Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cms Clear
ID Title
CVE-2026-6404 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6404)
cross-site scripting in wordpress (CVE-2026-6404). Risk of unauthorized operations or information disclosure.
CVE-2026-6452 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6452)
vulnerability in wordpress (CVE-2026-6452). Risk of unauthorized operations or information disclosure.
CVE-2026-6456 Authentication Bypass in wordpress (CVE-2026-6456)
authentication bypass in wordpress (CVE-2026-6456). Successful exploitation can lead to full system takeover. Exploitable via ``rememberLogin``.
CVE-2026-6549 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6549)
cross-site scripting in wordpress (CVE-2026-6549). Risk of unauthorized operations or information disclosure. Exploitable via ``vc_enamad_namad``.
CVE-2026-6555 Unrestricted File Upload in wordpress (CVE-2026-6555)
vulnerability in wordpress (CVE-2026-6555). Successful exploitation can lead to full system takeover.
CVE-2026-5293 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5293)
cross-site scripting in wordpress (CVE-2026-5293). Risk of unauthorized operations or information disclosure.
CVE-2026-6072 Vulnerability in wordpress (CVE-2026-6072)
vulnerability in wordpress (CVE-2026-6072). Confidential information can be exposed externally.
CVE-2026-6391 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6391)
vulnerability in wordpress (CVE-2026-6391). Risk of unauthorized operations or information disclosure.
CVE-2026-6394 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6394)
SSRF in wordpress (CVE-2026-6394). Risk of unauthorized operations or information disclosure.
CVE-2026-6395 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6395)
vulnerability in wordpress (CVE-2026-6395). Risk of unauthorized operations or information disclosure.
CVE-2026-6397 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6397)
cross-site scripting in wordpress (CVE-2026-6397). Risk of unauthorized operations or information disclosure. Exploitable via ``readmoretext``.
CVE-2026-6399 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6399)
cross-site scripting in wordpress (CVE-2026-6399). Risk of unauthorized operations or information disclosure.
CVE-2026-3985 SQL Injection in wordpress (CVE-2026-3985)
SQL injection in wordpress (CVE-2026-3985). Confidential information can be exposed externally.
CVE-2026-6365 Cross-Site Scripting (XSS) in drupal (CVE-2026-6365)
cross-site scripting in drupal (CVE-2026-6365). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
CVE-2026-6366 Vulnerability in drupal (CVE-2026-6366)
vulnerability in drupal (CVE-2026-6366). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
CVE-2026-6367 Cross-Site Scripting (XSS) in drupal (CVE-2026-6367)
cross-site scripting in drupal (CVE-2026-6367). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.3.7` or later.
CVE-2026-6871 Cross-Site Scripting (XSS) in drupal (CVE-2026-6871)
cross-site scripting in drupal (CVE-2026-6871). Risk of unauthorized operations or information disclosure.
CVE-2026-6095 Cross-Site Scripting (XSS) in drupal (CVE-2026-6095)
cross-site scripting in drupal (CVE-2026-6095). Risk of unauthorized operations or information disclosure.
CVE-2026-8073 Vulnerability in wordpress (CVE-2026-8073)
vulnerability in wordpress (CVE-2026-8073). Confidential information can be exposed externally.
CVE-2026-8096 Vulnerability in wordpress (CVE-2026-8096)
vulnerability in wordpress (CVE-2026-8096). Confidential information can be exposed externally.
CVE-2026-8912 SQL Injection in wordpress (CVE-2026-8912)
SQL injection in wordpress (CVE-2026-8912). Confidential information can be exposed externally.
CVE-2026-4883 Unrestricted File Upload in wordpress (CVE-2026-4883)
vulnerability in wordpress (CVE-2026-4883). Successful exploitation can lead to full system takeover.
CVE-2026-4885 Unrestricted File Upload in wordpress (CVE-2026-4885)
vulnerability in wordpress (CVE-2026-4885). Successful exploitation can lead to full system takeover.
CVE-2025-15609 Vulnerability in wordpress (CVE-2025-15609)
vulnerability in wordpress (CVE-2025-15609). Confidential information can be exposed externally.
CVE-2026-1631 Vulnerability in wordpress (CVE-2026-1631)
vulnerability in wordpress (CVE-2026-1631). Risk of unauthorized operations or information disclosure.
CVE-2026-3220 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3220)
cross-site scripting in wordpress (CVE-2026-3220). Successful exploitation can lead to full system takeover.
CVE-2026-6379 SQL Injection in wordpress (CVE-2026-6379)
SQL injection in wordpress (CVE-2026-6379). Confidential information can be exposed externally.
CVE-2026-6381 Path Traversal in wordpress (CVE-2026-6381)
path traversal in wordpress (CVE-2026-6381). Successful exploitation can lead to full system takeover.
CVE-2026-6495 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6495)
cross-site scripting in wordpress (CVE-2026-6495). Risk of unauthorized operations or information disclosure.
CVE-2018-25335 Vulnerability in wordpress (CVE-2018-25335)
vulnerability in wordpress (CVE-2018-25335). Successful exploitation can lead to full system takeover.
CVE-2018-25326 Path Traversal in wordpress (CVE-2018-25326)
path traversal in wordpress (CVE-2018-25326). Confidential information can be exposed externally.
CVE-2018-25329 Vulnerability in wordpress (CVE-2018-25329)
vulnerability in wordpress (CVE-2018-25329). Confidential information can be exposed externally.
CVE-2018-25324 Vulnerability in wordpress (CVE-2018-25324)
vulnerability in wordpress (CVE-2018-25324). Confidential information can be exposed externally.
CVE-2018-25325 Path Traversal in wordpress (CVE-2018-25325)
path traversal in wordpress (CVE-2018-25325). Confidential information can be exposed externally.
CVE-2026-8719 Privilege Escalation in wordpress (CVE-2026-8719)
vulnerability in wordpress (CVE-2026-8719). Successful exploitation can lead to full system takeover.
CVE-2021-47977 Path Traversal in wordpress (CVE-2021-47977)
path traversal in wordpress (CVE-2021-47977). Confidential information can be exposed externally.
CVE-2021-47979 Path Traversal in c (CVE-2021-47979)
path traversal in c (CVE-2021-47979). Successful exploitation can lead to full system takeover.
CVE-2021-47957 Cross-Site Scripting (XSS) in wordpress (CVE-2021-47957)
cross-site scripting in wordpress (CVE-2021-47957). Risk of unauthorized operations or information disclosure.
CVE-2020-37233 Cross-Site Scripting (XSS) in wordpress (CVE-2020-37233)
cross-site scripting in wordpress (CVE-2020-37233). Risk of unauthorized operations or information disclosure.
CVE-2020-37235 Cross-Site Scripting (XSS) in wordpress (CVE-2020-37235)
cross-site scripting in wordpress (CVE-2020-37235). Risk of unauthorized operations or information disclosure.
CVE-2025-4202 Vulnerability in wordpress (CVE-2025-4202)
vulnerability in wordpress (CVE-2025-4202). Risk of unauthorized operations or information disclosure.
CVE-2026-8681 Vulnerability in wordpress (CVE-2026-8681)
vulnerability in wordpress (CVE-2026-8681). Risk of unauthorized operations or information disclosure.
CVE-2026-46367 Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
CVE-2026-46359 phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
CVE-2026-46366 phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
CVE-2021-47965 Unrestricted File Upload in wordpress (CVE-2021-47965)
vulnerability in wordpress (CVE-2021-47965). Successful exploitation can lead to full system takeover.
CVE-2021-47959 WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
CVE-2026-7046 SQL Injection in wordpress (CVE-2026-7046)
SQL injection in wordpress (CVE-2026-7046). Confidential information can be exposed externally.
CVE-2026-4683 Vulnerability in wordpress (CVE-2026-4683)
vulnerability in wordpress (CVE-2026-4683). Risk of unauthorized operations or information disclosure.
CVE-2026-6415 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6415)
cross-site scripting in wordpress (CVE-2026-6415). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →