Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cms Clear
ID Title
CVE-2026-7650 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7650)
cross-site scripting in wordpress (CVE-2026-7650). Risk of unauthorized operations or information disclosure.
CVE-2026-5341 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5341)
cross-site scripting in wordpress (CVE-2026-5341). Risk of unauthorized operations or information disclosure. Exploitable via ``strava_nmr_connect``.
CVE-2026-7330 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7330)
cross-site scripting in wordpress (CVE-2026-7330). Risk of unauthorized operations or information disclosure.
CVE-2026-5127 Unsafe Deserialization in wordpress (CVE-2026-5127)
vulnerability in wordpress (CVE-2026-5127). Successful exploitation can lead to full system takeover.
CVE-2026-4935 SQL Injection in wordpress (CVE-2026-4935)
SQL injection in wordpress (CVE-2026-4935). Confidential information can be exposed externally.
CVE-2026-25863 Vulnerability in wordpress (CVE-2026-25863)
vulnerability in wordpress (CVE-2026-25863). Risk of unauthorized operations or information disclosure.
CVE-2026-41471 Vulnerability in wordpress (CVE-2026-41471)
vulnerability in wordpress (CVE-2026-41471). Confidential information can be exposed externally.
CVE-2026-32834 Vulnerability in wordpress (CVE-2026-32834)
vulnerability in wordpress (CVE-2026-32834). Confidential information can be exposed externally.
CVE-2026-41940 KEV [KEV] Vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-7083 Cross-Site Scripting (XSS) in wordpress (CVE-2024-7083)
cross-site scripting in wordpress (CVE-2024-7083). Risk of unauthorized operations or information disclosure.
CVE-2026-5718 Unrestricted File Upload in wordpress (CVE-2026-5718)
vulnerability in wordpress (CVE-2026-5718). Successful exploitation can lead to full system takeover.
CVE-2026-33559 Cross-Site Scripting (XSS) in wordpress (CVE-2026-33559)
cross-site scripting in wordpress (CVE-2026-33559). Risk of unauthorized operations or information disclosure.
CVE-2026-0974 Vulnerability in wordpress (CVE-2026-0974)
vulnerability in wordpress (CVE-2026-0974). Successful exploitation can lead to full system takeover.
CVE-2026-26980 SQL Injection in ghost (CVE-2026-26980)
SQL injection in ghost (CVE-2026-26980). Confidential information can be exposed externally. Mitigation: upgrade to `6.19.1` or later.
CVE-2026-0674 Vulnerability in wordpress (CVE-2026-0674)
vulnerability in wordpress (CVE-2026-0674). Risk of unauthorized operations or information disclosure.
CVE-2025-54236 KEV [KEV] Vulnerability in Adobe commerce (CVE-2025-54236)
vulnerability in Adobe commerce (CVE-2025-54236). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
CVE-2025-11570 Cross-Site Scripting (XSS) in drupal (CVE-2025-11570)
cross-site scripting in drupal (CVE-2025-11570). Risk of unauthorized operations or information disclosure.
CVE-2012-10027 Unrestricted File Upload in wordpress (CVE-2012-10027)
vulnerability in wordpress (CVE-2012-10027). Risk of unauthorized operations or information disclosure. Exploitable via ``uploadify.php``.
CVE-2023-23752 KEV [KEV] Vulnerability in Joomla! joomla (CVE-2023-23752)
vulnerability in Joomla! joomla (CVE-2023-23752). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-3907 Vulnerability in wordpress (CVE-2022-3907)
vulnerability in wordpress (CVE-2022-3907). Confidential information can be exposed externally.
CVE-2022-2356 Unrestricted File Upload in wordpress (CVE-2022-2356)
vulnerability in wordpress (CVE-2022-2356). Successful exploitation can lead to full system takeover.
CVE-2022-32114 Unrestricted File Upload in strapi (CVE-2022-32114)
vulnerability in strapi (CVE-2022-32114). Successful exploitation can lead to full system takeover.
CVE-2018-7602 KEV [KEV] Vulnerability in Drupal core (CVE-2018-7602)
vulnerability in Drupal core (CVE-2018-7602). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-28397 Unrestricted File Upload in ghost (CVE-2022-28397)
vulnerability in ghost (CVE-2022-28397). Successful exploitation can lead to full system takeover.
CVE-2019-6340 KEV [KEV] Unsafe Deserialization in Drupal core (CVE-2019-6340)
vulnerability in Drupal core (CVE-2019-6340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-13671 KEV [KEV] Unrestricted File Upload in drupal (CVE-2020-13671)
vulnerability in drupal (CVE-2020-13671). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-25213 KEV [KEV] Unrestricted File Upload in Wordpress file-manager-plugin (CVE-2020-25213)
vulnerability in Wordpress file-manager-plugin (CVE-2020-25213). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-11738 KEV [KEV] Path Traversal in Wordpress snap-creek-duplicator-plugin (CVE-2020-11738)
path traversal in Wordpress snap-creek-duplicator-plugin (CVE-2020-11738). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-9978 KEV [KEV] Cross-Site Scripting (XSS) in Wordpress social-warfare-plugin (CVE-2019-9978)
cross-site scripting in Wordpress social-warfare-plugin (CVE-2019-9978). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-7600 KEV [KEV] Vulnerability in drupal (CVE-2018-7600)
vulnerability in drupal (CVE-2018-7600). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-28707 Cross-Site Scripting (XSS) in wordpress (CVE-2020-28707)
cross-site scripting in wordpress (CVE-2020-28707). Risk of unauthorized operations or information disclosure.
CVE-2016-10704 Cross-Site Scripting (XSS) in magento (CVE-2016-10704)
cross-site scripting in magento (CVE-2016-10704). Risk of unauthorized operations or information disclosure.
CVE-2015-3302 Vulnerability in wordpress (CVE-2015-3302)
vulnerability in wordpress (CVE-2015-3302). Confidential information can be exposed externally.
CVE-2015-7666 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7666)
cross-site scripting in wordpress (CVE-2015-7666). Risk of unauthorized operations or information disclosure.
CVE-2015-7667 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7667)
cross-site scripting in wordpress (CVE-2015-7667). Risk of unauthorized operations or information disclosure.
CVE-2015-7668 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7668)
cross-site scripting in wordpress (CVE-2015-7668). Risk of unauthorized operations or information disclosure.
CVE-2015-7669 Path Traversal in wordpress (CVE-2015-7669)
path traversal in wordpress (CVE-2015-7669). Successful exploitation can lead to full system takeover.
CVE-2017-17869 The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
CVE-2011-4955 Cross-Site Scripting (XSS) in wordpress (CVE-2011-4955)
cross-site scripting in wordpress (CVE-2011-4955). Risk of unauthorized operations or information disclosure.
CVE-2017-17780 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17780)
cross-site scripting in wordpress (CVE-2017-17780). Risk of unauthorized operations or information disclosure.
CVE-2017-17719 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17719)
cross-site scripting in wordpress (CVE-2017-17719). Risk of unauthorized operations or information disclosure.
CVE-2017-17744 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17744)
cross-site scripting in wordpress (CVE-2017-17744). Risk of unauthorized operations or information disclosure.
CVE-2017-17753 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17753)
cross-site scripting in wordpress (CVE-2017-17753). Risk of unauthorized operations or information disclosure.
CVE-2017-16949 Unrestricted File Upload in wordpress (CVE-2017-16949)
vulnerability in wordpress (CVE-2017-16949). Successful exploitation can lead to full system takeover.
CVE-2017-17451 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17451)
cross-site scripting in wordpress (CVE-2017-17451). Risk of unauthorized operations or information disclosure.
CVE-2017-17096 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17096)
cross-site scripting in wordpress (CVE-2017-17096). Risk of unauthorized operations or information disclosure.
CVE-2017-17091 Vulnerability in wordpress (CVE-2017-17091)
vulnerability in wordpress (CVE-2017-17091). Successful exploitation can lead to full system takeover.
CVE-2017-17092 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17092)
cross-site scripting in wordpress (CVE-2017-17092). Risk of unauthorized operations or information disclosure.
CVE-2017-17093 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17093)
cross-site scripting in wordpress (CVE-2017-17093). Risk of unauthorized operations or information disclosure.
CVE-2017-17094 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17094)
cross-site scripting in wordpress (CVE-2017-17094). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →