CVE-2026-8095 - The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File

CVE-2026-8039 - The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'au

CVE-2026-2021 - The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-9815 - The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded t

CVE-2026-12137 - The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plu

CVE-2026-12136 - The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-12111 - The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposur

CVE-2026-12102 - The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for W

CVE-2026-12098 - The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site

CVE-2026-11395 - The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions

CVE-2026-9199 - The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for Wo

CVE-2026-12120 - The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to S

CVE-2026-12093 - The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up

CVE-2026-11784 - The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin f

CVE-2026-11777 - The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is v

CVE-2026-11776 - The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is v

CVE-2026-11402 - The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vul

CVE-2026-11360 - The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injectio

CVE-2026-11358 - The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin fo

CVE-2026-11357 - The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to

CVE-2026-10736 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic S

CVE-2026-10623 - The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is v

CVE-2026-12407 - The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorizatio

CVE-2026-10023 - The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Et

CVE-2025-69130 - Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.

CVE-2025-69115 - Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2

CVE-2026-9570 - The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before ech

CVE-2026-8607 - The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred p

CVE-2026-8494 - The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via pos

CVE-2026-8383 - The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST en

CVE-2026-8089 - The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommer

CVE-2026-7850 - The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URL

CVE-2026-25470 - Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom

CVE-2026-22343 - Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.

CVE-2026-22342 - Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.

CVE-2026-12360 - The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and includin

CVE-2026-12115 - The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vul

CVE-2025-69135 - Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.

CVE-2025-69131 - Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from

CVE-2025-69129 - Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from An

CVE-2025-60223 - Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.

CVE-2025-49403 - Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3

CVE-2026-8442 - The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions u

CVE-2026-52715 - Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.

CVE-2026-2381 - The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modificati

CVE-2026-8444 - The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]'

CVE-2026-10093 - The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Store

CVE-2026-9187 - The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post delet

CVE-2026-6933 - The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing auth

CVE-2026-5149 - The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and

CVE-2026-10780 - The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versi

CVE-2026-6964 - The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all v

CVE-2026-49776 - Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatica

CVE-2026-48964 - Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

CVE-2026-40773 - Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions.

CVE-2026-39468 - Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versio

CVE-2019-25746 - WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows au

CVE-2018-25437 - WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows

CVE-2018-25436 - WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulne

CVE-2016-20084 - WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities

CVE-2016-20083 - WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows att

CVE-2016-20082 - WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated at

CVE-2016-20081 - WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows una

CVE-2016-20080 - WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability i

CVE-2016-20079 - WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allow

CVE-2016-20078 - WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauth

CVE-2016-20077 - WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauth

CVE-2016-20076 - WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attacker

CVE-2016-20075 - WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows

CVE-2016-20074 - WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that al

CVE-2016-20073 - Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unau

CVE-2016-20072 - BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unaut

CVE-2016-20071 - The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injecti

CVE-2016-20070 - WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site s

CVE-2016-20069 - WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulne

CVE-2016-20068 - WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injecti

CVE-2016-20067 - WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers t

CVE-2016-20066 - WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attack

CVE-2026-9278 - The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration v

CVE-2026-8935 - The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given

CVE-2026-8386 - The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its

CVE-2026-8385 - The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter

CVE-2025-15546 - The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when t

CVE-2026-5513 - The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to

CVE-2026-1291 - The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a mi

CVE-2026-9629 - The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter

CVE-2026-3297 - The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to St

CVE-2026-2470 - The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to In

CVE-2026-9134 - The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_att

CVE-2026-9109 - The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin

CVE-2026-9062 - The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a f

CVE-2026-9061 - The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata bef

CVE-2026-9848 - The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query par

CVE-2026-12089 - The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbi

CVE-2026-9269 - The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not saniti

CVE-2026-47365 - Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows

CVE-2026-9125 - The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_ur

CVE-2026-46698 - Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds

CVE-2026-46697 - Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds

CVE-2026-10795 - The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication B

CVE-2026-2827 - The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum

CVE-2026-3018 - The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscrib

CVE-2025-6254 - The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,

CVE-2026-9019 - The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'grid[p

CVE-2026-8853 - The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' para

CVE-2026-8613 - The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting v

CVE-2026-9067 - The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilit

CVE-2026-9060 - The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings bef

CVE-2026-8071 - The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize

CVE-2026-3326 - The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before usi

CVE-2025-8444 - The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for Wo

CVE-2017-20251 - WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that al

CVE-2017-20247 - WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthen

CVE-2017-20246 - KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenti

CVE-2017-20245 - Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthent

CVE-2017-20244 - Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthent

CVE-2017-20243 - WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerab

CVE-2016-20065 - Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unaut

CVE-2016-20062 - Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthent

CVE-2026-4058 - The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registrat

CVE-2026-8677 - The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is

CVE-2026-8599 - The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for Word

CVE-2026-8365 - The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Executi

CVE-2026-11616 - The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in v

CVE-2026-8981 - The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_h

CVE-2026-4986 - The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal we

CVE-2026-9662 - The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all v

CVE-2026-9185 - The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Control

CVE-2026-8977 - The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-8940 - The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-8910 - The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-8909 - The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a

CVE-2026-8907 - The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up

CVE-2026-8904 - The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin

CVE-2026-8902 - The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ver

CVE-2026-8895 - The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's

CVE-2026-8883 - The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Script

CVE-2026-8882 - The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-8880 - The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'b

CVE-2026-8841 - The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-8499 - The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP

CVE-2026-7662 - The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '

CVE-2026-11603 - The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site S

CVE-2026-10738 - The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Foo

CVE-2026-10553 - The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v

CVE-2026-10024 - The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'b

CVE-2026-7556 - The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-5714 - The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘

CVE-2026-10862 - The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion b

CVE-2026-3011 - The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th

CVE-2024-58349 - WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauth

CVE-2024-58348 - WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that a

CVE-2023-54352 - WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attack

CVE-2023-54351 - WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows u

CVE-2023-54350 - WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder co

CVE-2022-50953 - WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows un

CVE-2021-47984 - WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that a

CVE-2021-47983 - WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that al

CVE-2021-47982 - WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows

CVE-2026-9851 - The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover

CVE-2026-9829 - The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to tim

CVE-2026-9016 - The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable t

CVE-2026-8839 - The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through U

CVE-2026-8611 - The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Refere

CVE-2026-9280 - The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Sit

CVE-2026-9197 - The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to,

CVE-2026-8991 - The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stor

CVE-2026-8978 - The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable

CVE-2026-8502 - The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vul

CVE-2026-7796 - The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more pl

CVE-2026-7795 - The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-7792 - The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin

CVE-2026-7665 - The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is v

CVE-2026-7566 - The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection

CVE-2026-7565 - The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read v

CVE-2026-7537 - The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all version

CVE-2026-2500 - The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and

CVE-2026-9281 - The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits

CVE-2026-9008 - The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and

CVE-2026-8901 - The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin f

CVE-2026-8438 - The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored

CVE-2026-9719 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-9290 - The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local

CVE-2026-8976 - The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu

CVE-2026-8900 - The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Short

CVE-2026-8893 - The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-8608 - The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to

CVE-2026-7047 - The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers

CVE-2026-6448 - The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to

CVE-2026-10038 - The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin

CVE-2025-12656 - The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to ar

CVE-2026-7654 - The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code

CVE-2026-7523 - The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and

CVE-2026-10580 - The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass le

CVE-2026-10586 - The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress i

CVE-2019-25744 - WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows au

CVE-2019-25743 - WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows

CVE-2019-25742 - WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability tha

CVE-2019-25738 - WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allow

CVE-2019-25727 - WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows

CVE-2026-8653 - The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'co

CVE-2026-10737 - The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a

CVE-2026-9732 - The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross

CVE-2026-7421 - The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versi

CVE-2026-5076 - The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in a

CVE-2026-5074 - The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parame

CVE-2026-5073 - The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter o

CVE-2026-1829 - The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution

CVE-2026-5191 - The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site s

CVE-2026-9730 - The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery i

CVE-2026-9722 - The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t

CVE-2026-9599 - The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u

CVE-2026-9234 - The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in ver

CVE-2026-8885 - The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-8422 - The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery

CVE-2026-4081 - The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [zemstl] short

CVE-2026-4080 - The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_to_cart

CVE-2026-4071 - The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,

CVE-2026-3620 - The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replace

CVE-2026-2425 - The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via

CVE-2026-2382 - The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th

CVE-2026-1451 - The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' paramet

CVE-2026-1450 - The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' para

CVE-2025-5085 - The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_l

CVE-2026-8293 - The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor chal

CVE-2026-8206 - The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable t

CVE-2026-3722 - The Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)

CVE-2026-10100 - The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t

CVE-2026-9050 - The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable t

CVE-2026-9048 - The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versio

CVE-2018-25434 - WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to

CVE-2026-8382 - The Advanced Custom Fields (ACF®) plugin for WordPress is vulnerable to authorization bypass in all

CVE-2026-9757 - The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng'

CVE-2026-7465 - The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerab

CVE-2026-7459 - The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to a

CVE-2026-4290 - The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-

CVE-2025-12714 - The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unau

CVE-2026-9189 - The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via

CVE-2026-6075 - The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers

CVE-2026-10039 - The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the

CVE-2026-9243 - The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-3655 - The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authenticati

CVE-2025-11262 - The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user

CVE-2026-9714 - The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-8732 - The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account

CVE-2026-6275 - The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Si

CVE-2025-14042 - The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-S

CVE-2025-11993 - The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object

CVE-2026-2128 - The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorize

CVE-2026-8995 - The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Se