Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-6404 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6404)
cross-site scripting in wordpress (CVE-2026-6404). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6452 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6452)
vulnerability in wordpress (CVE-2026-6452). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6456 |
|
Authentication Bypass in wordpress (CVE-2026-6456)
authentication bypass in wordpress (CVE-2026-6456). Successful exploitation can lead to full system takeover. Exploitable via ``rememberLogin``.
|
| CVE-2026-6549 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6549)
cross-site scripting in wordpress (CVE-2026-6549). Risk of unauthorized operations or information disclosure. Exploitable via ``vc_enamad_namad``.
|
| CVE-2026-6555 |
|
Unrestricted File Upload in wordpress (CVE-2026-6555)
vulnerability in wordpress (CVE-2026-6555). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5293 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5293)
cross-site scripting in wordpress (CVE-2026-5293). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6072 |
|
Vulnerability in wordpress (CVE-2026-6072)
vulnerability in wordpress (CVE-2026-6072). Confidential information can be exposed externally.
|
| CVE-2026-6391 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6391)
vulnerability in wordpress (CVE-2026-6391). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6394 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6394)
SSRF in wordpress (CVE-2026-6394). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6395 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6395)
vulnerability in wordpress (CVE-2026-6395). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6397 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6397)
cross-site scripting in wordpress (CVE-2026-6397). Risk of unauthorized operations or information disclosure. Exploitable via ``readmoretext``.
|
| CVE-2026-6399 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6399)
cross-site scripting in wordpress (CVE-2026-6399). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3985 |
|
SQL Injection in wordpress (CVE-2026-3985)
SQL injection in wordpress (CVE-2026-3985). Confidential information can be exposed externally.
|
| CVE-2026-6365 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6365)
cross-site scripting in drupal (CVE-2026-6365). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
|
| CVE-2026-6366 |
|
Vulnerability in drupal (CVE-2026-6366)
vulnerability in drupal (CVE-2026-6366). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
|
| CVE-2026-6367 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6367)
cross-site scripting in drupal (CVE-2026-6367). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.3.7` or later.
|
| CVE-2026-6871 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6871)
cross-site scripting in drupal (CVE-2026-6871). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6095 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6095)
cross-site scripting in drupal (CVE-2026-6095). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8073 |
|
Vulnerability in wordpress (CVE-2026-8073)
vulnerability in wordpress (CVE-2026-8073). Confidential information can be exposed externally.
|
| CVE-2026-8096 |
|
Vulnerability in wordpress (CVE-2026-8096)
vulnerability in wordpress (CVE-2026-8096). Confidential information can be exposed externally.
|
| CVE-2026-8912 |
|
SQL Injection in wordpress (CVE-2026-8912)
SQL injection in wordpress (CVE-2026-8912). Confidential information can be exposed externally.
|
| CVE-2026-4883 |
|
Unrestricted File Upload in wordpress (CVE-2026-4883)
vulnerability in wordpress (CVE-2026-4883). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4885 |
|
Unrestricted File Upload in wordpress (CVE-2026-4885)
vulnerability in wordpress (CVE-2026-4885). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15609 |
|
Vulnerability in wordpress (CVE-2025-15609)
vulnerability in wordpress (CVE-2025-15609). Confidential information can be exposed externally.
|
| CVE-2026-1631 |
|
Vulnerability in wordpress (CVE-2026-1631)
vulnerability in wordpress (CVE-2026-1631). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3220 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3220)
cross-site scripting in wordpress (CVE-2026-3220). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6379 |
|
SQL Injection in wordpress (CVE-2026-6379)
SQL injection in wordpress (CVE-2026-6379). Confidential information can be exposed externally.
|
| CVE-2026-6381 |
|
Path Traversal in wordpress (CVE-2026-6381)
path traversal in wordpress (CVE-2026-6381). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6495 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6495)
cross-site scripting in wordpress (CVE-2026-6495). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25335 |
|
Vulnerability in wordpress (CVE-2018-25335)
vulnerability in wordpress (CVE-2018-25335). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25326 |
|
Path Traversal in wordpress (CVE-2018-25326)
path traversal in wordpress (CVE-2018-25326). Confidential information can be exposed externally.
|
| CVE-2018-25329 |
|
Vulnerability in wordpress (CVE-2018-25329)
vulnerability in wordpress (CVE-2018-25329). Confidential information can be exposed externally.
|
| CVE-2018-25324 |
|
Vulnerability in wordpress (CVE-2018-25324)
vulnerability in wordpress (CVE-2018-25324). Confidential information can be exposed externally.
|
| CVE-2018-25325 |
|
Path Traversal in wordpress (CVE-2018-25325)
path traversal in wordpress (CVE-2018-25325). Confidential information can be exposed externally.
|
| CVE-2026-8719 |
|
Privilege Escalation in wordpress (CVE-2026-8719)
vulnerability in wordpress (CVE-2026-8719). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47977 |
|
Path Traversal in wordpress (CVE-2021-47977)
path traversal in wordpress (CVE-2021-47977). Confidential information can be exposed externally.
|
| CVE-2021-47979 |
|
Path Traversal in c (CVE-2021-47979)
path traversal in c (CVE-2021-47979). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47957 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2021-47957)
cross-site scripting in wordpress (CVE-2021-47957). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37233 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2020-37233)
cross-site scripting in wordpress (CVE-2020-37233). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37235 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2020-37235)
cross-site scripting in wordpress (CVE-2020-37235). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-4202 |
|
Vulnerability in wordpress (CVE-2025-4202)
vulnerability in wordpress (CVE-2025-4202). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8681 |
|
Vulnerability in wordpress (CVE-2026-8681)
vulnerability in wordpress (CVE-2026-8681). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46367 |
|
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
|
| CVE-2026-46359 |
|
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
|
| CVE-2026-46366 |
|
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
|
| CVE-2021-47965 |
|
Unrestricted File Upload in wordpress (CVE-2021-47965)
vulnerability in wordpress (CVE-2021-47965). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47959 |
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
|
| CVE-2026-7046 |
|
SQL Injection in wordpress (CVE-2026-7046)
SQL injection in wordpress (CVE-2026-7046). Confidential information can be exposed externally.
|
| CVE-2026-4683 |
|
Vulnerability in wordpress (CVE-2026-4683)
vulnerability in wordpress (CVE-2026-4683). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6415 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6415)
cross-site scripting in wordpress (CVE-2026-6415). Risk of unauthorized operations or information disclosure.
|