Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9018 |
|
Privilege Escalation in wordpress (CVE-2026-9018)
vulnerability in wordpress (CVE-2026-9018). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_eel_register``.
|
| CVE-2026-9104 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9104)
cross-site scripting in wordpress (CVE-2026-9104). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4070 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-4070)
vulnerability in wordpress (CVE-2026-4070). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6864 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6864)
cross-site scripting in wordpress (CVE-2026-6864). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7249 |
|
Vulnerability in wordpress (CVE-2026-7249)
vulnerability in wordpress (CVE-2026-7249). Risk of unauthorized operations or information disclosure. Exploitable via ``init``.
|
| CVE-2026-7509 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7509)
cross-site scripting in wordpress (CVE-2026-7509). Risk of unauthorized operations or information disclosure. Exploitable via ``before``.
|
| CVE-2026-3481 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3481)
cross-site scripting in wordpress (CVE-2026-3481). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2518 |
|
Vulnerability in wordpress (CVE-2026-2518)
vulnerability in wordpress (CVE-2026-2518). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4834 |
|
SQL Injection in wordpress (CVE-2026-4834)
SQL injection in wordpress (CVE-2026-4834). Confidential information can be exposed externally.
|
| CVE-2026-6960 |
|
Unrestricted File Upload in wordpress (CVE-2026-6960)
vulnerability in wordpress (CVE-2026-6960). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4093 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-4093)
cross-site scripting in drupal (CVE-2026-4093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4929 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-4929)
cross-site scripting in drupal (CVE-2026-4929). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4843 |
|
Vulnerability in wordpress (CVE-2026-4843)
vulnerability in wordpress (CVE-2026-4843). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5118 |
|
Privilege Escalation in wordpress (CVE-2026-5118)
vulnerability in wordpress (CVE-2026-5118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6279 |
|
Vulnerability in wordpress (CVE-2026-6279)
vulnerability in wordpress (CVE-2026-6279). Successful exploitation can lead to full system takeover. Exploitable via ``wp_conditional_tags``.
|
| CVE-2026-1543 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-1543)
cross-site scripting in wordpress (CVE-2026-1543). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4811 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4811)
cross-site scripting in wordpress (CVE-2026-4811). Confidential information can be exposed externally.
|
| CVE-2026-1881 |
|
Vulnerability in wordpress (CVE-2026-1881)
vulnerability in wordpress (CVE-2026-1881). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9082 KEV |
|
[KEV] SQL Injection in drupal/core (CVE-2026-9082)
SQL injection in drupal/core (CVE-2026-9082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10` or later.
|
| CVE-2026-7613 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7613)
cross-site scripting in wordpress (CVE-2026-7613). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6728 |
|
Information Disclosure in wordpress (CVE-2026-6728)
vulnerability in wordpress (CVE-2026-6728). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9065 |
|
SQL Injection in wordpress (CVE-2026-9065)
SQL injection in wordpress (CVE-2026-9065). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6405 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6405)
vulnerability in wordpress (CVE-2026-6405). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5200 |
|
Vulnerability in wordpress (CVE-2026-5200)
vulnerability in wordpress (CVE-2026-5200). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6566 |
|
Vulnerability in wordpress (CVE-2026-6566)
vulnerability in wordpress (CVE-2026-6566). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /imagely/v1/images/{id}`.
|
| CVE-2026-7385 |
|
Vulnerability in wordpress (CVE-2026-7385)
vulnerability in wordpress (CVE-2026-7385). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5776 |
|
Vulnerability in wordpress (CVE-2026-5776)
vulnerability in wordpress (CVE-2026-5776). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2955 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2955)
cross-site scripting in wordpress (CVE-2026-2955). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5075 |
|
Information Disclosure in wordpress (CVE-2026-5075)
vulnerability in wordpress (CVE-2026-5075). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7522 |
|
Vulnerability in wordpress (CVE-2026-7522)
vulnerability in wordpress (CVE-2026-7522). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9010 |
|
SQL Injection in wordpress (CVE-2026-9010)
SQL injection in wordpress (CVE-2026-9010). Confidential information can be exposed externally.
|
| CVE-2026-7637 |
|
Unsafe Deserialization in wordpress (CVE-2026-7637)
vulnerability in wordpress (CVE-2026-7637). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15369 |
|
Vulnerability in wordpress (CVE-2025-15369)
vulnerability in wordpress (CVE-2025-15369). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8685 |
|
SQL Injection in wordpress (CVE-2026-8685)
SQL injection in wordpress (CVE-2026-8685). Confidential information can be exposed externally.
|
| CVE-2026-8420 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8420)
vulnerability in wordpress (CVE-2026-8420). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8423 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8423)
vulnerability in wordpress (CVE-2026-8423). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8424 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8424)
vulnerability in wordpress (CVE-2026-8424). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8610 |
|
Vulnerability in wordpress (CVE-2026-8610)
vulnerability in wordpress (CVE-2026-8610). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8624 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8624)
cross-site scripting in wordpress (CVE-2026-8624). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8626 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8626)
cross-site scripting in wordpress (CVE-2026-8626). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8627 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8627)
cross-site scripting in wordpress (CVE-2026-8627). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7284 |
|
Privilege Escalation in wordpress (CVE-2026-7284)
vulnerability in wordpress (CVE-2026-7284). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7462 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7462)
cross-site scripting in wordpress (CVE-2026-7462). Risk of unauthorized operations or information disclosure. Exploitable via ``page``.
|
| CVE-2026-7467 |
|
Privilege Escalation in wordpress (CVE-2026-7467)
vulnerability in wordpress (CVE-2026-7467). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7472 |
|
SQL Injection in wordpress (CVE-2026-7472)
SQL injection in wordpress (CVE-2026-7472). Confidential information can be exposed externally.
|
| CVE-2026-8038 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8038)
cross-site scripting in wordpress (CVE-2026-8038). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8418 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8418)
vulnerability in wordpress (CVE-2026-8418). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8419 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8419)
vulnerability in wordpress (CVE-2026-8419). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6400 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6400)
vulnerability in wordpress (CVE-2026-6400). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6401 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6401)
vulnerability in wordpress (CVE-2026-6401). Risk of unauthorized operations or information disclosure.
|