
CVE-2026-48970
Analyzed
8.1
WordPress Really Simple SSL

Unauthenticated Broken Authentication in Really Simple SSL <= 9

2026-06-16
CVE-2026-48967
Analyzed
8.5
WordPress Geo Mashup Plugin

Subscriber SQL Injection in Geo Mashup <= 1

2026-06-18
CVE-2026-48964
Analyzed
8.5
WordPress HelpDesk & Customer Ticketing System

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3

2026-06-16
CVE-2026-4896
Analyzed
8.1
WordPress is vulnerable

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct...

2026-04-04
CVE-2026-48889
Analyzed
8.8
WordPress Amelia Plugin

Subscriber Privilege Escalation in Amelia <= 2

2026-06-16
CVE-2026-48882
Analyzed
8.5
WordPress WP Time Slots Booking Form

Subscriber SQL Injection in WP Time Slots Booking Form <= 1

2026-06-16
CVE-2026-48879
Analyzed
9.8
WordPress AIWU

The AIWU plugin for WordPress is vulnerable to privilege escalation due to incorrect privilege assignment.

2026-06-02
CVE-2026-48874
Analyzed
8.5
WordPress GamiPress

Subscriber SQL Injection in GamiPress <= 7

2026-06-16
CVE-2026-4885
Analyzed
9.8
WordPress is vulnerable

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to insufficient extension filtering, enabling una...

2026-05-19
CVE-2026-4883
Analyzed
9.8
WordPress is vulnerable

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to insufficient file extension blacklisting, enabling remote code ex...

2026-05-20
CVE-2026-4882
Analyzed
9.8
WordPress is vulnerable

The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads, potentially leading to remote code execution.

2026-05-02
CVE-2026-4880
Analyzed
9.8
WordPress is vulnerable

The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege e...

2026-04-16
CVE-2026-4834
Analyzed
7.5
WordPress is vulnerable

The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, and including, 1

2026-05-22
CVE-2026-4803
Analyzed
7.2
WordPress is vulnerable

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the wpr_update_form_action_...

2026-05-05
CVE-2026-4758
8.8
WordPress is vulnerable

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfiel...

2026-03-26
CVE-2026-47365
Analyzed
9.9
WordPress WordPress Toolkit

An argument injection vulnerability in WordPress Toolkit allows authenticated users to bypass cross-tenant authorization and execute arbitrary CLI com...

2026-06-12
CVE-2026-4662
7.5
WordPress is vulnerable

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all versions up to, and including, 3

2026-03-24
CVE-2026-4659
7.5
WordPress is vulnerable

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up...

2026-04-17
CVE-2026-4484
Analyzed
9.8
WordPress is vulnerable

The Masteriyo LMS plugin for WordPress allows authenticated Student-level users to escalate their privileges to Administrator via the InstructorsContr...

2026-03-26
CVE-2026-4388
7.2
WordPress is vulnerable

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box input type) in form submissio...

2026-04-14
CVE-2026-4373
7.5
WordPress is vulnerable

The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3

2026-03-22
CVE-2026-4365
Analyzed
9.1
WordPress is vulnerable

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` fu...

2026-04-14
CVE-2026-4352
7.5
WordPress is vulnerable

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, an...

2026-04-14
CVE-2026-4351
8.1
WordPress is vulnerable

The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2

2026-04-10
CVE-2026-4350
Analyzed
8.1
WordPress is vulnerable

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2

2026-04-03
CVE-2026-4347
8.1
WordPress is vulnerable

The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generate_user_filepath' f...

2026-04-02
CVE-2026-4326
8.8
WordPress is vulnerable

The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1

2026-04-09
CVE-2026-4314
Analyzed
8.8
WordPress Toolkit

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3

2026-03-22
CVE-2026-4306
7.5
WordPress is vulnerable

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2

2026-03-24
CVE-2026-4304
Analyzed
7.5
WordPress is vulnerable

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3

2026-05-06
CVE-2026-4302
7.2
WordPress is vulnerable

The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1

2026-03-22
CVE-2026-4297
Analyzed
8.8
WordPress Welcome Software Publishing Plugin

The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in all versions up to and including 0

2026-06-24
CVE-2026-4283
Analyzed
9.1
WordPress is vulnerable

The WP DSGVO Tools (GDPR) plugin for WordPress allows unauthenticated attackers to permanently destroy non-administrator accounts by bypassing the ema...

2026-03-24
CVE-2026-42680
Analyzed
9.8
WordPress Contest Gallery Pro

Contest Gallery Pro for WordPress contains an incorrect privilege assignment vulnerability that allows privilege escalation.

2026-06-02
CVE-2026-4267
7.2
WordPress plugin for

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$_SERVER['RE...

2026-04-01
CVE-2026-42629
Analyzed
8.8
WordPress PowerPack Pro for Elementor

Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2

2026-06-18
CVE-2026-4261
8.8
WordPress is vulnerable

The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1

2026-03-21
CVE-2026-4259
Analyzed
7.1
WordPress Ultimate WooCommerce Auction Pro

The ultimate-woocommerce-auction-pro WordPress plugin through 2

2026-06-23
CVE-2026-4257
Analyzed
9.8
WordPress is vulnerable

The Contact Form by Supsystic plugin for WordPress is vulnerable to unauthenticated Remote Code Execution via Server-Side Template Injection in the Tw...

2026-03-31
CVE-2026-4248
8
WordPress is vulnerable

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2

2026-03-28
CVE-2026-42411
Analyzed
8.1
WordPress CloudSecure WP Security

Unauthenticated Broken Authentication in CloudSecure WP Security <= 1

2026-06-16
CVE-2026-4162
7.1
WordPress is vulnerable

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2

2026-04-12
CVE-2026-41471
7.5
WordPress versions

Easy PayPal Events & Tickets plugin for WordPress versions 1

2026-05-05
CVE-2026-4132
7.2
WordPress is vulnerable

The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to an...

2026-04-24
CVE-2026-4119
Analyzed
9.1
WordPress is vulnerable

The Create DB Tables plugin for WordPress is vulnerable to authorization bypass, allowing authenticated attackers to drop or create database tables.

2026-04-23
CVE-2026-4100
7.1
WordPress is vulnerable

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all version...

2026-05-04
CVE-2026-4094
8.1
WordPress is vulnerable

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability chec...

2026-05-16
CVE-2026-40772
Analyzed
10
WordPress GeekyBot Plugin

The GeekyBot WordPress plugin is susceptible to an unauthenticated arbitrary file upload vulnerability, which can lead to remote code execution.

2026-06-16
CVE-2026-4062
7.5
WordPress is vulnerable

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions...

2026-05-03
CVE-2026-4061
7.5
WordPress is vulnerable

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including,...

2026-05-03
CVE-2026-4060
7.5
WordPress is vulnerable

The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1

2026-05-03
CVE-2026-4038
Analyzed
9.8
WordPress is vulnerable

The Aimogen Pro plugin for WordPress allows unauthenticated arbitrary function calls. Attackers can exploit this to change the default user role to ad...

2026-03-20
CVE-2026-4030
8.1
WordPress plugin for

The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up to, and inclu...

2026-05-16
CVE-2026-4021
8.1
WordPress is vulnerable

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and includ...

2026-03-24
CVE-2026-4020
7.5
WordPress is vulnerable

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2

2026-03-31
CVE-2026-4003
Analyzed
9.8
WordPress is vulnerable

The Users manager – PN WordPress plugin contains a privilege escalation flaw allowing unauthenticated attackers to modify arbitrary user metadata.

2026-04-08
CVE-2026-3985
Analyzed
7.5
WordPress is vulnerable

The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout_uuid' paramet...

2026-05-20
CVE-2026-39591
Analyzed
9.9
WordPress WP-BusinessDirectory

An arbitrary file upload vulnerability exists in the WP-BusinessDirectory plugin for WordPress, allowing attackers to upload malicious files.

2026-06-16
CVE-2026-39587
Analyzed
8.1
WordPress WP BASE Booking

Unauthenticated Privilege Escalation in WP BASE Booking <= 5

2026-06-16
CVE-2026-39583
Analyzed
9.8
WordPress Ecommerce Delivery

An unauthenticated privilege escalation vulnerability exists in the Datalogics Ecommerce Delivery WordPress plugin, allowing attackers to gain adminis...

2026-06-16
CVE-2026-39581
Analyzed
8.5
WordPress WP Sessions Time Monitoring Full Automatic

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1

2026-06-17
CVE-2026-39579
Analyzed
8.8
WordPress B Blocks

Contributor Privilege Escalation in B Blocks <= 2

2026-06-16
CVE-2026-39531
Analyzed
9.3
WordPress WP Directory Kit

The WP Directory Kit plugin for WordPress is vulnerable to Blind SQL Injection, allowing attackers to extract sensitive database information.

2026-05-22
CVE-2026-39502
Analyzed
9.3
WordPress Form Maker

The Form Maker by 10Web plugin for WordPress is vulnerable to unauthenticated SQL injection, allowing attackers to extract information from the databa...

2026-06-16
CVE-2026-39492
Analyzed
9.3
WordPress WP Maps Plugin

The WP Maps plugin for WordPress is vulnerable to unauthenticated SQL injection, enabling attackers to extract sensitive information from the database...

2026-06-16
CVE-2026-39441
Analyzed
9.3
WordPress Feed KuantoKusta for WooCommerce

The Feed KuantoKusta for WooCommerce plugin contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate databas...

2026-06-16
CVE-2026-3891
Analyzed
9.8
WordPress is vulnerable

The Pix for WooCommerce WordPress plugin (up to 1.5.0) is vulnerable to unauthenticated arbitrary file uploads due to missing capability checks and fi...

2026-03-14
CVE-2026-3844
Analyzed
9.8
WordPress is vulnerable

The Breeze Cache plugin for WordPress is vulnerable to unauthenticated arbitrary file uploads via the Gravatar fetching function.

2026-04-23
CVE-2026-3830
8.6
WordPress plugin before

The Product Filter for WooCommerce by WBW WordPress plugin before 3

2026-04-14
CVE-2026-3772
8.8
WordPress is vulnerable

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1

2026-05-02
CVE-2026-3666
Analyzed
8.8
WordPress is vulnerable

The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2

2026-04-05
CVE-2026-3658
7.5
WordPress is vulnerable

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' pa...

2026-03-20
CVE-2026-3655
Analyzed
9.8
WordPress OTP Login With Phone Number, OTP Verification Plugin

The OTP Login With Phone Number plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to hijack user account...

2026-05-29
CVE-2026-3643
7.2
WordPress is vulnerable

The Accessibly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API in all versions up to, and including, 3

2026-04-17
CVE-2026-3629
Analyzed
8.1
WordPress is vulnerable

The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1

2026-03-22
CVE-2026-3614
8.8
WordPress is vulnerable

The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9

2026-04-16
CVE-2026-3599
7.5
WordPress is vulnerable

The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'product_data' of the /wp-jso...

2026-04-17
CVE-2026-3596
Analyzed
9.8
WordPress is vulnerable

The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin regist...

2026-04-16
CVE-2026-3589
7.5
WordPress plugin from

The WooCommerce WordPress plugin from versions 5

2026-03-07
CVE-2026-3584
Analyzed
9.8
WordPress is vulnerable

The Kali Forms WordPress plugin is vulnerable to Remote Code Execution (RCE) via the form_process function, allowing unauthenticated attackers to exec...

2026-03-21
CVE-2026-3533
8.8
WordPress is vulnerable

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as wel...

2026-03-24
CVE-2026-3499
8.8
WordPress is vulnerable

The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in v...

2026-04-08
CVE-2026-34901
Analyzed
9.8
WordPress iControlWP

iControlWP contains an unauthenticated privilege escalation vulnerability that allows remote attackers to gain elevated access to the system.

2026-06-16
CVE-2026-3489
7.5
WordPress is vulnerable

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in...

2026-04-17
CVE-2026-3478
7.2
WordPress is vulnerable

The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1

2026-03-22
CVE-2026-3464
8.8
WordPress is vulnerable

The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_atta...

2026-04-18
CVE-2026-3461
Analyzed
9.8
WordPress is vulnerable

The Visa Acceptance Solutions plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.1.0. This is due to...

2026-04-16
CVE-2026-3459
8.1
WordPress is vulnerable

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type val...

2026-03-06
CVE-2026-3456
Analyzed
7.5
WordPress is vulnerable

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via the 'attributek...

2026-05-05
CVE-2026-3453
8.1
WordPress is vulnerable

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4

2026-03-11
CVE-2026-3445
Analyzed
7.1
WordPress is vulnerable

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vuln...

2026-04-05
CVE-2026-34424
Analyzed
9.8
WordPress and Joomla

Smart Slider 3 Pro 3.5.1.35 contains a critical remote access toolkit vulnerability that allows unauthenticated attackers to execute arbitrary code an...

2026-04-10
CVE-2026-3425
8.8
WordPress is vulnerable

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2

2026-05-14
CVE-2026-3368
7.2
WordPress is vulnerable

The Injection Guard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via malicious query parameter names in all versions up to and in...

2026-03-22
CVE-2026-3360
7.5
WordPress is vulnerable

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to,...

2026-04-11
CVE-2026-3359
Analyzed
7.5
WordPress is vulnerable

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parame...

2026-05-06
CVE-2026-3334
8.8
WordPress is vulnerable

The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or_blogname', 'or_blogdescription', and 'or_admin_email' parameters in...

2026-03-21
CVE-2026-3326
Analyzed
8.6
WordPress Xstore WordPress theme

The Xstore WordPress theme before 9

2026-06-11
CVE-2026-32834
7.5
WordPress version

Easy PayPal Events & Tickets plugin for WordPress version 1

2026-05-05
CVE-2026-32573
Analyzed
9.1
WordPress Nelio AB Testing

Nelio AB Testing plugin for WordPress contains a code injection vulnerability. This allows remote attackers to execute arbitrary code by exploiting im...

2026-03-26
CVE-2026-3243
8.8
WordPress is vulnerable

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop...

2026-04-09
CVE-2026-3220
Analyzed
8.8
WordPress plugin before

The Autoptimize WordPress plugin before 3

2026-05-19
CVE-2026-3180
7.5
WordPress is vulnerable

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLost...

2026-03-03
CVE-2026-3132
8.8
WordPress is vulnerable

The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2

2026-03-03
CVE-2026-3124
Analyzed
7.5
WordPress is vulnerable

The Download Monitor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5

2026-03-30
CVE-2026-3090
7.2
WordPress is vulnerable

The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable t...

2026-03-19
CVE-2026-3045
Analyzed
7.5
WordPress is vulnerable

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all ver...

2026-03-14
CVE-2026-3003
7.2
WordPress is vulnerable

The Vagaro Booking Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vagaro_code’ parameter in all versions up to, and...

2026-03-22
CVE-2026-2992
8.2
WordPress is vulnerable

The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the...

2026-03-19
CVE-2026-2991
Analyzed
9.8
WordPress is vulnerable

The KiviCare EHR plugin for WordPress suffers from an authentication bypass in its social login function, allowing unauthenticated attackers to log in...

2026-03-19
CVE-2026-2942
Analyzed
9.8
WordPress is vulnerable

The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation, enabling potential Remote...

2026-04-09
CVE-2026-2941
8.8
WordPress is vulnerable

The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksy...

2026-03-21
CVE-2026-2936
Analyzed
7.2
WordPress is vulnerable

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in all versi...

2026-04-05
CVE-2026-2931
8.8
WordPress is vulnerable

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9

2026-03-26
CVE-2026-2892
7.5
WordPress is vulnerable

The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3

2026-05-01
CVE-2026-2890
Analyzed
7.5
WordPress is vulnerable

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6

2026-03-14
CVE-2026-28562
Analyzed
8.2
WordPress database

wpForo 2

2026-03-01
CVE-2026-27938
7.7
WordPress sites

WPGraphQL provides a GraphQL API for WordPress sites

2026-02-26
CVE-2026-27542
Analyzed
9.8
WordPress Woocommerce Wholesale Lead Capture

The Woocommerce Wholesale Lead Capture plugin is vulnerable to incorrect privilege assignment, which allows attackers to escalate their privileges wit...

2026-03-19
CVE-2026-27419
Analyzed
9.9
WordPress Zegen

An arbitrary file upload vulnerability in Zozothemes Zegen allows authenticated attackers to execute malicious code.

2026-07-03
CVE-2026-27096
8.1
WordPress Theme allows

Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection

2026-03-19
CVE-2026-2631
Analyzed
9.8
WordPress plugin before

The Datalogics Ecommerce Delivery plugin for WordPress before 2.6.60 contains an unauthenticated REST endpoint vulnerability allowing remote attackers...

2026-03-12
CVE-2026-2626
8.1
WordPress plugin before

The divi-booster WordPress plugin before 5

2026-03-12
CVE-2026-2592
Analyzed
7.7
WordPress is vulnerable

The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and...

2026-02-17
CVE-2026-25863
Analyzed
7.5
WordPress plugin through

Conditional Fields for Contact Form 7 WordPress plugin through version 2

2026-05-05
CVE-2026-2579
7.5
WordPress is vulnerable

The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all ve...

2026-03-17
CVE-2026-2576
7.5
WordPress plugin for

The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment...

2026-02-18
CVE-2026-2568
7.2
WordPress is vulnerable

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi...

2026-03-04
CVE-2026-2554
8.1
WordPress is vulnerable

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct...

2026-05-03
CVE-2026-25470
Analyzed
10
WordPress ACPT (Pro) - Custom Post Types Plugin

An improper code injection vulnerability in the ACPT (Pro) plugin for WordPress allows unauthenticated remote attackers to execute arbitrary code.

2026-06-18
CVE-2026-2511
7.5
WordPress is vulnerable

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `s...

2026-03-28
CVE-2026-2495
7.5
WordPress is vulnerable

The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'orde...

2026-02-18
CVE-2026-2468
7.5
WordPress is vulnerable

The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn_wp_access' cookie in all versions up to, and including, 1

2026-03-22
CVE-2026-2448
8.8
WordPress is vulnerable

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2

2026-03-03
CVE-2026-2446
Analyzed
9.8
WordPress plugin before

The PowerPack for LearnDash WordPress plugin before 1.3.0 lacks authorization and CSRF checks in an AJAX action, allowing unauthenticated users to cre...

2026-03-07
CVE-2026-2440
7.2
WordPress is vulnerable

The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2

2026-03-22
CVE-2026-2428
7.5
WordPress is vulnerable

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and inclu...

2026-02-27
CVE-2026-2416
7.5
WordPress is vulnerable

The Geo Mashup plugin for WordPress is vulnerable to SQL Injection via the 'sort' parameter in all versions up to, and including, 1

2026-02-25
CVE-2026-23693
Analyzed
10
WordPress plugin versions

The ElementsKit Lite plugin for WordPress exposes a REST endpoint without authentication, allowing unauthenticated attackers to use the site as an ope...

2026-02-24
CVE-2026-2365
7.2
WordPress is vulnerable

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_save_data` AJAX action in all ver...

2026-03-05
CVE-2026-2296
7.2
WordPress is vulnerable

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, an...

2026-02-18
CVE-2026-22850
Analyzed
8.3
WordPress Multiple Products

Koko Analytics is an open-source analytics plugin for WordPress

2026-01-20
CVE-2026-2279
7.2
WordPress is vulnerable

The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort_by' and 'sort_order' parameters in all versions up to, and including...

2026-03-22
CVE-2026-2269
7.2
WordPress is vulnerable

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request For...

2026-03-03
CVE-2026-2262
7.5
WordPress is vulnerable

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3

2026-04-18
CVE-2026-22383
Analyzed
7.5
WordPress Theme pawfriends

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows...

2026-02-21
CVE-2026-22343
Analyzed
8.6
WordPress Dating Theme

Unauthenticated Broken Access Control in WordPress Dating Theme <= 11

2026-06-18
CVE-2026-22342
Analyzed
8.8
WordPress Dating Theme

Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11

2026-06-18
CVE-2026-2232
7.5
WordPress is vulnerable

The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in a...

2026-02-20
CVE-2026-2144
Analyzed
8.1
WordPress is vulnerable

The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2

2026-02-14
CVE-2026-2052
8.8
WordPress is vulnerable

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Executio...

2026-05-02
CVE-2026-2025
7.5
WordPress plugin before

The Mail Mint WordPress plugin before 1

2026-03-05
CVE-2026-2024
Analyzed
7.5
WordPress is vulnerable

The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0

2026-02-14
CVE-2026-2019
7.2
WordPress is vulnerable

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1

2026-02-18
CVE-2026-2001
Analyzed
8.8
WordPress is vulnerable

The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::install_activa...

2026-02-17
CVE-2026-1994
Analyzed
9.8
WordPress is vulnerable

The s2Member plugin for WordPress allows unauthenticated privilege escalation via account takeover due to insufficient identity validation during pass...

2026-02-20
CVE-2026-1988
Analyzed
7.5
WordPress is vulnerable

The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1

2026-02-14
CVE-2026-1947
7.5
WordPress plugin for

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and...

2026-03-17
CVE-2026-1945
7.2
WordPress is vulnerable

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb_user_name' and 'wpb_user_email' parameters in all versions...

2026-03-04
CVE-2026-1937
Analyzed
9.8
WordPress is vulnerable

The YayMail plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on an AJAX action, allowing authenticated att...

2026-02-18
CVE-2026-1931
7.2
WordPress is vulnerable

The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0

2026-02-18
CVE-2026-1929
8.8
WordPress is vulnerable

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2

2026-02-25
CVE-2026-1916
7.5
WordPress is vulnerable

The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks a...

2026-02-25
CVE-2026-1843
Analyzed
7.2
WordPress is vulnerable

The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5

2026-02-14
CVE-2026-1830
Analyzed
9.8
WordPress is vulnerable

The Quick Playground plugin for WordPress contains an RCE vulnerability due to insufficient authorization on REST API endpoints, allowing unauthentica...

2026-04-09
CVE-2026-1829
Analyzed
8.8
WordPress Content Visibility for Divi Builder

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4

2026-06-03
CVE-2026-1800
7.5
WordPress is vulnerable

The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘fmcfIdSelectedFnt’ parameter in all versions...

2026-03-22
CVE-2026-1779
8.1
WordPress is vulnerable

The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5

2026-02-26
CVE-2026-1756
Analyzed
8.8
WordPress is vulnerable

The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WP_FOFT_Loader_Mimes::fi...

2026-02-04
CVE-2026-1750
Analyzed
8.8
WordPress is vulnerable

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7

2026-02-15
CVE-2026-1730
Analyzed
8.8
WordPress Multiple Products

The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Admin::...

2026-02-03
CVE-2026-1729
Analyzed
9.8
WordPress is vulnerable

The AdForest WordPress theme (<= 6.0.12) is vulnerable to authentication bypass via the sb_login_user_with_otp_fun function, allowing attackers to log...

2026-02-12
CVE-2026-1720
8.8
WordPress is vulnerable

The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrar...

2026-03-06
CVE-2026-1719
Analyzed
7.5
WordPress is vulnerable

The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2

2026-05-06
CVE-2026-1714
8.6
WordPress is vulnerable

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abu...

2026-02-18
CVE-2026-1648
7.2
WordPress is vulnerable

The Performance Monitor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1

2026-03-22
CVE-2026-1620
8.8
WordPress is vulnerable

The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9

2026-04-16
CVE-2026-1581
7.5
WordPress is vulnerable

The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection via the 'wpfob' parameter in all versions up to, and including, 2

2026-02-20
CVE-2026-1566
8.8
WordPress is vulnerable

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in a...

2026-03-03
CVE-2026-1565
8.8
WordPress is vulnerable

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to arbitrar...

2026-02-27
CVE-2026-1560
8.8
WordPress is vulnerable

The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4

2026-02-11
CVE-2026-1557
7.5
WordPress is vulnerable

The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1

2026-02-26
CVE-2026-1555
Analyzed
9.8
WordPress is vulnerable

The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the io_img_upload() function in all ve...

2026-04-16
CVE-2026-1499
Analyzed
9.8
WordPress is vulnerable

The WP Duplicate plugin for WordPress allows authenticated subscribers to trigger a chain of vulnerabilities leading to unauthenticated remote code ex...

2026-02-06
CVE-2026-1492
Analyzed
9.8
WordPress is vulnerable

The RegistrationMagic WordPress plugin allows unauthenticated attackers to create administrator accounts by exploiting improper privilege management d...

2026-03-03
CVE-2026-1490
Analyzed
9.8
WordPress is vulnerable

The CleanTalk Anti-Spam plugin for WordPress allows unauthenticated attackers to install arbitrary plugins via PTR record spoofing, potentially leadin...

2026-02-15
CVE-2026-1463
8.8
WordPress is vulnerable

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, an...

2026-03-19
CVE-2026-14345
Analyzed
9.8
WordPress WPFunnels – Funnel Builder for WooCommerce

The WPFunnels WordPress plugin is vulnerable to unauthenticated remote code execution due to improper sanitization of log data combined with unsafe fi...

2026-07-07
CVE-2026-1405
Analyzed
9.8
WordPress is vulnerable

The Slider Future plugin for WordPress allows unauthenticated arbitrary file uploads, which can be leveraged to achieve remote code execution on the s...

2026-02-20
CVE-2026-1400
Analyzed
7.2
WordPress Multiple Products

The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type valid...

2026-01-28
CVE-2026-1375
Analyzed
8.1
WordPress Multiple Products

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up...

2026-02-03
CVE-2026-1368
7.5
WordPress plugin before

The Video Conferencing with Zoom WordPress plugin before 4

2026-02-19
CVE-2026-1357
Analyzed
9.8
WordPress is vulnerable

The WPvivid Backup & Migration plugin for WordPress allows unauthenticated remote code execution via arbitrary file uploads due to improper RSA error...

2026-02-11
CVE-2026-13468
Analyzed
7.5
WordPress Visualizer

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to,...

2026-07-01
CVE-2026-13228
Analyzed
8.8
WordPress Calendar Booking Plugin

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in ver...

2026-07-02
CVE-2026-1321
8.1
WordPress is vulnerable

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3

2026-03-05
CVE-2026-1320
7.2
WordPress is vulnerable

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTT...

2026-02-14
CVE-2026-1316
7.2
WordPress is vulnerable

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media[]

2026-02-14
CVE-2026-1313
8.3
WordPress is vulnerable

The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3

2026-03-21
CVE-2026-1311
8.8
WordPress is vulnerable

The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0

2026-02-26
CVE-2026-1306
Analyzed
9.8
WordPress is vulnerable

The midi-Synth WordPress plugin allows unauthenticated arbitrary file uploads via the 'export' AJAX action, potentially leading to remote code executi...

2026-02-14
CVE-2026-1294
7.2
WordPress is vulnerable

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1

2026-02-06
CVE-2026-12923
Analyzed
7.5
WordPress Youtube Showcase

The Youtube Showcase plugin for WordPress is vulnerable to Arbitrary Function Call in versions up to and including 4

2026-07-01
CVE-2026-1280
Analyzed
7.5
WordPress Multiple Products

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm_send_file_in_...

2026-01-29
CVE-2026-1273
7.2
WordPress is vulnerable

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all ver...

2026-03-04
CVE-2026-1257
Analyzed
7.5
WordPress Multiple Products

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0

2026-01-24
CVE-2026-12417
Analyzed
9.8
WordPress SignUp & SignIn

The Pravel SignUp & SignIn WordPress plugin contains an authentication bypass vulnerability allowing unauthenticated attackers to reset any user passw...

2026-06-24
CVE-2026-12416
Analyzed
9.8
WordPress Invoice Generator

The Invoice Generator WordPress plugin contains an account takeover vulnerability via an insecure password reset function that allows unauthenticated...

2026-06-24
CVE-2026-12415
Analyzed
9.8
WordPress Invoice Generator

The Invoice Generator plugin for WordPress is vulnerable to unauthenticated privilege escalation, allowing attackers to modify arbitrary user accounts...

2026-06-27
CVE-2026-12407
Analyzed
8.8
WordPress Export Pdf Tool for WordPress

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1

2026-06-18
CVE-2026-1239
Analyzed
7.5
WordPress Ninja Forms

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to unauthorized access of data due to a missing auth...

2026-07-01
CVE-2026-1238
7.2
WordPress is vulnerable

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' (fingerprint) parameter in all versions up to, a...

2026-03-19
CVE-2026-1233
Analyzed
7.5
WordPress is vulnerable

The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and incl...

2026-04-05
CVE-2026-12240
Analyzed
8
WordPress Export User Data Plugin

The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize functio...

2026-06-30
CVE-2026-12224
Analyzed
8.8
WordPress Dokan Pro

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via update_capabilities REST Endpoint in all versions up to, and including, 5

2026-07-01
CVE-2026-12165
Analyzed
8.8
WordPress Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all version...

2026-06-18
CVE-2026-1216
7.2
WordPress is vulnerable

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and includ...

2026-02-18
CVE-2026-12158
Analyzed
8.8
WordPress RegistrationMagic – User Registration Forms Plugin

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and inc...

2026-07-01
CVE-2026-12083
Analyzed
8.1
WordPress Admin and Site Enhancements (ASE)

The Admin and Site Enhancements (ASE) WordPress plugin before 8

2026-07-07
CVE-2026-12073
Analyzed
9.8
WordPress ProfileGrid – User Profiles, Groups and Communities

The ProfileGrid WordPress plugin is vulnerable to unauthenticated account takeover due to improper validation of registration parameters, allowing att...

2026-06-30
CVE-2026-11962
Analyzed
8.8
WordPress FileOrganizer

The FileOrganizer WordPress plugin before 1

2026-07-07
CVE-2026-11855
Analyzed
8.8
WordPress Simple Membership

The Simple Membership WordPress plugin before 4

2026-07-07
CVE-2026-11823
Analyzed
7.5
WordPress BookingPress Appointment Booking Pro

The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'store_service_date' parameter of the bpa_assign_...

2026-07-01
CVE-2026-11766
Analyzed
8
WordPress Ultimate Member

The Ultimate Member WordPress plugin before 2

2026-07-07
CVE-2026-11616
Analyzed
8.8
WordPress Events Calendar for GeoDirectory Plugin

The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2

2026-06-10
CVE-2026-11590
Analyzed
8.6
WordPress WP Support Plus Responsive Ticket System

The WP Support Plus Responsive Ticket System WordPress plugin through 9

2026-07-01
CVE-2026-11589
Analyzed
8.8
WordPress WP Support Plus Responsive Ticket System

The WP Support Plus Responsive Ticket System WordPress plugin through 9

2026-07-01
CVE-2026-11551
Analyzed
9.8
WordPress Branda

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover, allowing unauthenticated attackers to change any user's pa...

2026-06-21
CVE-2026-11387
Analyzed
9.8
WordPress SMS Alert – SMS & OTP for WooCommerce

The SMS Alert plugin for WordPress contains an account takeover vulnerability allowing unauthenticated attackers to reset administrator passwords via...

2026-07-01
CVE-2026-1104
8.8
WordPress Migration

The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missin...

2026-02-13
CVE-2026-10830
Analyzed
8.8
WordPress AllCoach

The AllCoach WordPress plugin before 1

2026-07-07
CVE-2026-1074
7.2
WordPress is vulnerable

The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'app-bar-features' parameter in all versions up to, and inclu...

2026-03-08
CVE-2026-1065
Analyzed
7.2
WordPress Multiple Products

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1

2026-02-03
CVE-2026-10580
Analyzed
9.8
WordPress Hippoo Mobile App for WooCommerce

The Hippoo Mobile App for WooCommerce plugin for WordPress contains an authentication bypass flaw that allows unauthenticated attackers to take over a...

2026-06-06
CVE-2026-1058
Analyzed
7.1
WordPress Multiple Products

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1

2026-02-03
CVE-2026-10083
Analyzed
7.5
WordPress APCu Manager Plugin

The APCu Manager WordPress plugin before 4

2026-06-30
CVE-2026-0974
8.8
WordPress Restaurant Online

The Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin plugin for WordPress is vulnerable to unauthorized plugin install...

2026-02-20
CVE-2026-0953
Analyzed
9.8
WordPress is vulnerable

An authentication bypass in the Tutor LMS Pro plugin for WordPress allows unauthenticated attackers to log in as any user, including administrators, v...

2026-03-11
CVE-2026-0926
Analyzed
9.8
WordPress is vulnerable

The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion (LFI) via the 'template_name' parameter, enabling unauthenticated RCE.

2026-02-20
CVE-2026-0920
Analyzed
9.8
WordPress Multiple Products

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6...

2026-01-22
CVE-2026-0912
8.8
WordPress is vulnerable

The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capab...

2026-02-20
CVE-2026-0911
Analyzed
7.5
WordPress Multiple Products

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type...

2026-01-25
CVE-2026-0845
7.2
WordPress is vulnerable

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized mo...

2026-02-10
CVE-2026-0844
Analyzed
8.8
WordPress Multiple Products

The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6

2026-01-29
CVE-2026-0832
Analyzed
7.3
WordPress Multiple Products

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on m...

2026-01-28
CVE-2026-0807
Analyzed
7.2
WordPress Multiple Products

The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1

2026-01-24
CVE-2026-0800
Analyzed
7.2
WordPress Multiple Products

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the c...

2026-01-25
CVE-2026-0753
Analyzed
7.2
WordPress is vulnerable

The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sscf_name' parameter in all versions up to...

2026-02-14
CVE-2026-0745
Analyzed
7.2
WordPress is vulnerable

The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1

2026-02-14
CVE-2026-0740
Analyzed
9.8
WordPress is vulnerable

The Ninja Forms File Uploads plugin is vulnerable to unauthenticated arbitrary file uploads, potentially leading to remote code execution.

2026-04-07
CVE-2026-0702
Analyzed
7.5
WordPress Multiple Products

The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versio...

2026-01-28
CVE-2026-0692
Analyzed
7.5
WordPress is vulnerable

The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3

2026-02-14
CVE-2026-0656
Analyzed
8.2
WordPress Multiple Products

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2

2026-01-08
CVE-2026-0617
Analyzed
7.2
WordPress Multiple Products

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer...

2026-02-03
CVE-2025-9993
Analyzed
8.1
WordPress Multiple Products

The Bei Fen – WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1

2025-09-30
CVE-2025-9991
Analyzed
8.1
WordPress Multiple Products

The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4

2025-09-30
CVE-2025-9990
Analyzed
8.1
WordPress Multiple Products

The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5

2025-09-05
CVE-2025-9967
Analyzed
9.8
WordPress Multiple Products

The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1...

2025-10-15
CVE-2025-9874
Analyzed
7.5
WordPress Multiple Products

The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1

2025-09-12
CVE-2025-9816
Analyzed
7.2
WordPress Multiple Products

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-...

2025-09-28
CVE-2025-9807
Analyzed
7.5
WordPress Multiple Products

The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6

2025-09-12
CVE-2025-9762
Analyzed
9.8
WordPress Multiple Products

The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the save_attachments function in...

2025-09-30
CVE-2025-9697
Analyzed
9.8
WordPress Multiple Products

The Ajax WooSearch WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX act...

2025-10-02
CVE-2025-9693
Analyzed
8
WordPress Multiple Products

The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file...

2025-09-12
CVE-2025-9561
Analyzed
8.8
WordPress Multiple Products

The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within th...

2025-10-03
CVE-2025-9539
8
WordPress Multiple Products

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthor...

2025-09-09
CVE-2025-9515
Analyzed
7.2
WordPress Multiple Products

The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in a...

2025-09-07
CVE-2025-9485
Analyzed
9.8
WordPress Multiple Products

The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to...

2025-10-05
CVE-2025-9343
Analyzed
7.2
WordPress Multiple Products

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket subjects in all v...

2025-12-21
CVE-2025-9334
Analyzed
8.8
WordPress Multiple Products

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Limited Code Injection in all versions up to, and including...

2025-11-09
CVE-2025-9321
Analyzed
9.8
WordPress Multiple Products

The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validat...

2025-09-23
CVE-2025-9286
Analyzed
9.8
WordPress Multiple Products

The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_pas...

2025-10-03
CVE-2025-9243
Analyzed
8.1
WordPress Multiple Products

The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the get_cc_ord...

2025-10-05
CVE-2025-9216
Analyzed
8.8
WordPress Multiple Products

The StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to arbitr...

2025-09-17
CVE-2025-9213
Analyzed
8.8
WordPress Multiple Products

The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1

2025-10-03
CVE-2025-9212
Analyzed
7.5
WordPress Multiple Products

The WP Dispatcher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wp_dispatcher_process_upload...

2025-10-03
CVE-2025-9209
Analyzed
9.8
WordPress Multiple Products

The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to...

2025-10-03
CVE-2025-9172
Analyzed
7.5
WordPress Multiple Products

The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2

2025-08-26
CVE-2025-9114
Analyzed
9.8
WordPress Multiple Products

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.4.8. This is due to the plugin pro...

2025-09-08
CVE-2025-9113
Analyzed
9.8
WordPress Multiple Products

The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' func...

2025-09-08
CVE-2025-9112
Analyzed
8.8
WordPress Multiple Products

The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' func...

2025-09-08
CVE-2025-9073
Analyzed
7.5
WordPress Multiple Products

The All in one Minifier plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 3

2025-09-12
CVE-2025-9054
Analyzed
9.8
WordPress Multiple Products

The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead...

2025-09-24
CVE-2025-9048
Analyzed
8.1
WordPress Multiple Products

The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the del_img_ajax_call...

2025-08-24
CVE-2025-9018
Analyzed
8.8
WordPress Multiple Products

The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'tt_update_...

2025-09-12
CVE-2025-8901
Analyzed
9.8
WordPress Multiple Products

WordPress Bears Backup plugin is vulnerable to remote code execution in all versions up to 2.0.0 due to improper input validation in the backup restor...

2025-07-20
CVE-2025-8900
Analyzed
9.8
WordPress Multiple Products

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowin...

2025-11-04
CVE-2025-8899
8.8
WordPress is vulnerable

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and includi...

2026-03-07
CVE-2025-8898
9.8
WordPress Multiple Products

The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to...

2025-08-17
CVE-2025-8895
Analyzed
9.8
WordPress Multiple Products

The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and...

2025-08-21
CVE-2025-8877
Analyzed
7.5
WordPress Multiple Products

The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the ajax_get_affiliate_id_from_login function in all versions up to, and inclu...

2025-09-30
CVE-2025-8723
Analyzed
9.8
WordPress Multiple Products

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization...

2025-08-19
CVE-2025-8625
Analyzed
9.8
WordPress Multiple Products

The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The pl...

2025-09-30
CVE-2025-8593
Analyzed
8.8
WordPress Multiple Products

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to authorization bypass in versions less than, or equal to, 1

2025-10-12
CVE-2025-8592
Analyzed
8.1
WordPress Multiple Products

The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2

2025-08-21
CVE-2025-8575
Analyzed
7.2
WordPress Multiple Products

The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'lws_cl_delete_file' fun...

2025-09-12
CVE-2025-8572
Analyzed
9.8
WordPress is vulnerable

Truelysell Core plugin for WordPress is vulnerable to unauthenticated privilege escalation, allowing attackers to create administrator accounts by man...

2026-02-14
CVE-2025-8570
Analyzed
9.8
WordPress Multiple Products

The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the...

2025-09-12
CVE-2025-8565
Analyzed
8.1
WordPress Multiple Products

The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access...

2025-09-18
CVE-2025-8489
Analyzed
9.8
WordPress Multiple Products

The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalati...

2025-10-31
CVE-2025-8425
Analyzed
8.8
WordPress Multiple Products

The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing cap...

2025-09-12
CVE-2025-8422
Analyzed
7.5
WordPress Multiple Products

The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1

2025-09-12
CVE-2025-8420
Analyzed
8.1
WordPress Multiple Products

The Request a Quote Form plugin for WordPress is vulnerable to Remote Code Execution in version less than, or equal to, 2

2025-08-07
CVE-2025-8418
8.8
WordPress Multiple Products

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including,...

2025-08-12
CVE-2025-8359
Analyzed
9.8
WordPress Multiple Products

The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not pro...

2025-09-07
CVE-2025-8342
Analyzed
8.1
WordPress Multiple Products

The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty va...

2025-08-15
CVE-2025-8281
Analyzed
7.1
WordPress Multiple Products

The WP Talroo WordPress plugin through 2

2025-08-23
CVE-2025-8218
Analyzed
8.8
WordPress Multiple Products

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' paramete...

2025-08-19
CVE-2025-8213
Analyzed
7.2
WordPress Multiple Products

The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the...

2025-07-31
CVE-2025-8198
Analyzed
7.5
WordPress Multiple Products

The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and inclu...

2025-07-28
CVE-2025-8142
Analyzed
8.8
WordPress Multiple Products

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8

2025-08-17
CVE-2025-8141
Analyzed
8.8
WordPress Multiple Products

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delet...

2025-08-20
CVE-2025-8105
Analyzed
7.3
WordPress Multiple Products

The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8

2025-08-17
CVE-2025-8085
Analyzed
8.6
WordPress Multiple Products

The Ditty WordPress plugin before 3

2025-09-08
CVE-2025-8059
Analyzed
9.8
WordPress Multiple Products

The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_reg...

2025-08-12
CVE-2025-8047
Analyzed
9.8
WordPress Multiple Products

The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which...

2025-08-14
CVE-2025-7955
Analyzed
9.8
WordPress Multiple Products

The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_log...

2025-08-28
CVE-2025-7852
Analyzed
9.8
WordPress Multiple Products

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function ho...

2025-07-25
CVE-2025-7847
Analyzed
8.8
WordPress Multiple Products

The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function...

2025-07-31
CVE-2025-7846
Analyzed
8.8
WordPress Multiple Products

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the save_fie...

2025-10-31
CVE-2025-7820
Analyzed
7.5
WordPress Multiple Products

The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1

2025-11-28
CVE-2025-7813
Analyzed
7.2
WordPress Multiple Products

The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all...

2025-08-24
CVE-2025-7812
Analyzed
8.8
WordPress Multiple Products

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and in...

2025-08-28
CVE-2025-7782
Analyzed
7.6
WordPress Multiple Products

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check...

2025-12-21
CVE-2025-7778
Analyzed
9.8
WordPress Multiple Products

The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within...

2025-08-15
CVE-2025-7725
Analyzed
7.2
WordPress Multiple Products

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, Ope...

2025-08-01
CVE-2025-7722
Analyzed
8.8
WordPress Multiple Products

The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1

2025-07-23
CVE-2025-7721
Analyzed
9.8
WordPress Multiple Products

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, a...

2025-10-03
CVE-2025-7718
Analyzed
8.8
WordPress Multiple Products

The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all ve...

2025-09-10
CVE-2025-7712
Analyzed
9.1
WordPress Multiple Products

The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wp_manga_delete_zip()...

2025-07-17
CVE-2025-7710
9.8
WordPress Multiple Products

The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due...

2025-08-04
CVE-2025-7695
Analyzed
8.8
WordPress Multiple Products

The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its reset_password_lin...

2025-07-25
CVE-2025-7692
Analyzed
8.1
WordPress Multiple Products

The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1

2025-07-23
CVE-2025-7689
Analyzed
8.8
WordPress Multiple Products

The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback() f...

2025-07-29
CVE-2025-7670
Analyzed
7.5
WordPress Multiple Products

The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the build_sql_where() function in all versions up to, and inclu...

2025-08-19
CVE-2025-7667
Analyzed
8.1
WordPress Multiple Products

The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1

2025-07-15
CVE-2025-7665
Analyzed
8.1
WordPress Multiple Products

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'han...

2025-09-19
CVE-2025-7664
Analyzed
7.5
WordPress Multiple Products

The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the check_activate_permission() permission...

2025-08-17
CVE-2025-7654
Analyzed
8.8
WordPress Multiple Products

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode

2025-08-19
CVE-2025-7650
7.5
WordPress Multiple Products

The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1

2025-08-15
CVE-2025-7645
Analyzed
8.1
WordPress Multiple Products

The Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) plugin for WordPress is vulnerable to arbitrary file deletion due...

2025-07-23
CVE-2025-7642
Analyzed
9.8
WordPress Multiple Products

The Simpler Checkout plugin for WordPress is vulnerable to Authentication Bypass in versions 0.7.0 to 1.1.9. This is due to the plugin not properly ve...

2025-08-24
CVE-2025-7641
7.5
WordPress Multiple Products

The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /...

2025-08-15
CVE-2025-7640
Analyzed
8.1
WordPress Multiple Products

The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0

2025-07-25
CVE-2025-7634
Analyzed
9.8
WordPress Multiple Products

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to,...

2025-10-09
CVE-2025-7526
Analyzed
9.8
WordPress Multiple Products

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion (via renaming) due t...

2025-10-09
CVE-2025-7443
Analyzed
8.1
WordPress Multiple Products

The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnera...

2025-08-01
CVE-2025-7441
9.8
WordPress Multiple Products

The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs th...

2025-08-17
CVE-2025-7437
Analyzed
9.8
WordPress Multiple Products

The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function...

2025-07-25
CVE-2025-7402
Analyzed
7.5
WordPress Multiple Products

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘site_id’ para...

2025-11-25
CVE-2025-7366
Analyzed
7.3
WordPress Multiple Products

The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all v...

2025-09-07
CVE-2025-7360
Analyzed
9.1
WordPress Multiple Products

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving d...

2025-07-15
CVE-2025-7359
Analyzed
8.2
WordPress Multiple Products

The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in th...

2025-07-16
CVE-2025-7341
Analyzed
9.1
WordPress Multiple Products

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file deletion...

2025-07-15
CVE-2025-7340
Analyzed
9.8
WordPress Multiple Products

The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file uploads...

2025-07-15
CVE-2025-7052
Analyzed
8.8
WordPress Multiple Products

The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5

2025-09-30
CVE-2025-7049
Analyzed
8.8
WordPress Multiple Products

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67

2025-09-10
CVE-2025-7040
Analyzed
8.2
WordPress Multiple Products

The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_...

2025-09-07
CVE-2025-7038
Analyzed
8.2
WordPress Multiple Products

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the steps__load_step route...

2025-09-30
CVE-2025-7036
Analyzed
7.5
WordPress Multiple Products

The CleverReach® WP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘title’ parameter in all versions up to, and including, 1

2025-08-07
CVE-2025-6994
Analyzed
9.8
WordPress Multiple Products

The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to t...

2025-08-07
CVE-2025-6993
Analyzed
7.5
WordPress Multiple Products

The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX...

2025-07-16
CVE-2025-6991
Analyzed
7.5
WordPress Multiple Products

The kallyas theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4

2025-07-28
CVE-2025-6990
Analyzed
8.8
WordPress Multiple Products

The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4

2025-11-01
CVE-2025-6989
Analyzed
8.1
WordPress Multiple Products

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the delete_font() function in a...

2025-07-28
CVE-2025-6970
Analyzed
7.5
WordPress Multiple Products

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter...

2025-07-11
CVE-2025-6934
Analyzed
9.8
WordPress Multiple Products

The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vuln...

2025-07-06
CVE-2025-69338
Analyzed
9.3
WordPress Riode Core

The Riode Core plugin for WordPress is vulnerable to Blind SQL Injection due to improper neutralization of special elements, affecting versions up to...

2026-03-06
CVE-2025-69135
Analyzed
8.5
WordPress Events Schedule Plugin

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2

2026-06-18
CVE-2025-69129
Analyzed
10
WordPress WooCommerce Scraper Plugin

An unauthenticated arbitrary file upload vulnerability exists in the WordPress & WooCommerce Scraper Plugin, allowing attackers to upload malicious fi...

2026-06-18
CVE-2025-69094
Analyzed
8.5
WordPress Unicamp

Subscriber SQL Injection in Unicamp <= 2

2026-07-03
CVE-2025-6895
9.8
WordPress Multiple Products

The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_...

2025-07-28
CVE-2025-68887
7.1
WordPress Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins...

2026-01-10
CVE-2025-68590
Analyzed
9.8
WordPress Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot...

2025-12-25
CVE-2025-68500
Analyzed
9.1
WordPress Multiple Products

Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request...

2025-12-25
CVE-2025-68496
Analyzed
9.8
WordPress Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allo...

2025-12-25
CVE-2025-6814
7.5
WordPress Multiple Products

The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in vers...

2025-07-06
CVE-2025-68063
Analyzed
7.5
WordPress Splash - Sport Club WordPress Theme

Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4

2026-06-28
CVE-2025-6783
Analyzed
7.5
WordPress Multiple Products

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc() function in all versions up to, and...

2025-07-05
CVE-2025-6782
Analyzed
7.5
WordPress Multiple Products

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm() function in all versions up...

2025-07-05
CVE-2025-6758
Analyzed
9.8
WordPress Multiple Products

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' functio...

2025-08-19
CVE-2025-6754
Analyzed
8.8
WordPress Multiple Products

The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_...

2025-08-04
CVE-2025-6746
Analyzed
8.8
WordPress Multiple Products

The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8

2025-07-08
CVE-2025-6691
Analyzed
8.1
WordPress Multiple Products

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path v...

2025-07-10
CVE-2025-6679
Analyzed
9.8
WordPress Multiple Products

The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and inclu...

2025-08-15
CVE-2025-66428
Analyzed
8.8
WordPress Multiple Products

An issue with WordPress directory names in WebPros WordPress Toolkit before 6

2026-01-24
CVE-2025-66078
Analyzed
9.1
WordPress Multiple Products

Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote C...

2025-12-19
CVE-2025-6585
8.1
WordPress Multiple Products

The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7

2025-07-23
CVE-2025-6574
Analyzed
8.8
WordPress Multiple Products

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6

2025-11-01
CVE-2025-6553
Analyzed
9.8
WordPress Multiple Products

The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_checkout()...

2025-10-12
CVE-2025-6495
Analyzed
7.5
WordPress Multiple Products

The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1

2025-07-29
CVE-2025-6463
Analyzed
8.8
WordPress Multiple Products

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insuffici...

2025-07-05
CVE-2025-6459
Analyzed
8.8
WordPress Multiple Products

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t...

2025-07-05
CVE-2025-6441
Analyzed
9.8
WordPress Multiple Products

The Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to...

2025-07-25
CVE-2025-6440
Analyzed
9.8
WordPress Multiple Products

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary...

2025-10-24
CVE-2025-6439
Analyzed
9.8
WordPress Multiple Products

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary...

2025-10-12
CVE-2025-6437
Analyzed
7.5
WordPress Multiple Products

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘oid’ parameter in all ve...

2025-07-05
CVE-2025-6389
Analyzed
9.8
WordPress Multiple Products

The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pag...

2025-11-26
CVE-2025-6388
Analyzed
9.8
WordPress Multiple Products

The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the cust...

2025-10-03
CVE-2025-6380
Analyzed
9.8
WordPress Multiple Products

The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its oo.callback REST endpoint in ve...

2025-07-25
CVE-2025-6366
Analyzed
8.8
WordPress Multiple Products

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2

2025-08-26
CVE-2025-6325
Analyzed
9.8
WordPress Multiple Products

Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.This issue affects Ki...

2025-11-06
CVE-2025-62957
Analyzed
8.8
WordPress Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS

2025-10-28
CVE-2025-6254
Analyzed
9.8
WordPress Doctreat Core Plugin for WordPress

The Doctreat Core plugin for WordPress contains an unauthenticated privilege escalation vulnerability allowing attackers to register as administrators...

2026-06-11
CVE-2025-6238
8
WordPress Multiple Products

The AI Engine plugin for WordPress is vulnerable to open redirect in version 2

2025-07-06
CVE-2025-6213
Analyzed
7.2
WordPress Multiple Products

The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2

2025-07-23
CVE-2025-6207
Analyzed
7.5
WordPress Multiple Products

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_impor...

2025-08-05
CVE-2025-6190
Analyzed
8.8
WordPress Multiple Products

The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rp_user_profile() AJAX ha...

2025-07-23
CVE-2025-6187
Analyzed
9.8
WordPress Multiple Products

The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1....

2025-07-24
CVE-2025-6184
Analyzed
8.8
WordPress Multiple Products

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used...

2025-08-13
CVE-2025-6080
Analyzed
8.8
WordPress Multiple Products

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and inclu...

2025-08-17
CVE-2025-6079
Analyzed
8.8
WordPress Multiple Products

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hom...

2025-08-17
CVE-2025-6043
Analyzed
8.1
WordPress Multiple Products

The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing...

2025-07-16
CVE-2025-6042
Analyzed
7.3
WordPress Multiple Products

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all...

2025-10-16
CVE-2025-6038
Analyzed
8.8
WordPress Multiple Products

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via pa...

2025-10-09
CVE-2025-6025
7.5
WordPress Multiple Products

The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1

2025-08-15
CVE-2025-60156
Analyzed
9.6
WordPress Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For WordPress allows Upload a Web Shell to a Web Server. This issue affects AR For W...

2025-09-26
CVE-2025-59563
Analyzed
8.8
WordPress Sonaar

Subscriber Privilege Escalation in Sonaar <= 4

2026-06-18
CVE-2025-5955
Analyzed
8.1
WordPress Multiple Products

The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2

2025-09-19
CVE-2025-5954
Analyzed
9.8
WordPress Multiple Products

The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2....

2025-08-01
CVE-2025-5953
Analyzed
8.8
WordPress Multiple Products

The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee()...

2025-07-05
CVE-2025-5949
Analyzed
8.8
WordPress Multiple Products

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6

2025-11-01
CVE-2025-5948
Analyzed
9.8
WordPress Multiple Products

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0....

2025-09-19
CVE-2025-5947
Analyzed
9.8
WordPress Multiple Products

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including,...

2025-08-01
CVE-2025-5931
Analyzed
8.8
WordPress Multiple Products

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4

2025-08-26
CVE-2025-5821
Analyzed
9.8
WordPress Multiple Products

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin...

2025-08-24
CVE-2025-57977
Analyzed
7.1
WordPress Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce &amp; WordPress allows Cross Site Request Forgery

2025-09-22
CVE-2025-57919
Analyzed
7.2
WordPress Multiple Products

Deserialization of Untrusted Data vulnerability in ConveyThis Language Translate Widget for WordPress – ConveyThis allows Object Injection

2025-09-22
CVE-2025-5746
Analyzed
9.8
WordPress Multiple Products

The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type valid...

2025-07-06
CVE-2025-5692
Analyzed
8.8
WordPress Multiple Products

The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due...

2025-07-05
CVE-2025-5483
Analyzed
8.1
WordPress Multiple Products

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user

2025-11-08
CVE-2025-54677
Analyzed
9.1
WordPress Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Using Malici...

2025-08-20
CVE-2025-54049
Analyzed
9.9
WordPress Multiple Products

Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n...

2025-08-20
CVE-2025-5397
Analyzed
9.8
WordPress Multiple Products

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_lo...

2025-10-31
CVE-2025-5396
Analyzed
9.8
WordPress Multiple Products

The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackup_a...

2025-07-17
CVE-2025-5394
Analyzed
9.8
WordPress Multiple Products

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability ch...

2025-07-15
CVE-2025-5393
Analyzed
9.1
WordPress Multiple Products

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path...

2025-07-15
CVE-2025-5391
Analyzed
8.1
WordPress Multiple Products

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_f...

2025-08-12
CVE-2025-5339
Analyzed
7.5
WordPress Multiple Products

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘bsa_pro_id’ p...

2025-07-05
CVE-2025-53243
Analyzed
8.1
WordPress Multiple Products

Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing &amp; Team Directory Plugin for WordPress allows...

2025-08-28
CVE-2025-53209
Analyzed
9.8
WordPress Masteriyo LMS PRO

Themeisle Masteriyo LMS PRO contains an incorrect privilege assignment vulnerability, allowing unauthenticated attackers to escalate their privileges...

2026-06-03
CVE-2025-52835
Analyzed
9.6
WordPress Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator allows Upload a Web Shell to a Web Server.This issue affects...

2025-12-31
CVE-2025-52731
7.5
WordPress Multiple Products

Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configur...

2025-08-14
CVE-2025-5061
Analyzed
7.5
WordPress Multiple Products

The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_d...

2025-08-05
CVE-2025-5060
Analyzed
8.1
WordPress Multiple Products

The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1

2025-08-24
CVE-2025-5014
Analyzed
8.8
WordPress Multiple Products

The Home Villas | Real Estate WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in...

2025-07-05
CVE-2025-49887
Analyzed
9.9
WordPress Multiple Products

Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Remote Code Inclu...

2025-08-14
CVE-2025-4946
Analyzed
8.1
WordPress Multiple Products

The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikinger_delete_activity_med...

2025-07-05
CVE-2025-49382
Analyzed
8.8
WordPress Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla - Job Board WordPress Theme allows Privilege Escalation

2025-08-20
CVE-2025-4855
Analyzed
9.8
WordPress Multiple Products

The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in t...

2025-07-10
CVE-2025-48353
Analyzed
7.1
WordPress Multiple Products

Cross-Site Request Forgery (CSRF) vulnerability in dactum Clickbank WordPress Plugin (Niche Storefront) allows Stored XSS

2025-08-28
CVE-2025-4828
Analyzed
9.8
WordPress Multiple Products

The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sb_file_delete functio...

2025-07-10
CVE-2025-48101
Analyzed
8.8
WordPress Multiple Products

Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection

2025-09-09
CVE-2025-4796
Analyzed
8.8
WordPress Multiple Products

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4

2025-08-08
CVE-2025-47554
Analyzed
7.1
WordPress Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for Wor...

2025-07-16
CVE-2025-4689
Analyzed
9.8
WordPress Multiple Products

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code...

2025-07-06
CVE-2025-46500
Analyzed
7.1
WordPress Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Wordpress Auto Spinner allows Reflect...

2025-07-16
CVE-2025-4606
Analyzed
9.8
WordPress Multiple Products

The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and in...

2025-07-10
CVE-2025-4521
8.8
WordPress is vulnerable

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capabili...

2026-02-20
CVE-2025-4519
Analyzed
8.8
WordPress Multiple Products

The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capabili...

2025-11-08
CVE-2025-4381
Analyzed
7.5
WordPress Multiple Products

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘$id’ variable of the get...

2025-07-05
CVE-2025-4380
Analyzed
8.1
WordPress Multiple Products

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and...

2025-07-05
CVE-2025-4212
Analyzed
7.2
WordPress Multiple Products

The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, an...

2025-11-19
CVE-2025-39496
Analyzed
9.3
WordPress Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injec...

2025-08-28
CVE-2025-3848
Analyzed
8.8
WordPress Multiple Products

The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to privilege escalation via account takeover i...

2025-07-05
CVE-2025-3671
Analyzed
8.8
WordPress Multiple Products

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67

2025-08-17
CVE-2025-36548
Analyzed
8.3
WordPress Multiple Products

A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14

2025-07-25
CVE-2025-31427
Analyzed
7.1
WordPress Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Invico - WordPress Consulting Busin...

2025-07-16
CVE-2025-31422
Analyzed
8.8
WordPress Multiple Products

Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme allows Object Injection

2025-07-16
CVE-2025-31072
Analyzed
7.1
WordPress Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Ofiz - WordPress Business Consultin...

2025-07-16
CVE-2025-31055
Analyzed
7.1
WordPress Multiple Products

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vergatheme Electrician - Electrical Service Word...

2025-07-16
CVE-2025-30996
Analyzed
9.9
WordPress Multiple Products

Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo...

2026-01-07
CVE-2025-2932
Analyzed
8.8
WordPress Multiple Products

The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'font_upload_handler' funct...

2025-07-05
CVE-2025-29004
Analyzed
8.8
WordPress Multiple Products

Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing P...

2026-01-07
CVE-2025-28955
Analyzed
7.5
WordPress Multiple Products

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FWDesign Easy Video Player Wordpress & WooCommerce all...

2025-07-16
CVE-2025-28949
Analyzed
8.5
WordPress Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Fol...

2026-01-01
CVE-2025-2800
Analyzed
7.2
WordPress Multiple Products

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting...

2025-07-16
CVE-2025-24759
Analyzed
9.3
WordPress Multiple Products

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CMSJunkie - WordPress Business Directory Plugins...

2025-07-16
CVE-2025-15609
Analyzed
7.5
WordPress plugin before

The Fortis for WooCommerce WordPress plugin before 1

2026-05-20
CVE-2025-15521
Analyzed
9.8
WordPress Multiple Products

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover...

2026-01-21
CVE-2025-15484
Analyzed
9.1
WordPress plugin before

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides permission checks, granting unauthenticated users full read/write acces...

2026-04-02
CVE-2025-15403
Analyzed
9.8
WordPress Multiple Products

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'ad...

2026-01-17
CVE-2025-15396
Analyzed
7.1
WordPress Multiple Products

The Library Viewer WordPress plugin before 3

2026-02-03
CVE-2025-15386
8.8
WordPress plugin before

The Responsive Lightbox & Gallery WordPress plugin before 2

2026-02-25
CVE-2025-15380
Analyzed
7.2
WordPress Multiple Products

The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin...

2026-01-21
CVE-2025-15368
Analyzed
8.8
WordPress is vulnerable

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2

2026-02-05
CVE-2025-15364
Analyzed
7.3
WordPress Multiple Products

The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3

2026-01-06
CVE-2025-15347
Analyzed
8.8
WordPress Multiple Products

The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to...

2026-01-21
CVE-2025-15285
Analyzed
7.5
WordPress is vulnerable

The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogA...

2026-02-04
CVE-2025-15268
Analyzed
7.5
WordPress is vulnerable

The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infility_get_data' API action in all versions up to,...

2026-02-04
CVE-2025-15158
Analyzed
8.8
WordPress Multiple Products

The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpse_file_and_ext_webp' f...

2026-01-08
CVE-2025-15157
Analyzed
8.8
WordPress plugin for

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to priv...

2026-02-14
CVE-2025-15100
Analyzed
8.8
WordPress is vulnerable

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2

2026-02-08
CVE-2025-15096
8.8
WordPress is vulnerable

The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including...

2026-02-12
CVE-2025-15057
7.2
WordPress Multiple Products

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) parameter in all versions up to, a...

2026-01-09
CVE-2025-15055
7.2
WordPress Multiple Products

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up...

2026-01-09
CVE-2025-15030
Analyzed
9.8
WordPress Multiple Products

The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to res...

2026-02-03
CVE-2025-15027
Analyzed
9.8
WordPress is vulnerable

The JAY Login & Register plugin for WordPress allows unauthenticated privilege escalation to administrator by exploiting the 'jay_login_register_ajax_...

2026-02-08
CVE-2025-15018
Analyzed
9.8
WordPress Multiple Products

The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This...

2026-01-08
CVE-2025-15001
Analyzed
9.8
WordPress Multiple Products

The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0...

2026-01-06
CVE-2025-14998
Analyzed
9.8
WordPress Multiple Products

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due t...

2026-01-02
CVE-2025-14997
Analyzed
7.2
WordPress Multiple Products

The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in t...

2026-01-06
CVE-2025-14996
Analyzed
9.8
WordPress Multiple Products

The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up...

2026-01-06
CVE-2025-14977
Analyzed
8.1
WordPress Multiple Products

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure...

2026-01-20
CVE-2025-14975
Analyzed
8.1
WordPress Multiple Products

The Custom Login Page Customizer WordPress plugin before 2

2026-01-30
CVE-2025-14937
7.2
WordPress Multiple Products

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acff' parameter in the 'frontend_admin/for...

2026-01-10
CVE-2025-14892
Analyzed
9.8
WordPress plugin through

The Prime Listing Manager plugin for WordPress contains a hardcoded secret that allows unauthenticated attackers to gain administrative access to the...

2026-02-13
CVE-2025-14868
8.8
WordPress is vulnerable

The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versi...

2026-04-16
CVE-2025-14866
Analyzed
8.8
WordPress Multiple Products

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1

2026-01-24
CVE-2025-14855
Analyzed
7.2
WordPress Multiple Products

The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2

2025-12-21
CVE-2025-14844
Analyzed
8.2
WordPress Multiple Products

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3

2026-01-17
CVE-2025-14835
7.1
WordPress Multiple Products

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and...

2026-01-08
CVE-2025-14829
Analyzed
9.1
WordPress Multiple Products

The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This mak...

2026-01-14
CVE-2025-14804
Analyzed
7.7
WordPress Multiple Products

The Frontend File Manager Plugin WordPress plugin before 23

2026-01-08
CVE-2025-14800
Analyzed
8.1
WordPress Multiple Products

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_file_...

2025-12-21
CVE-2025-14741
Analyzed
9.1
WordPress Multiple Products

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a m...

2026-01-10
CVE-2025-14736
Analyzed
9.8
WordPress Multiple Products

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.25. This is due...

2026-01-09
CVE-2025-14675
7.2
WordPress is vulnerable

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_delete_file' function...

2026-03-08
CVE-2025-14657
7.2
WordPress Multiple Products

The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unauthorized modification of data...

2026-01-09
CVE-2025-14610
Analyzed
7.2
WordPress Multiple Products

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1

2026-01-28
CVE-2025-14554
Analyzed
7.2
WordPress Multiple Products

The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderform_data' AJAX actio...

2026-02-01
CVE-2025-14533
Analyzed
9.8
WordPress Multiple Products

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is...

2026-01-20
CVE-2025-14478
Analyzed
7.5
WordPress Multiple Products

The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE) in all versions up to, and including, 2

2026-01-18
CVE-2025-14475
Analyzed
8.1
WordPress Multiple Products

The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1

2025-12-14
CVE-2025-14440
Analyzed
9.8
WordPress Multiple Products

The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrec...

2025-12-14
CVE-2025-14437
Analyzed
7.5
WordPress Multiple Products

The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3

2025-12-20
CVE-2025-14436
Analyzed
7.2
WordPress Multiple Products

The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_connection_id’ parameter in all versions up...

2026-01-09
CVE-2025-14397
Analyzed
8.8
WordPress Multiple Products

The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on...

2025-12-14
CVE-2025-14390
Analyzed
8.8
WordPress Multiple Products

The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version <= 5

2025-12-11
CVE-2025-14386
Analyzed
8.8
WordPress Multiple Products

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authenticatio...

2026-01-29
CVE-2025-14383
Analyzed
7.5
WordPress Multiple Products

The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'dates_to_check' parameter in all versions up to, an...

2025-12-16
CVE-2025-14364
Analyzed
8.8
WordPress Multiple Products

The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missin...

2025-12-19
CVE-2025-14353
7.5
WordPress is vulnerable

The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1

2026-03-08
CVE-2025-14344
Analyzed
9.8
WordPress Multiple Products

The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pl...

2025-12-13
CVE-2025-14316
Analyzed
7.1
WordPress Multiple Products

The AhaChat Messenger Marketing WordPress plugin through 1

2026-01-27
CVE-2025-14169
Analyzed
7.5
WordPress Multiple Products

The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter...

2025-12-13
CVE-2025-14156
Analyzed
9.8
WordPress Multiple Products

The Fox LMS – WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is d...

2025-12-16
CVE-2025-14124
Analyzed
8.6
WordPress Multiple Products

The Team WordPress plugin before 5

2026-01-06
CVE-2025-14070
7.5
WordPress Multiple Products

The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'send_test_email' AJAX...

2026-01-08
CVE-2025-14068
Analyzed
7.5
WordPress Multiple Products

The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 0

2025-12-13
CVE-2025-14037
8.1
WordPress is vulnerable

The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1

2026-03-21
CVE-2025-14002
Analyzed
8.1
WordPress Multiple Products

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1

2025-12-17
CVE-2025-13999
Analyzed
7.2
WordPress Multiple Products

The HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all ver...

2025-12-20
CVE-2025-13886
Analyzed
7.5
WordPress Multiple Products

The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1

2025-12-13
CVE-2025-13851
Analyzed
9.8
WordPress site

The Buyent Classified plugin for WordPress allows unauthenticated attackers to register as administrators due to a lack of role validation during REST...

2026-02-20
CVE-2025-13801
Analyzed
7.5
WordPress Multiple Products

The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3

2026-01-08
CVE-2025-13764
Analyzed
9.8
WordPress Multiple Products

The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDe...

2025-12-12
CVE-2025-13724
Analyzed
7.5
WordPress Multiple Products

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all vers...

2025-12-03
CVE-2025-13692
Analyzed
7.2
WordPress Multiple Products

The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and...

2025-11-28
CVE-2025-13680
Analyzed
8.8
WordPress Multiple Products

The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101

2025-11-28
CVE-2025-13673
Analyzed
7.5
WordPress is vulnerable

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versio...

2026-02-28
CVE-2025-13646
Analyzed
7.5
WordPress Multiple Products

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' fun...

2025-12-03
CVE-2025-13645
Analyzed
7.2
WordPress Multiple Products

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_fil...

2025-12-03
CVE-2025-13641
Analyzed
8.8
WordPress Multiple Products

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, an...

2025-12-19
CVE-2025-13619
Analyzed
9.8
WordPress Multiple Products

The Flex Store Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.0. This is due to the 'fsUse...

2025-12-20
CVE-2025-13618
Analyzed
9.8
WordPress is vulnerable

The Mentoring plugin for WordPress contains a privilege escalation vulnerability that allows unauthenticated attackers to register as administrators.

2026-05-05
CVE-2025-13615
Analyzed
9.8
WordPress Multiple Products

The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the pl...

2025-12-01
CVE-2025-13614
Analyzed
8.1
WordPress Multiple Products

The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cool_tag_cloud' shortcode in all versions up to...

2025-12-06
CVE-2025-13613
Analyzed
9.8
WordPress Multiple Products

The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This is due to the plugin...

2025-12-11
CVE-2025-13603
8.8
WordPress is vulnerable

The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2

2026-02-20
CVE-2025-13592
Analyzed
7.2
WordPress Multiple Products

The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2

2025-12-30
CVE-2025-13563
Analyzed
9.8
WordPress is vulnerable

The Lizza LMS Pro plugin for WordPress is vulnerable to privilege escalation, enabling unauthenticated attackers to register as administrators and tak...

2026-02-20
CVE-2025-13559
Analyzed
9.8
WordPress Multiple Products

The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'edukart_pr...

2025-11-26
CVE-2025-13543
Analyzed
8.8
WordPress Multiple Products

The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'PostGalleryUploader' class...

2025-12-05
CVE-2025-13542
Analyzed
9.8
WordPress Multiple Products

The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms...

2025-12-04
CVE-2025-13540
Analyzed
9.8
WordPress Multiple Products

The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_m...

2025-11-28
CVE-2025-13538
Analyzed
9.8
WordPress Multiple Products

The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findal...

2025-11-28
CVE-2025-13536
Analyzed
8.8
WordPress Multiple Products

The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, an...

2025-11-28
CVE-2025-13526
Analyzed
7.5
WordPress Multiple Products

The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1

2025-11-23
CVE-2025-13516
Analyzed
8.1
WordPress Multiple Products

The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and includi...

2025-12-03
CVE-2025-13493
Analyzed
7.5
WordPress Multiple Products

The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1

2026-01-08
CVE-2025-13486
Analyzed
9.8
WordPress Multiple Products

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_f...

2025-12-03
CVE-2025-13457
Analyzed
7.5
WordPress Multiple Products

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5

2026-01-10
CVE-2025-13417
Analyzed
8.6
WordPress Multiple Products

The Plugin Organizer WordPress plugin before 10

2025-12-30
CVE-2025-13390
Analyzed
10
WordPress Multiple Products

The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implemen...

2025-12-03
CVE-2025-13387
Analyzed
7.2
WordPress Multiple Products

The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to,...

2025-12-03
CVE-2025-13384
Analyzed
7.5
WordPress Multiple Products

The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1

2025-11-23
CVE-2025-13376
Analyzed
7.2
WordPress Multiple Products

The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including,...

2025-11-26
CVE-2025-13374
Analyzed
9.8
WordPress Multiple Products

The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalrav_upload_file AJAX ac...

2026-01-24
CVE-2025-13371
Analyzed
8.6
WordPress Multiple Products

The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2

2026-01-08
CVE-2025-13355
Analyzed
7.1
WordPress Multiple Products

The URL Shortify WordPress plugin before 1

2025-12-16
CVE-2025-13342
Analyzed
9.8
WordPress Multiple Products

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to,...

2025-12-03
CVE-2025-13339
Analyzed
7.5
WordPress Multiple Products

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1

2025-12-12
CVE-2025-13334
Analyzed
8.1
WordPress Multiple Products

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the...

2025-12-13
CVE-2025-13329
Analyzed
9.8
WordPress Multiple Products

The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback fun...

2025-12-20
CVE-2025-13322
Analyzed
8.1
WordPress Multiple Products

The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and...

2025-11-22
CVE-2025-13313
Analyzed
9.8
WordPress Multiple Products

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.5. This is d...

2025-12-06
CVE-2025-13307
Analyzed
7.2
WordPress Multiple Products

The Ocean Modal Window WordPress plugin before 2

2025-12-20
CVE-2025-13206
Analyzed
7.2
WordPress Multiple Products

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in al...

2025-11-20
CVE-2025-13192
Analyzed
8.2
WordPress is vulnerable

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic S...

2026-02-05
CVE-2025-13159
Analyzed
7.1
WordPress Multiple Products

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions u...

2025-11-22
CVE-2025-13156
Analyzed
8.8
WordPress Multiple Products

The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in...

2025-11-22
CVE-2025-13138
Analyzed
7.5
WordPress Multiple Products

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'columns_search' parameter of the select_2_ajax() function in all ver...

2025-11-22
CVE-2025-13126
Analyzed
7.5
WordPress Multiple Products

The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the `post_args` and `topic_args` parameters in all versions up to, an...

2025-12-14
CVE-2025-13094
Analyzed
8.8
WordPress Multiple Products

The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_import_fil...

2025-12-14
CVE-2025-13089
Analyzed
7.5
WordPress Multiple Products

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hide_fields' and the 'attr_search' parameter in all versions up to,...

2025-12-14
CVE-2025-13088
Analyzed
8.8
WordPress Multiple Products

The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1

2025-11-19
CVE-2025-13077
Analyzed
7.5
WordPress Multiple Products

The افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'col...

2025-12-14
CVE-2025-13073
7.1
WordPress Multiple Products

The HandL UTM Grabber / Tracker WordPress plugin before 2

2025-12-12
CVE-2025-13072
7.1
WordPress Multiple Products

The HandL UTM Grabber / Tracker WordPress plugin before 2

2025-12-12
CVE-2025-13069
8.8
WordPress Multiple Products

The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1

2025-11-19
CVE-2025-13068
Analyzed
7.2
WordPress Multiple Products

The Telegram Bot & Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Telegram username in all versions up to, and incl...

2025-11-26
CVE-2025-13067
8.8
WordPress is vulnerable

The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1

2026-03-11
CVE-2025-13066
Analyzed
8.8
WordPress Multiple Products

The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2

2025-12-06
CVE-2025-13065
Analyzed
8.8
WordPress Multiple Products

The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4

2025-12-07
CVE-2025-13062
Analyzed
8.8
WordPress Multiple Products

The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2

2026-01-16
CVE-2025-13000
Analyzed
7.7
WordPress Multiple Products

The db-access WordPress plugin through 0

2025-12-03
CVE-2025-12981
Analyzed
9.8
WordPress is vulnerable

The Listee theme for WordPress allows unauthenticated registration as an Administrator due to a broken validation check in the listee-core plugin's re...

2026-02-27
CVE-2025-12980
Analyzed
7.5
WordPress Multiple Products

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized access of data due to a m...

2025-12-21
CVE-2025-12974
8.1
WordPress Multiple Products

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechan...

2025-11-19
CVE-2025-12973
Analyzed
7.2
WordPress Multiple Products

The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing...

2025-11-22
CVE-2025-12968
Analyzed
8.8
WordPress Multiple Products

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all vers...

2025-12-13
CVE-2025-12966
Analyzed
8.8
WordPress Multiple Products

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resolve_import_di...

2025-12-07
CVE-2025-12963
Analyzed
9.8
WordPress Multiple Products

The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for WordPress is vulnerable to privilege escalation via ac...

2025-12-13
CVE-2025-12957
Analyzed
8.8
WordPress Multiple Products

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4

2026-01-16
CVE-2025-12955
Analyzed
7.5
WordPress Multiple Products

The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2

2025-11-19
CVE-2025-12934
Analyzed
8.1
WordPress Multiple Products

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capabi...

2025-12-24
CVE-2025-12904
Analyzed
7.2
WordPress Multiple Products

The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insert_data' AJAX endpoint in all versions up...

2025-11-15
CVE-2025-12903
7.5
WordPress Multiple Products

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-b...

2025-11-14
CVE-2025-12886
7.2
WordPress is vulnerable

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6

2026-03-29
CVE-2025-12882
Analyzed
9.8
WordPress is vulnerable

The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation, allowing unauthenticated users to register themselves with the 'admi...

2026-02-20
CVE-2025-12879
Analyzed
8.8
WordPress Multiple Products

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1

2025-12-06
CVE-2025-12851
Analyzed
8.1
WordPress Multiple Products

The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3

2025-12-06
CVE-2025-12850
Analyzed
7.5
WordPress Multiple Products

The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 3

2025-12-06
CVE-2025-12846
8.8
WordPress Multiple Products

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2

2025-11-13
CVE-2025-12845
8.8
WordPress is vulnerable

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data th...

2026-02-20
CVE-2025-12835
Analyzed
7.3
WordPress Multiple Products

The WooMulti WordPress plugin through 17 does not validate a file parameter when deleting files, which could allow any authenticated users, such as su...

2025-12-14
CVE-2025-12824
Analyzed
8.8
WordPress Multiple Products

The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1

2025-12-13
CVE-2025-12821
8.8
WordPress is vulnerable

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0

2026-02-20
CVE-2025-12775
8.8
WordPress Multiple Products

The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 1

2025-11-19
CVE-2025-12733
Analyzed
8.8
WordPress Multiple Products

The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to,...

2025-11-14
CVE-2025-12707
7.5
WordPress is vulnerable

The Library Management System plugin for WordPress is vulnerable to SQL Injection via the 'bid' parameter in all versions up to, and including, 3

2026-02-20
CVE-2025-12684
Analyzed
7.1
WordPress Multiple Products

The URL Shortify WordPress plugin before 1

2025-12-16
CVE-2025-12682
Analyzed
9.8
WordPress Multiple Products

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in t...

2025-11-04
CVE-2025-12646
Analyzed
7.5
WordPress Multiple Products

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'dayofyear' parameter in all versions up to, and including, 1

2025-11-20
CVE-2025-12637
Analyzed
8.8
WordPress Multiple Products

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the process_theme fu...

2025-11-13
CVE-2025-12633
7.5
WordPress Multiple Products

The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabilit...

2025-11-14
CVE-2025-12629
Analyzed
7.1
WordPress Multiple Products

The Broken Link Manager WordPress plugin through 0

2025-11-25
CVE-2025-12529
Analyzed
8.8
WordPress Multiple Products

The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrders...

2025-12-03
CVE-2025-12528
8.1
WordPress Multiple Products

The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1

2025-11-19
CVE-2025-12497
Analyzed
8.1
WordPress Multiple Products

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2

2025-11-06
CVE-2025-12493
Analyzed
9.8
WordPress Multiple Products

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerab...

2025-11-04
CVE-2025-12484
Analyzed
7.2
WordPress Multiple Products

The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to St...

2025-11-20
CVE-2025-12482
Analyzed
7.5
WordPress Multiple Products

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versio...

2025-11-17
CVE-2025-12411
Analyzed
7.1
WordPress Multiple Products

The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'ID' parameter in versions up to, and incl...

2025-11-19
CVE-2025-12399
Analyzed
7.2
WordPress Multiple Products

The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in th...

2025-11-09
CVE-2025-12384
Analyzed
8.6
WordPress Multiple Products

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to unauthorized access/modification/loss of data i...

2025-11-06
CVE-2025-12374
Analyzed
9.8
WordPress Multiple Products

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerabl...

2025-12-06
CVE-2025-12352
Analyzed
9.8
WordPress Multiple Products

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function i...

2025-11-08
CVE-2025-12197
Analyzed
7.5
WordPress Multiple Products

The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6

2025-11-06
CVE-2025-12181
Analyzed
8.8
WordPress Multiple Products

The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function...

2025-12-06
CVE-2025-12171
Analyzed
8.8
WordPress Multiple Products

The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingest_image()...

2025-11-01
CVE-2025-12166
Analyzed
7.5
WordPress Multiple Products

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the `orde...

2026-01-16
CVE-2025-12161
Analyzed
8.8
WordPress Multiple Products

The Smart Auto Upload Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the auto-image creati...

2025-11-09
CVE-2025-12160
Analyzed
7.2
WordPress Multiple Products

The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpr_admin_msg' parameter in all versions up to...

2025-11-22
CVE-2025-12158
Analyzed
9.8
WordPress Multiple Products

The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabiliti...

2025-11-04
CVE-2025-12154
Analyzed
8.8
WordPress Multiple Products

The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb() function in...

2025-12-06
CVE-2025-12153
Analyzed
8.8
WordPress Multiple Products

The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions u...

2025-12-06
CVE-2025-12138
Analyzed
8.8
WordPress Multiple Products

The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, an...

2025-11-22
CVE-2025-12135
Analyzed
7.2
WordPress Multiple Products

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'css_code' parameter in all versions up to, and including, 1

2025-11-22
CVE-2025-12115
Analyzed
7.5
WordPress Multiple Products

The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2

2025-10-31
CVE-2025-12061
Analyzed
8.6
WordPress Multiple Products

The TAX SERVICE Electronic HDM WordPress plugin before 1

2025-11-27
CVE-2025-12057
Analyzed
9.8
WordPress Multiple Products

The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally,...

2025-11-21
CVE-2025-12028
Analyzed
8.8
WordPress Multiple Products

The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4

2025-10-24
CVE-2025-11995
Analyzed
7.2
WordPress Multiple Products

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and includin...

2025-11-01
CVE-2025-11994
7.2
WordPress Multiple Products

The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and incl...

2025-11-14
CVE-2025-11985
Analyzed
8.8
WordPress Multiple Products

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capab...

2025-11-22
CVE-2025-11967
Analyzed
7.2
WordPress Multiple Products

The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import...

2025-11-09
CVE-2025-11924
Analyzed
7.5
WordPress Multiple Products

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up t...

2025-12-17
CVE-2025-11923
Analyzed
8.8
WordPress Multiple Products

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation

2025-11-14
CVE-2025-11920
Analyzed
8.8
WordPress Multiple Products

The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1

2025-11-01
CVE-2025-11890
Analyzed
7.5
WordPress Multiple Products

The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1

2025-11-04
CVE-2025-11889
Analyzed
7.2
WordPress Multiple Products

The AIO Forms – Craft Complex Forms Easily plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imp...

2025-10-24
CVE-2025-11833
Analyzed
9.8
WordPress Multiple Products

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data d...

2025-11-01
CVE-2025-11755
Analyzed
8.8
WordPress Multiple Products

The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file uploads when impo...

2025-11-01
CVE-2025-11754
7.5
WordPress is vulnerable

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings'...

2026-02-20
CVE-2025-11746
Analyzed
8.8
WordPress Multiple Products

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9

2025-10-15
CVE-2025-11735
Analyzed
7.5
WordPress Multiple Products

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all v...

2025-10-28
CVE-2025-11733
Analyzed
7.2
WordPress Multiple Products

The Footnotes Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3

2025-11-04
CVE-2025-11724
Analyzed
8.8
WordPress Multiple Products

The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including,...

2025-11-04
CVE-2025-11722
Analyzed
7.5
WordPress Multiple Products

The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including,...

2025-10-16
CVE-2025-11704
Analyzed
7.5
WordPress Multiple Products

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1

2025-11-04
CVE-2025-11693
Analyzed
9.8
WordPress Multiple Products

The Export WP Page to Static HTML & PDF plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3...

2025-12-14
CVE-2025-11620
7.2
WordPress Multiple Products

The Multiple Roles per User plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mrpu_add...

2025-11-19
CVE-2025-11533
Analyzed
9.8
WordPress Multiple Products

The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_regi...

2025-10-12
CVE-2025-11522
Analyzed
9.8
WordPress Multiple Products

The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and...

2025-10-09
CVE-2025-11521
Analyzed
8.1
WordPress Multiple Products

The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remo...

2025-11-13
CVE-2025-11504
Analyzed
7.5
WordPress Multiple Products

The Quickcreator – AI Blog Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 0

2025-10-24
CVE-2025-11501
Analyzed
7.5
WordPress Multiple Products

The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the 'tax_query' parameter in all versions up to, and including,...

2025-10-16
CVE-2025-11499
Analyzed
9.8
WordPress Multiple Products

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to...

2025-11-01
CVE-2025-11456
Analyzed
9.8
WordPress Multiple Products

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validati...

2025-11-22
CVE-2025-11452
Analyzed
7.5
WordPress Multiple Products

The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$_COOKIE['asgarosforum_unread_exclude']' cookie in all versions up to,...

2025-11-09
CVE-2025-11451
7.5
WordPress Multiple Products

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and incl...

2025-11-13
CVE-2025-11204
Analyzed
7.2
WordPress Multiple Products

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in a...

2025-10-08
CVE-2025-11177
Analyzed
7.5
WordPress Multiple Products

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1

2025-10-16
CVE-2025-11168
Analyzed
8.8
WordPress Multiple Products

The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2

2025-11-13
CVE-2025-11127
Analyzed
9.8
WordPress Multiple Products

The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using...

2025-11-22
CVE-2025-11087
Analyzed
8.8
WordPress Multiple Products

The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2

2025-11-22
CVE-2025-11086
Analyzed
8.1
WordPress Multiple Products

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up t...

2025-10-22
CVE-2025-11008
Analyzed
9.8
WordPress Multiple Products

The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This...

2025-11-04
CVE-2025-11007
Analyzed
9.8
WordPress Multiple Products

The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_...

2025-11-04
CVE-2025-10916
Analyzed
9.1
WordPress Multiple Products

The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible...

2025-10-21
CVE-2025-10915
Analyzed
9.8
WordPress Multiple Products

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check.

2026-01-14
CVE-2025-10897
Analyzed
8.6
WordPress Multiple Products

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1

2025-10-31
CVE-2025-10896
Analyzed
8.8
WordPress Multiple Products

Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via...

2025-11-04
CVE-2025-10862
Analyzed
7.5
WordPress Multiple Products

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to SQL Injec...

2025-10-09
CVE-2025-10861
Analyzed
7.5
WordPress Multiple Products

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to Server-Si...

2025-10-24
CVE-2025-10850
Analyzed
9.8
WordPress Multiple Products

The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcode...

2025-10-16
CVE-2025-10754
Analyzed
7.2
WordPress Multiple Products

The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload function...

2025-10-16
CVE-2025-10747
Analyzed
7.2
WordPress Multiple Products

The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download-add

2025-09-26
CVE-2025-10743
Analyzed
7.5
WordPress Multiple Products

The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1

2025-10-16
CVE-2025-10742
Analyzed
9.8
WordPress Multiple Products

The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the p...

2025-10-16
CVE-2025-10738
Analyzed
9.8
WordPress Multiple Products

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analytic_id’ parameter in all versions up to, and...

2025-12-14
CVE-2025-10726
Analyzed
9.1
WordPress Multiple Products

The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'data[id]' parameter in all versions up to, and including, 2.0. This is due...

2025-10-03
CVE-2025-10706
Analyzed
8.8
WordPress Multiple Products

The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_p...

2025-10-16
CVE-2025-10690
Analyzed
9.8
WordPress Multiple Products

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized arbitrary file uploads due to a missing capability chec...

2025-09-19
CVE-2025-10686
Analyzed
7.2
WordPress Multiple Products

The Creta Testimonial Showcase WordPress plugin before 1

2025-11-15
CVE-2025-10647
Analyzed
8.8
WordPress Multiple Products

The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_handler_downloa...

2025-09-19
CVE-2025-10635
Analyzed
7.7
WordPress Multiple Products

The Find Me On WordPress plugin through 2

2025-10-08
CVE-2025-10587
Analyzed
9.8
WordPress Multiple Products

The Community Events plugin for WordPress is vulnerable to SQL Injection via the event_category parameter in all versions up to, and including, 1.5.1...

2025-10-08
CVE-2025-10586
Analyzed
9.8
WordPress Multiple Products

The Community Events plugin for WordPress is vulnerable to SQL Injection via the ‘event_venue’ parameter in all versions up to, and including, 1.5.1 d...

2025-10-09
CVE-2025-10582
Analyzed
8.8
WordPress Multiple Products

The WP Dispatcher plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1

2025-10-03
CVE-2025-10496
Analyzed
7.2
WordPress Multiple Products

The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uuid parameter in all versions up to, and includ...

2025-10-09
CVE-2025-10494
Analyzed
8.1
WordPress Multiple Products

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path v...

2025-10-08
CVE-2025-10487
Analyzed
7.3
WordPress Multiple Products

The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2

2025-11-01
CVE-2025-10412
Analyzed
9.8
WordPress Multiple Products

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to arbitrary file uploads du...

2025-09-23
CVE-2025-10380
Analyzed
8.8
WordPress Multiple Products

The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to...

2025-09-23
CVE-2025-10313
Analyzed
7.2
WordPress Multiple Products

The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replac...

2025-10-16
CVE-2025-10299
Analyzed
8.8
WordPress Multiple Products

The WPBifröst – Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability chec...

2025-10-15
CVE-2025-10294
Analyzed
9.8
WordPress Multiple Products

The OwnID Passwordless Login plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.4. This is due to t...

2025-10-15
CVE-2025-10293
Analyzed
8.8
WordPress Multiple Products

The Keyy Two Factor Authentication (like Clef) plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to,...

2025-10-15
CVE-2025-10269
Analyzed
7.5
WordPress Multiple Products

The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1

2025-09-12
CVE-2025-10176
Analyzed
7.2
WordPress Multiple Products

The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in th...

2025-09-12
CVE-2025-10162
Analyzed
7.5
WordPress Multiple Products

The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloade...

2025-10-07
CVE-2025-10147
Analyzed
9.8
WordPress Multiple Products

The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_origina...

2025-09-23
CVE-2025-10145
Analyzed
7.7
WordPress Multiple Products

The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,...

2025-10-28
CVE-2025-10143
Analyzed
7.5
WordPress Multiple Products

The Catch Dark Mode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2

2025-09-17
CVE-2025-10134
Analyzed
9.1
WordPress Multiple Products

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in...

2025-09-09
CVE-2025-10058
Analyzed
8.1
WordPress Multiple Products

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path va...

2025-09-17
CVE-2025-10057
Analyzed
8.8
WordPress Multiple Products

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and includi...

2025-09-17
CVE-2025-10051
Analyzed
7.2
WordPress Multiple Products

The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and includ...

2025-10-16
CVE-2025-10041
Analyzed
9.8
WordPress Multiple Products

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesave_qr_code_to_db()...

2025-10-15
CVE-2025-10040
Analyzed
7.7
WordPress Multiple Products

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability...

2025-09-10
CVE-2024-6228
Analyzed
7.5
WordPress Notifications for Forms & WordPress Actions

The Notifications for Forms & WordPress Actions WordPress plugin before 2

2026-07-07
CVE-2024-58349
Analyzed
9.8
WordPress Theme Travelscape

WordPress Theme Travelscape 1.0.3 is susceptible to remote code execution due to insufficient validation of file uploads in the theme directory.

2026-06-08
CVE-2024-58348
Analyzed
9.8
WordPress Background Image Cropper

WordPress Background Image Cropper 1.2 allows unauthenticated attackers to execute arbitrary code via an insecure file upload endpoint.

2026-06-08
CVE-2024-14015
Analyzed
7.1
WordPress Multiple Products

The WordPress eCommerce Plugin WordPress plugin through 2

2025-11-25
CVE-2024-13807
Analyzed
7.5
WordPress Multiple Products

The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7

2025-08-28
CVE-2024-13507
Analyzed
7.5
WordPress Multiple Products

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to time-based SQL Injection via t...

2025-07-28
CVE-2024-13342
Analyzed
8.1
WordPress Multiple Products

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_orde...

2025-08-29
CVE-2024-12612
Analyzed
7.5
WordPress Multiple Products

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in a...

2025-08-17
CVE-2024-11976
Analyzed
7.3
WordPress Multiple Products

The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14

2026-01-24
CVE-2023-7337
7.5
WordPress is vulnerable

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus...

2026-03-05
CVE-2023-54359
8.2
WordPress adivaha Travel

WordPress adivaha Travel Plugin 2

2026-04-10
CVE-2023-54351
Analyzed
7.2
WordPress Sonaar Music Plugin

WordPress Sonaar Music Plugin 4

2026-06-08
CVE-2023-54346
7.5
WordPress Plugin Backup

WordPress Plugin Backup Migration 1

2026-05-06
CVE-2021-47979
Analyzed
8.8
WordPress Plugin Backup

WordPress Plugin Backup and Restore 1

2026-05-17
CVE-2021-47977
Analyzed
7.5
WordPress Plugin Anti

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4

2026-05-17
CVE-2021-47965
Analyzed
9.8
WordPress Plugin WP

The WP Super Edit plugin for WordPress contains an unrestricted file upload vulnerability in the FCKeditor component, enabling remote code execution.

2026-05-16
CVE-2021-47959
Analyzed
7.5
WordPress Plugin WPGraphQL

WordPress Plugin WPGraphQL 1

2026-05-17
CVE-2021-47941
Analyzed
8.2
WordPress cookie parameter

WordPress Plugin Survey & Poll 1

2026-05-10
CVE-2021-47933
Analyzed
9.8
WordPress MStore API

An arbitrary file upload vulnerability in the MStore API allows unauthenticated attackers to execute malicious code on the host server via the REST AP...

2026-05-10
CVE-2021-47932
Analyzed
9.8
WordPress TheCartPress

An unauthenticated privilege escalation vulnerability in TheCartPress WordPress plugin allows attackers to create new administrative accounts via the...

2026-05-10
CVE-2020-37255
Analyzed
7.5
WordPress Time Capsule Plugin

WordPress Time Capsule Plugin 1

2026-06-22
CVE-2020-36852
Analyzed
9.1
WordPress Multiple Products

The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1,...

2025-10-01
CVE-2019-25738
Analyzed
9.8
WordPress Hybrid Composer

WordPress Hybrid Composer 1.4.6 allows unauthenticated attackers to modify site options via the hc_ajax_save_option action, facilitating full account...

2026-06-05
CVE-2019-25296
Analyzed
9.8
WordPress Multiple Products

The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload...

2026-01-08
CVE-2018-25436
Analyzed
9.8
WordPress Baggage Freight Shipping Australia Plugin

The WordPress Baggage Freight Shipping Australia plugin contains an unrestricted file upload vulnerability allowing unauthenticated remote code execut...

2026-06-16
CVE-2018-25329
Analyzed
7.5
WordPress Plugin WP

WordPress Plugin WP with Spritz 1

2026-05-18
CVE-2016-20075
Analyzed
8.8
WordPress Ultimate Product Catalog

WordPress Ultimate Product Catalog 3

2026-06-16
CVE-2016-20073
Analyzed
8.2
WordPress Answer My Question

Answer My Question 1

2026-06-16
CVE-2016-20072
Analyzed
8.2
WordPress e-Franchise

BBS e-Franchise 1

2026-06-16
CVE-2016-20071
Analyzed
8.2
WordPress 404 Redirection Manager

The 404 Redirection Manager plugin version 1

2026-06-16
CVE-2016-20069
Analyzed
8.2
WordPress Booking Calendar

WordPress Booking Calendar Contact Form 1

2026-06-16
CVE-2016-20068
Analyzed
8.2
WordPress Booking Calendar

WordPress Booking Calendar Contact Form version 1

2026-06-16
CVE-2015-10139
Analyzed
8.8
WordPress Multiple Products

The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1

2025-07-21
CVE-2015-10137
Analyzed
9.8
WordPress Multiple Products

The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upl...

2025-07-24
CVE-2015-10136
Analyzed
7.5
WordPress Multiple Products

The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3

2025-07-21
CVE-2015-10134
Analyzed
7.5
WordPress Multiple Products

The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2

2025-07-21
CVE-2015-10133
Analyzed
7.2
WordPress Multiple Products

The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2

2025-07-21