Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-11402 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11402)
cross-site scripting in wordpress (CVE-2026-11402). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11358 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11358)
cross-site scripting in wordpress (CVE-2026-11358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11777 |
|
SQL Injection in wordpress (CVE-2026-11777)
SQL injection in wordpress (CVE-2026-11777). Confidential information can be exposed externally.
|
| CVE-2026-12120 |
|
Information Disclosure in wordpress (CVE-2026-12120)
vulnerability in wordpress (CVE-2026-12120). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9199 |
|
Vulnerability in wordpress (CVE-2026-9199)
vulnerability in wordpress (CVE-2026-9199). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11784 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-11784)
vulnerability in wordpress (CVE-2026-11784). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12093 |
|
Vulnerability in wordpress (CVE-2026-12093)
vulnerability in wordpress (CVE-2026-12093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11776 |
|
SQL Injection in wordpress (CVE-2026-11776)
SQL injection in wordpress (CVE-2026-11776). Confidential information can be exposed externally.
|
| CVE-2026-11357 |
|
Information Disclosure in wordpress (CVE-2026-11357)
vulnerability in wordpress (CVE-2026-11357). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12407 |
|
Vulnerability in wordpress (CVE-2026-12407)
vulnerability in wordpress (CVE-2026-12407). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10029 |
|
Vulnerability in wordpress (CVE-2026-10029)
vulnerability in wordpress (CVE-2026-10029). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10023 |
|
Vulnerability in wordpress (CVE-2026-10023)
vulnerability in wordpress (CVE-2026-10023). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10736 |
|
SQL Injection in wordpress (CVE-2026-10736)
SQL injection in wordpress (CVE-2026-10736). Confidential information can be exposed externally.
|
| CVE-2026-10623 |
|
Vulnerability in wordpress (CVE-2026-10623)
vulnerability in wordpress (CVE-2026-10623). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69115 |
|
Vulnerability in wordpress (CVE-2025-69115)
vulnerability in wordpress (CVE-2025-69115). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69130 |
|
Unsafe Deserialization in wordpress (CVE-2025-69130)
vulnerability in wordpress (CVE-2025-69130). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8383 |
|
Vulnerability in wordpress (CVE-2026-8383)
vulnerability in wordpress (CVE-2026-8383). Risk of unauthorized operations or information disclosure. Exploitable via ``edit``.
|
| CVE-2026-8494 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8494)
cross-site scripting in wordpress (CVE-2026-8494). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9570 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9570)
cross-site scripting in wordpress (CVE-2026-9570). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8607 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8607)
cross-site scripting in wordpress (CVE-2026-8607). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7850 |
|
Vulnerability in wordpress (CVE-2026-7850)
vulnerability in wordpress (CVE-2026-7850). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8089 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8089)
cross-site scripting in wordpress (CVE-2026-8089). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25470 |
|
Code Injection in wordpress (CVE-2026-25470)
code injection in wordpress (CVE-2026-25470). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22343 |
|
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
|
| CVE-2026-22342 |
|
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
|
| CVE-2026-12115 |
|
Unsafe Deserialization in wordpress (CVE-2026-12115)
vulnerability in wordpress (CVE-2026-12115). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12165 |
|
Privilege Escalation in wordpress (CVE-2026-12165)
vulnerability in wordpress (CVE-2026-12165). Successful exploitation can lead to full system takeover. Exploitable via ``RegistryUserRole``.
|
| CVE-2026-12360 |
|
SQL Injection in wordpress (CVE-2026-12360)
SQL injection in wordpress (CVE-2026-12360). Confidential information can be exposed externally.
|
| CVE-2025-69135 |
|
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.
|
| CVE-2025-69129 |
|
Unrestricted File Upload in wordpress (CVE-2025-69129)
vulnerability in wordpress (CVE-2025-69129). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60223 |
|
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
|
| CVE-2025-69131 |
|
Path Traversal in wordpress (CVE-2025-69131)
path traversal in wordpress (CVE-2025-69131). Confidential information can be exposed externally.
|
| CVE-2025-49403 |
|
Vulnerability in wordpress (CVE-2025-49403)
vulnerability in wordpress (CVE-2025-49403). Confidential information can be exposed externally.
|
| CVE-2026-8442 |
|
Path Traversal in wordpress (CVE-2026-8442)
path traversal in wordpress (CVE-2026-8442). Data can be tampered with by attackers.
|
| CVE-2026-52715 |
|
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
|
| CVE-2026-8176 |
|
Privilege Escalation in wordpress (CVE-2026-8176)
vulnerability in wordpress (CVE-2026-8176). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2381 |
|
Vulnerability in wordpress (CVE-2026-2381)
vulnerability in wordpress (CVE-2026-2381). Risk of unauthorized operations or information disclosure. Exploitable via ``wc_stripe_pay_for_order``.
|
| CVE-2026-8444 |
|
SQL Injection in wordpress (CVE-2026-8444)
SQL injection in wordpress (CVE-2026-8444). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10093 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10093)
cross-site scripting in wordpress (CVE-2026-10093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8443 |
|
SQL Injection in wordpress (CVE-2026-8443)
SQL injection in wordpress (CVE-2026-8443). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5149 |
|
Authorization Flaw in wordpress (CVE-2026-5149)
vulnerability in wordpress (CVE-2026-5149). Confidential information can be exposed externally.
|
| CVE-2026-10780 |
|
Vulnerability in wordpress (CVE-2026-10780)
vulnerability in wordpress (CVE-2026-10780). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9187 |
|
Vulnerability in wordpress (CVE-2026-9187)
vulnerability in wordpress (CVE-2026-9187). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6933 |
|
Unrestricted File Upload in wordpress (CVE-2026-6933)
vulnerability in wordpress (CVE-2026-6933). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6964 |
|
Vulnerability in wordpress (CVE-2026-6964)
vulnerability in wordpress (CVE-2026-6964). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49776 |
|
SQL Injection in wordpress (CVE-2026-49776)
SQL injection in wordpress (CVE-2026-49776). Confidential information can be exposed externally.
|
| CVE-2026-48964 |
|
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
|
| CVE-2026-40773 |
|
Vulnerability in wordpress (CVE-2026-40773)
vulnerability in wordpress (CVE-2026-40773). Data can be tampered with by attackers.
|
| CVE-2026-39591 |
|
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
|
| CVE-2026-39468 |
|
Path Traversal in wordpress (CVE-2026-39468)
path traversal in wordpress (CVE-2026-39468). Risk of unauthorized operations or information disclosure.
|