CVE-2026-9676 - The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce veri

CVE-2026-10083 - The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before renderi

CVE-2026-8095 - The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File

CVE-2026-9242 - The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin

CVE-2026-9233 - The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to

CVE-2026-3462 - The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missi

CVE-2026-13295 - The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-12471 - The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check

CVE-2026-12432 - The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up t

CVE-2026-12399 - The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to

CVE-2026-11987 - The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Et

CVE-2026-11783 - The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Et

CVE-2026-11773 - The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to

CVE-2026-11597 - The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scriptin

CVE-2026-11364 - The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modifi

CVE-2026-9677 - The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape th

CVE-2026-13245 - The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting

CVE-2026-12404 - The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorizat

CVE-2026-10820 - The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C

CVE-2026-12415 - The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing ca

CVE-2026-13422 - The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.

CVE-2026-13333 - The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to ge

CVE-2026-13331 - The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to ge

CVE-2026-11356 - The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site S

CVE-2026-56011 - Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.

CVE-2025-68063 - Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Ho

CVE-2026-1869 - The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, Us

CVE-2026-8380 - The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of

CVE-2026-10835 - The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a para

CVE-2026-10823 - The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST

CVE-2025-10268 - The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulner

CVE-2026-13226 - The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to ge

CVE-2026-12937 - The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for Word

CVE-2026-9702 - The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the leg

CVE-2026-5305 - The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin bef

CVE-2026-10824 - The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-p

CVE-2026-2508 - The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘st

CVE-2026-12079 - The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ param

CVE-2026-12077 - The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude'

CVE-2026-10833 - The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress i

CVE-2026-12242 - The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injection in all versions

CVE-2026-7761 - The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link D

CVE-2026-9724 - The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to

CVE-2026-9721 - The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in a

CVE-2026-9710 - The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-p

CVE-2026-9709 - The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST

CVE-2026-9643 - The WP Meta SEO plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting vi

CVE-2026-9620 - The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted im

CVE-2026-9619 - The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in al

CVE-2026-9616 - The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions

CVE-2026-9612 - The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive In

CVE-2026-9184 - The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of d

CVE-2026-9183 - The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Informat

CVE-2026-9179 - The WP Forms Connector plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter

CVE-2026-9178 - The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up

CVE-2026-9175 - The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to

CVE-2026-9172 - The Devs Accounting – Simple Accounting and Invoicing Solution plugin for WordPress is vulnerable to

CVE-2026-8905 - The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all

CVE-2026-8896 - The MIR blocks and shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-8865 - The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site

CVE-2026-8705 - The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the `pagseguro[metodo]`

CVE-2026-8690 - The RentMy Real-Time Rental Management Plugin plugin for WordPress is vulnerable to authorization by

CVE-2026-8688 - The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versi

CVE-2026-8628 - The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF

CVE-2026-8622 - The Image Sizes on Demand plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via P

CVE-2026-8617 - The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data

CVE-2026-8614 - The Assistio plugin for WordPress is vulnerable to unauthorized modification of data due to a missin

CVE-2026-7617 - The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, a

CVE-2026-6292 - The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2026-4297 - The Welcome Software Publishing plugin for WordPress is vulnerable to Arbitrary Options Update in al

CVE-2026-12417 - The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Re

CVE-2026-12416 - The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in a

CVE-2026-12100 - The URL Preview plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up

CVE-2026-12095 - The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up

CVE-2026-12094 - The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion

CVE-2026-11997 - The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t

CVE-2026-10749 - The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during po

CVE-2026-10735 - Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress pl

CVE-2026-10552 - The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to

CVE-2026-10531 - The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shor

CVE-2026-10092 - The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scriptin

CVE-2026-10091 - The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-3652 - The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value` parame

CVE-2026-11614 - The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site

CVE-2026-4610 - The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored

CVE-2026-8379 - The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly enforce its nonce c

CVE-2026-8378 - The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filena

CVE-2026-8172 - The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input

CVE-2026-8163 - The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some param

CVE-2026-7842 - The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize

CVE-2026-8157 - The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned

CVE-2026-7859 - The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on on

CVE-2026-6858 - The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displaye

CVE-2026-4259 - The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a p

CVE-2026-4110 - The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a p

CVE-2026-10530 - The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when gene

CVE-2020-37255 - WordPress Time Capsule Plugin 1.21.16 contains an authentication bypass vulnerability that allows un

CVE-2026-12119 - The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a mis

CVE-2026-11912 - The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insuff

CVE-2026-11911 - The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficie

CVE-2026-9843 - The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbi

CVE-2026-11551 - The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all ve

CVE-2026-12238 - The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass

CVE-2026-6798 - The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized a

CVE-2026-3640 - The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all

CVE-2026-9822 - The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of

CVE-2026-9013 - The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to,

CVE-2026-8713 - The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insu

CVE-2026-8118 - The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vuln

CVE-2026-7547 - The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read vi

CVE-2026-7515 - The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and

CVE-2026-4328 - The Advanced Import plugin for WordPress is vulnerable to Server-Side Request Forgery in all version

CVE-2026-1856 - The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting v

CVE-2026-12430 - The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin se

CVE-2026-12157 - The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Block Editor plugin for WordPres

CVE-2026-10779 - The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to M

CVE-2026-10034 - The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to authorization bypass in all versions

CVE-2026-11775 - The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve

CVE-2026-8039 - The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'au

CVE-2026-2021 - The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-9815 - The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded t

CVE-2026-12137 - The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plu

CVE-2026-12136 - The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-12111 - The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposur

CVE-2026-12102 - The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for W

CVE-2026-12098 - The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site

CVE-2026-11395 - The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions

CVE-2026-9199 - The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for Wo

CVE-2026-12120 - The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to S

CVE-2026-12093 - The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up

CVE-2026-11784 - The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin f

CVE-2026-11777 - The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is v

CVE-2026-11776 - The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is v

CVE-2026-11402 - The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vul

CVE-2026-11360 - The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injectio

CVE-2026-11358 - The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin fo

CVE-2026-11357 - The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to

CVE-2026-10736 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to generic S

CVE-2026-10623 - The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is v

CVE-2026-12407 - The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorizatio

CVE-2026-10023 - The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Et

CVE-2025-69130 - Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.

CVE-2025-69115 - Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2

CVE-2026-9570 - The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before ech

CVE-2026-8607 - The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred p

CVE-2026-8494 - The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via pos

CVE-2026-8383 - The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST en

CVE-2026-8089 - The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommer

CVE-2026-7850 - The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URL

CVE-2026-25470 - Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom

CVE-2026-22343 - Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.

CVE-2026-22342 - Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.

CVE-2026-12360 - The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and includin

CVE-2026-12115 - The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vul

CVE-2025-69135 - Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.

CVE-2025-69131 - Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from

CVE-2025-69129 - Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from An

CVE-2025-60223 - Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.

CVE-2025-49403 - Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3

CVE-2026-8442 - The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions u

CVE-2026-52715 - Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.

CVE-2026-2381 - The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modificati

CVE-2026-8444 - The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]'

CVE-2026-10093 - The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Store

CVE-2026-9187 - The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post delet

CVE-2026-6933 - The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing auth

CVE-2026-5149 - The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and

CVE-2026-10780 - The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versi

CVE-2026-6964 - The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all v

CVE-2026-49776 - Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatica

CVE-2026-48964 - Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

CVE-2026-40773 - Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions.

CVE-2026-39468 - Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versio

CVE-2019-25746 - WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows au

CVE-2018-25437 - WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows

CVE-2018-25436 - WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulne

CVE-2016-20084 - WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities

CVE-2016-20083 - WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows att

CVE-2016-20082 - WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated at

CVE-2016-20081 - WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows una

CVE-2016-20080 - WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability i

CVE-2016-20079 - WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allow

CVE-2016-20078 - WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauth

CVE-2016-20077 - WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauth

CVE-2016-20076 - WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attacker

CVE-2016-20075 - WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows

CVE-2016-20074 - WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that al

CVE-2016-20073 - Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unau

CVE-2016-20072 - BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unaut

CVE-2016-20071 - The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injecti

CVE-2016-20070 - WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site s

CVE-2016-20069 - WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulne

CVE-2016-20068 - WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injecti

CVE-2016-20067 - WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers t

CVE-2016-20066 - WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attack

CVE-2026-9278 - The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration v

CVE-2026-8935 - The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given

CVE-2026-8386 - The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its

CVE-2026-8385 - The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter

CVE-2025-15546 - The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when t

CVE-2026-5513 - The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to

CVE-2026-1291 - The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a mi

CVE-2026-9629 - The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter

CVE-2026-3297 - The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to St

CVE-2026-2470 - The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to In

CVE-2026-9134 - The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_att

CVE-2026-9109 - The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin

CVE-2026-9062 - The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a f

CVE-2026-9061 - The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata bef

CVE-2026-9848 - The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query par

CVE-2026-12089 - The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbi

CVE-2026-9269 - The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not saniti

CVE-2026-47365 - Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows

CVE-2026-9125 - The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_ur

CVE-2026-46698 - Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds

CVE-2026-46697 - Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds

CVE-2026-10795 - The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication B

CVE-2026-2827 - The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum

CVE-2026-3018 - The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscrib

CVE-2025-6254 - The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to,

CVE-2026-9019 - The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'grid[p

CVE-2026-8853 - The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' para

CVE-2026-8613 - The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting v

CVE-2026-9067 - The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilit

CVE-2026-9060 - The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings bef

CVE-2026-8071 - The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize

CVE-2026-3326 - The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before usi

CVE-2025-8444 - The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for Wo

CVE-2017-20251 - WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that al

CVE-2017-20247 - WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthen

CVE-2017-20246 - KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenti

CVE-2017-20245 - Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthent

CVE-2017-20244 - Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthent

CVE-2017-20243 - WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerab

CVE-2016-20065 - Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unaut

CVE-2016-20062 - Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthent

CVE-2026-4058 - The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registrat

CVE-2026-8677 - The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is

CVE-2026-8599 - The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for Word

CVE-2026-8365 - The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Executi

CVE-2026-11616 - The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in v

CVE-2026-8981 - The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_h

CVE-2026-4986 - The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal we

CVE-2026-9662 - The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all v

CVE-2026-9185 - The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Control

CVE-2026-8977 - The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-8940 - The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-8910 - The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-8909 - The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a

CVE-2026-8907 - The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up