CVE-2026-6514 - The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to,

CVE-2026-6512 - The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to,

CVE-2026-6504 - The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-6206 - The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and

CVE-2026-6174 - The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more'

CVE-2026-6145 - The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in al

CVE-2026-6670 - The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and inclu

CVE-2026-6510 - The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorizat

CVE-2026-6506 - The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to,

CVE-2026-6271 - The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to

CVE-2026-6252 - The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagN

CVE-2026-6225 - The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress i

CVE-2026-5395 - The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin fo

CVE-2026-5365 - The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to

CVE-2026-5193 - The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is v

CVE-2026-3892 - The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbit

CVE-2026-3718 - The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-K

CVE-2026-3694 - The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tex

CVE-2026-6417 - The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scriptin

CVE-2026-5396 - The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled

CVE-2026-5243 - The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCom

CVE-2026-3829 - The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugi

CVE-2025-15345 - The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripti

CVE-2026-7648 - The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vul

CVE-2026-7525 - The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypas

CVE-2026-5361 - The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RE

CVE-2026-5486 - The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'da

CVE-2020-37169 - WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows aut

CVE-2026-4609 - The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauth

CVE-2026-4608 - The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind

CVE-2026-4607 - The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to author

CVE-2026-6177 - The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versio

CVE-2026-3426 - The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of d

CVE-2026-3425 - The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all ve

CVE-2026-4798 - The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘product_or

CVE-2026-4782 - The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, a

CVE-2026-2515 - The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to

CVE-2026-3004 - The Snow Monkey Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘da

CVE-2025-14767 - The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-6965 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure

CVE-2026-6929 - The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerabl

CVE-2025-14033 - The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access

CVE-2026-7635 - The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object In

CVE-2026-7619 - The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin

CVE-2026-7051 - The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Au

CVE-2026-6962 - The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerab

CVE-2026-6828 - The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin fo

CVE-2025-9989 - The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings

CVE-2025-9988 - The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capabilit

CVE-2025-9987 - The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions

CVE-2025-14755 - The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation

CVE-2026-1250 - The Court Reservation – Manage Your Court Bookings Online plugin for WordPress is vulnerable to gene

CVE-2025-15463 - The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode e

CVE-2026-6813 - The Continually plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings

CVE-2026-6800 - The FastBots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in

CVE-2026-1934 - The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypa

CVE-2026-7661 - The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `b

CVE-2026-7659 - The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi

CVE-2026-7626 - The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to Information Exposure in versi

CVE-2026-7616 - The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up

CVE-2026-7562 - The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions

CVE-2026-7561 - The Tm – WordPress Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in a

CVE-2026-7437 - The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `editpos_h

CVE-2026-7050 - The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and i

CVE-2026-6932 - The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in

CVE-2026-6913 - The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget_ar

CVE-2026-6808 - The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via t

CVE-2026-6710 - The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve

CVE-2026-6709 - The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization

CVE-2026-6708 - The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing

CVE-2026-6690 - The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' paramete

CVE-2026-6663 - The GWD Connect plugin for WordPress is vulnerable to missing authorization to limited code executio

CVE-2026-6256 - The Credits Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lin

CVE-2026-6247 - The scratchblocks for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '

CVE-2026-6237 - The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' at

CVE-2026-5715 - The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' at

CVE-2026-5693 - The Smart Appointment & Booking plugin for WordPress is vulnerable to unauthorized modification of d

CVE-2026-5340 - The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugi

CVE-2026-5028 - The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injecti

CVE-2026-4920 - The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' sh

CVE-2026-4859 - The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'desi

CVE-2026-4663 - The iPOSpays Gateways WC plugin for WordPress is vulnerable to Missing Authorization in versions up

CVE-2026-4301 - The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to

CVE-2026-3604 - The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-2993 - The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in

CVE-2026-2300 - The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `filter_i

CVE-2026-6433 - The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before us

CVE-2022-50970 - WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authe

CVE-2022-50961 - WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored cross-site scripting vulnerabi

CVE-2022-50960 - WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-si

CVE-2022-50959 - WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that al

CVE-2022-50958 - WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows una

CVE-2022-50956 - WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows u

CVE-2022-50955 - WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attac

CVE-2022-50954 - WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows

CVE-2022-50949 - WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that all

CVE-2022-50947 - WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulner

CVE-2022-50946 - WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability t

CVE-2022-50945 - WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability

CVE-2021-47951 - WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows aut

CVE-2021-47948 - WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated at

CVE-2021-47941 - WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthent

CVE-2021-47940 - WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vuln

CVE-2021-47933 - WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticat

CVE-2021-47932 - WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that a

CVE-2021-47927 - WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that

CVE-2026-8198 - The Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin for WordPres

CVE-2026-7652 - The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mech

CVE-2026-7650 - The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Sc

CVE-2026-7475 - The Sky Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `sky-custom

CVE-2026-5341 - The NMR Strava activities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-7330 - The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versio

CVE-2026-5127 - The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registrat

CVE-2026-4935 - The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitiz

CVE-2026-7252 - The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

CVE-2026-6692 - The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0

CVE-2026-4348 - The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_d

CVE-2026-6214 - The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to a

CVE-2026-4807 - The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in vers

CVE-2026-6222 - The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to a

CVE-2026-1719 - The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up

CVE-2026-7457 - The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up t

CVE-2026-7332 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-6672 - The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-

CVE-2026-6344 - The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and inc

CVE-2026-2306 - The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized databa

CVE-2026-5753 - The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Author

CVE-2026-3208 - The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access

CVE-2026-4304 - The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parame

CVE-2026-6262 - The Betheme theme for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and incl

CVE-2026-6261 - The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and includ

CVE-2023-54346 - WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows

CVE-2026-3601 - The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification o

CVE-2026-3359 - The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is v

CVE-2026-5192 - The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vuln

CVE-2026-3454 - The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object Reference in all ver

CVE-2026-2729 - The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and

CVE-2026-4362 - The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of

CVE-2026-5957 - The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and inc

CVE-2026-5294 - The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and inc

CVE-2026-5159 - The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-4803 - The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-4665 - The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted f

CVE-2026-3456 - The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress

CVE-2026-2948 - The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable

CVE-2026-6704 - The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page

CVE-2026-6702 - The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versio

CVE-2026-6701 - The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up

CVE-2026-6700 - The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t

CVE-2026-6696 - The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via t

CVE-2026-6255 - The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-5505 - The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `cl

CVE-2026-5247 - The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cros

CVE-2026-5100 - The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter

CVE-2026-4730 - The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website plugin for Wo

CVE-2026-4409 - The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification o

CVE-2026-2868 - The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable

CVE-2026-1921 - The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and i

CVE-2025-13618 - The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and

CVE-2026-5722 - The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up t

CVE-2026-25863 - Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolle

CVE-2026-41471 - Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contain an information disclosu

CVE-2026-32834 - Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentica

CVE-2026-5335 - The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly acce

CVE-2026-5337 - During the analysis, it was identified that authenticated attackers with Subscriber-level access or

CVE-2026-5063 - The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cro

CVE-2026-3504 - The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerabl

CVE-2026-2554 - The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plu

CVE-2026-0703 - The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cros

CVE-2026-6817 - The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rat

CVE-2026-6320 - The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in

CVE-2026-4790 - The Premium Addons for Elementor – Powerful Elementor Templates & Widgets plugin for WordPress is vu

CVE-2026-4100 - The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disrupt

CVE-2026-4062 - The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' a

CVE-2026-4061 - The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type

CVE-2026-4060 - The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' paramet

CVE-2026-5077 - The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versio

CVE-2026-5324 - The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scr

CVE-2026-4024 - The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of da

CVE-2026-7649 - The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plu

CVE-2026-6457 - The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo_mas

CVE-2026-6449 - The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Impr

CVE-2026-4650 - The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in ver

CVE-2026-2052 - The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin f

CVE-2026-7647 - The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions u

CVE-2026-7049 - The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-

CVE-2026-6916 - The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin

CVE-2026-6812 - The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and

CVE-2026-6447 - The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-5113 - The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent fiel

CVE-2026-5112 - The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting

CVE-2026-5111 - The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up t

CVE-2026-5110 - The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting

CVE-2026-5109 - The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up t

CVE-2026-7641 - The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation

CVE-2026-7458 - The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in

CVE-2026-6963 - The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capab

CVE-2026-6446 - The My Social Feeds – Social Feeds Embedder plugin for WordPress is vulnerable to Sensitive Informat

CVE-2026-4882 - The User Registration Advanced Fields plugin for WordPress is vulnerable to arbitrary file uploads d

CVE-2026-4658 - The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is v

CVE-2025-14726 - The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data

CVE-2026-7638 - The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable

CVE-2026-7209 - The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-6378 - The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `/wp-json/

CVE-2026-3143 - The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress i

CVE-2026-3772 - The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to

CVE-2026-3140 - The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-7567 - The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to an

CVE-2026-6127 - The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2024-13362 - Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via th

CVE-2026-2892 - The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions

CVE-2026-6498 - The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP

CVE-2026-2902 - The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Si

CVE-2026-4019 - The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data acc

CVE-2026-4911 - The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and

CVE-2026-4805 - The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, an

CVE-2026-5306 - The Check & Log Email WordPress plugin before 2.0.13 does not properly handle email replacement, wh

CVE-2026-6809 - The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Thre

CVE-2026-6725 - The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scrip

CVE-2026-6551 - The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-6741 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-7106 - The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation

CVE-2026-4078 - The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes

CVE-2026-3569 - The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions u

CVE-2026-3565 - The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a

CVE-2025-11762 - The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Se

CVE-2026-6810 - The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Refer

CVE-2026-5428 - The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ima

CVE-2026-5364 - The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary fil

CVE-2026-5347 - The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to a

CVE-2026-6393 - The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and inc

CVE-2026-2028 - The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to in

CVE-2026-4512 - The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key se

CVE-2026-4106 - The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX act

CVE-2026-3361 - The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsl

CVE-2026-3844 - The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file ty

CVE-2026-2951 - The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerab

CVE-2026-1923 - The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Sc

CVE-2026-1930 - The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missi

CVE-2026-1913 - The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t

CVE-2026-1395 - The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider

CVE-2026-6396 - The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in ver

CVE-2026-6246 - The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-6236 - The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' short

CVE-2026-6235 - The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'ma

CVE-2026-6041 - The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom

CVE-2026-5820 - The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table o

CVE-2026-5767 - The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin

CVE-2026-5748 - The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's

CVE-2026-4353 - The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id'