Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-7650 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7650)
cross-site scripting in wordpress (CVE-2026-7650). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5341 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5341)
cross-site scripting in wordpress (CVE-2026-5341). Risk of unauthorized operations or information disclosure. Exploitable via ``strava_nmr_connect``.
|
| CVE-2026-7330 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7330)
cross-site scripting in wordpress (CVE-2026-7330). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5127 |
|
Unsafe Deserialization in wordpress (CVE-2026-5127)
vulnerability in wordpress (CVE-2026-5127). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4935 |
|
SQL Injection in wordpress (CVE-2026-4935)
SQL injection in wordpress (CVE-2026-4935). Confidential information can be exposed externally.
|
| CVE-2026-25863 |
|
Vulnerability in wordpress (CVE-2026-25863)
vulnerability in wordpress (CVE-2026-25863). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41471 |
|
Vulnerability in wordpress (CVE-2026-41471)
vulnerability in wordpress (CVE-2026-41471). Confidential information can be exposed externally.
|
| CVE-2026-32834 |
|
Vulnerability in wordpress (CVE-2026-32834)
vulnerability in wordpress (CVE-2026-32834). Confidential information can be exposed externally.
|
| CVE-2026-41940 KEV |
|
[KEV] Vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-7083 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2024-7083)
cross-site scripting in wordpress (CVE-2024-7083). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5718 |
|
Unrestricted File Upload in wordpress (CVE-2026-5718)
vulnerability in wordpress (CVE-2026-5718). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33559 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-33559)
cross-site scripting in wordpress (CVE-2026-33559). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0974 |
|
Vulnerability in wordpress (CVE-2026-0974)
vulnerability in wordpress (CVE-2026-0974). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26980 |
|
SQL Injection in ghost (CVE-2026-26980)
SQL injection in ghost (CVE-2026-26980). Confidential information can be exposed externally. Mitigation: upgrade to `6.19.1` or later.
|
| CVE-2026-0674 |
|
Vulnerability in wordpress (CVE-2026-0674)
vulnerability in wordpress (CVE-2026-0674). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-54236 KEV |
|
[KEV] Vulnerability in Adobe commerce (CVE-2025-54236)
vulnerability in Adobe commerce (CVE-2025-54236). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2025-11570 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2025-11570)
cross-site scripting in drupal (CVE-2025-11570). Risk of unauthorized operations or information disclosure.
|
| CVE-2012-10027 |
|
Unrestricted File Upload in wordpress (CVE-2012-10027)
vulnerability in wordpress (CVE-2012-10027). Risk of unauthorized operations or information disclosure. Exploitable via ``uploadify.php``.
|
| CVE-2023-23752 KEV |
|
[KEV] Vulnerability in Joomla! joomla (CVE-2023-23752)
vulnerability in Joomla! joomla (CVE-2023-23752). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-3907 |
|
Vulnerability in wordpress (CVE-2022-3907)
vulnerability in wordpress (CVE-2022-3907). Confidential information can be exposed externally.
|
| CVE-2022-2356 |
|
Unrestricted File Upload in wordpress (CVE-2022-2356)
vulnerability in wordpress (CVE-2022-2356). Successful exploitation can lead to full system takeover.
|
| CVE-2022-32114 |
|
Unrestricted File Upload in strapi (CVE-2022-32114)
vulnerability in strapi (CVE-2022-32114). Successful exploitation can lead to full system takeover.
|
| CVE-2018-7602 KEV |
|
[KEV] Vulnerability in Drupal core (CVE-2018-7602)
vulnerability in Drupal core (CVE-2018-7602). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-28397 |
|
Unrestricted File Upload in ghost (CVE-2022-28397)
vulnerability in ghost (CVE-2022-28397). Successful exploitation can lead to full system takeover.
|
| CVE-2019-6340 KEV |
|
[KEV] Unsafe Deserialization in Drupal core (CVE-2019-6340)
vulnerability in Drupal core (CVE-2019-6340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-13671 KEV |
|
[KEV] Unrestricted File Upload in drupal (CVE-2020-13671)
vulnerability in drupal (CVE-2020-13671). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-25213 KEV |
|
[KEV] Unrestricted File Upload in Wordpress file-manager-plugin (CVE-2020-25213)
vulnerability in Wordpress file-manager-plugin (CVE-2020-25213). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-11738 KEV |
|
[KEV] Path Traversal in Wordpress snap-creek-duplicator-plugin (CVE-2020-11738)
path traversal in Wordpress snap-creek-duplicator-plugin (CVE-2020-11738). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-9978 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Wordpress social-warfare-plugin (CVE-2019-9978)
cross-site scripting in Wordpress social-warfare-plugin (CVE-2019-9978). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-7600 KEV |
|
[KEV] Vulnerability in drupal (CVE-2018-7600)
vulnerability in drupal (CVE-2018-7600). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-28707 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2020-28707)
cross-site scripting in wordpress (CVE-2020-28707). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-10704 |
|
Cross-Site Scripting (XSS) in magento (CVE-2016-10704)
cross-site scripting in magento (CVE-2016-10704). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-3302 |
|
Vulnerability in wordpress (CVE-2015-3302)
vulnerability in wordpress (CVE-2015-3302). Confidential information can be exposed externally.
|
| CVE-2015-7666 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2015-7666)
cross-site scripting in wordpress (CVE-2015-7666). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-7667 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2015-7667)
cross-site scripting in wordpress (CVE-2015-7667). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-7668 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2015-7668)
cross-site scripting in wordpress (CVE-2015-7668). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-7669 |
|
Path Traversal in wordpress (CVE-2015-7669)
path traversal in wordpress (CVE-2015-7669). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17869 |
|
The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
|
| CVE-2011-4955 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2011-4955)
cross-site scripting in wordpress (CVE-2011-4955). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-17780 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-17780)
cross-site scripting in wordpress (CVE-2017-17780). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-17719 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-17719)
cross-site scripting in wordpress (CVE-2017-17719). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-17744 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-17744)
cross-site scripting in wordpress (CVE-2017-17744). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-17753 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-17753)
cross-site scripting in wordpress (CVE-2017-17753). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-16949 |
|
Unrestricted File Upload in wordpress (CVE-2017-16949)
vulnerability in wordpress (CVE-2017-16949). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17451 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-17451)
cross-site scripting in wordpress (CVE-2017-17451). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-17096 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-17096)
cross-site scripting in wordpress (CVE-2017-17096). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-17091 |
|
Vulnerability in wordpress (CVE-2017-17091)
vulnerability in wordpress (CVE-2017-17091). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17092 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-17092)
cross-site scripting in wordpress (CVE-2017-17092). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-17093 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-17093)
cross-site scripting in wordpress (CVE-2017-17093). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-17094 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2017-17094)
cross-site scripting in wordpress (CVE-2017-17094). Risk of unauthorized operations or information disclosure.
|