Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cms Clear
ID Title
CVE-2026-9018 Privilege Escalation in wordpress (CVE-2026-9018)
vulnerability in wordpress (CVE-2026-9018). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_eel_register``.
CVE-2026-9104 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9104)
cross-site scripting in wordpress (CVE-2026-9104). Risk of unauthorized operations or information disclosure.
CVE-2026-4070 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-4070)
vulnerability in wordpress (CVE-2026-4070). Risk of unauthorized operations or information disclosure.
CVE-2026-6864 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6864)
cross-site scripting in wordpress (CVE-2026-6864). Risk of unauthorized operations or information disclosure.
CVE-2026-7249 Vulnerability in wordpress (CVE-2026-7249)
vulnerability in wordpress (CVE-2026-7249). Risk of unauthorized operations or information disclosure. Exploitable via ``init``.
CVE-2026-7509 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7509)
cross-site scripting in wordpress (CVE-2026-7509). Risk of unauthorized operations or information disclosure. Exploitable via ``before``.
CVE-2026-3481 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3481)
cross-site scripting in wordpress (CVE-2026-3481). Risk of unauthorized operations or information disclosure.
CVE-2026-2518 Vulnerability in wordpress (CVE-2026-2518)
vulnerability in wordpress (CVE-2026-2518). Risk of unauthorized operations or information disclosure.
CVE-2026-4834 SQL Injection in wordpress (CVE-2026-4834)
SQL injection in wordpress (CVE-2026-4834). Confidential information can be exposed externally.
CVE-2026-6960 Unrestricted File Upload in wordpress (CVE-2026-6960)
vulnerability in wordpress (CVE-2026-6960). Successful exploitation can lead to full system takeover.
CVE-2026-4093 Cross-Site Scripting (XSS) in drupal (CVE-2026-4093)
cross-site scripting in drupal (CVE-2026-4093). Risk of unauthorized operations or information disclosure.
CVE-2026-4929 Cross-Site Scripting (XSS) in drupal (CVE-2026-4929)
cross-site scripting in drupal (CVE-2026-4929). Risk of unauthorized operations or information disclosure.
CVE-2026-4843 Vulnerability in wordpress (CVE-2026-4843)
vulnerability in wordpress (CVE-2026-4843). Risk of unauthorized operations or information disclosure.
CVE-2026-5118 Privilege Escalation in wordpress (CVE-2026-5118)
vulnerability in wordpress (CVE-2026-5118). Successful exploitation can lead to full system takeover.
CVE-2026-6279 Vulnerability in wordpress (CVE-2026-6279)
vulnerability in wordpress (CVE-2026-6279). Successful exploitation can lead to full system takeover. Exploitable via ``wp_conditional_tags``.
CVE-2026-1543 Cross-Site Scripting (XSS) in wordpress (CVE-2026-1543)
cross-site scripting in wordpress (CVE-2026-1543). Risk of unauthorized operations or information disclosure.
CVE-2026-4811 Cross-Site Scripting (XSS) in wordpress (CVE-2026-4811)
cross-site scripting in wordpress (CVE-2026-4811). Confidential information can be exposed externally.
CVE-2026-1881 Vulnerability in wordpress (CVE-2026-1881)
vulnerability in wordpress (CVE-2026-1881). Risk of unauthorized operations or information disclosure.
CVE-2026-9082 KEV [KEV] SQL Injection in drupal/core (CVE-2026-9082)
SQL injection in drupal/core (CVE-2026-9082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10` or later.
CVE-2026-7613 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7613)
cross-site scripting in wordpress (CVE-2026-7613). Risk of unauthorized operations or information disclosure.
CVE-2026-6728 Information Disclosure in wordpress (CVE-2026-6728)
vulnerability in wordpress (CVE-2026-6728). Risk of unauthorized operations or information disclosure.
CVE-2026-9065 SQL Injection in wordpress (CVE-2026-9065)
SQL injection in wordpress (CVE-2026-9065). Risk of unauthorized operations or information disclosure.
CVE-2026-6405 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6405)
vulnerability in wordpress (CVE-2026-6405). Risk of unauthorized operations or information disclosure.
CVE-2026-5200 Vulnerability in wordpress (CVE-2026-5200)
vulnerability in wordpress (CVE-2026-5200). Successful exploitation can lead to full system takeover.
CVE-2026-6566 Vulnerability in wordpress (CVE-2026-6566)
vulnerability in wordpress (CVE-2026-6566). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /imagely/v1/images/{id}`.
CVE-2026-7385 Vulnerability in wordpress (CVE-2026-7385)
vulnerability in wordpress (CVE-2026-7385). Risk of unauthorized operations or information disclosure.
CVE-2026-5776 Vulnerability in wordpress (CVE-2026-5776)
vulnerability in wordpress (CVE-2026-5776). Risk of unauthorized operations or information disclosure.
CVE-2026-2955 Cross-Site Scripting (XSS) in wordpress (CVE-2026-2955)
cross-site scripting in wordpress (CVE-2026-2955). Risk of unauthorized operations or information disclosure.
CVE-2026-5075 Information Disclosure in wordpress (CVE-2026-5075)
vulnerability in wordpress (CVE-2026-5075). Risk of unauthorized operations or information disclosure.
CVE-2026-7522 Vulnerability in wordpress (CVE-2026-7522)
vulnerability in wordpress (CVE-2026-7522). Successful exploitation can lead to full system takeover.
CVE-2026-9010 SQL Injection in wordpress (CVE-2026-9010)
SQL injection in wordpress (CVE-2026-9010). Confidential information can be exposed externally.
CVE-2026-7637 Unsafe Deserialization in wordpress (CVE-2026-7637)
vulnerability in wordpress (CVE-2026-7637). Successful exploitation can lead to full system takeover.
CVE-2025-15369 Vulnerability in wordpress (CVE-2025-15369)
vulnerability in wordpress (CVE-2025-15369). Risk of unauthorized operations or information disclosure.
CVE-2026-8685 SQL Injection in wordpress (CVE-2026-8685)
SQL injection in wordpress (CVE-2026-8685). Confidential information can be exposed externally.
CVE-2026-8420 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8420)
vulnerability in wordpress (CVE-2026-8420). Risk of unauthorized operations or information disclosure.
CVE-2026-8423 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8423)
vulnerability in wordpress (CVE-2026-8423). Risk of unauthorized operations or information disclosure.
CVE-2026-8424 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8424)
vulnerability in wordpress (CVE-2026-8424). Risk of unauthorized operations or information disclosure.
CVE-2026-8610 Vulnerability in wordpress (CVE-2026-8610)
vulnerability in wordpress (CVE-2026-8610). Risk of unauthorized operations or information disclosure.
CVE-2026-8624 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8624)
cross-site scripting in wordpress (CVE-2026-8624). Risk of unauthorized operations or information disclosure.
CVE-2026-8626 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8626)
cross-site scripting in wordpress (CVE-2026-8626). Risk of unauthorized operations or information disclosure.
CVE-2026-8627 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8627)
cross-site scripting in wordpress (CVE-2026-8627). Risk of unauthorized operations or information disclosure.
CVE-2026-7284 Privilege Escalation in wordpress (CVE-2026-7284)
vulnerability in wordpress (CVE-2026-7284). Successful exploitation can lead to full system takeover.
CVE-2026-7462 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7462)
cross-site scripting in wordpress (CVE-2026-7462). Risk of unauthorized operations or information disclosure. Exploitable via ``page``.
CVE-2026-7467 Privilege Escalation in wordpress (CVE-2026-7467)
vulnerability in wordpress (CVE-2026-7467). Successful exploitation can lead to full system takeover.
CVE-2026-7472 SQL Injection in wordpress (CVE-2026-7472)
SQL injection in wordpress (CVE-2026-7472). Confidential information can be exposed externally.
CVE-2026-8038 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8038)
cross-site scripting in wordpress (CVE-2026-8038). Risk of unauthorized operations or information disclosure.
CVE-2026-8418 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8418)
vulnerability in wordpress (CVE-2026-8418). Risk of unauthorized operations or information disclosure.
CVE-2026-8419 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8419)
vulnerability in wordpress (CVE-2026-8419). Risk of unauthorized operations or information disclosure.
CVE-2026-6400 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6400)
vulnerability in wordpress (CVE-2026-6400). Risk of unauthorized operations or information disclosure.
CVE-2026-6401 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6401)
vulnerability in wordpress (CVE-2026-6401). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →