Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cms Clear
ID Title
CVE-2026-11402 Cross-Site Scripting (XSS) in wordpress (CVE-2026-11402)
cross-site scripting in wordpress (CVE-2026-11402). Risk of unauthorized operations or information disclosure.
CVE-2026-11358 Cross-Site Scripting (XSS) in wordpress (CVE-2026-11358)
cross-site scripting in wordpress (CVE-2026-11358). Risk of unauthorized operations or information disclosure.
CVE-2026-11777 SQL Injection in wordpress (CVE-2026-11777)
SQL injection in wordpress (CVE-2026-11777). Confidential information can be exposed externally.
CVE-2026-12120 Information Disclosure in wordpress (CVE-2026-12120)
vulnerability in wordpress (CVE-2026-12120). Risk of unauthorized operations or information disclosure.
CVE-2026-9199 Vulnerability in wordpress (CVE-2026-9199)
vulnerability in wordpress (CVE-2026-9199). Risk of unauthorized operations or information disclosure.
CVE-2026-11784 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-11784)
vulnerability in wordpress (CVE-2026-11784). Risk of unauthorized operations or information disclosure.
CVE-2026-12093 Vulnerability in wordpress (CVE-2026-12093)
vulnerability in wordpress (CVE-2026-12093). Risk of unauthorized operations or information disclosure.
CVE-2026-11776 SQL Injection in wordpress (CVE-2026-11776)
SQL injection in wordpress (CVE-2026-11776). Confidential information can be exposed externally.
CVE-2026-11357 Information Disclosure in wordpress (CVE-2026-11357)
vulnerability in wordpress (CVE-2026-11357). Risk of unauthorized operations or information disclosure.
CVE-2026-12407 Vulnerability in wordpress (CVE-2026-12407)
vulnerability in wordpress (CVE-2026-12407). Successful exploitation can lead to full system takeover.
CVE-2026-10029 Vulnerability in wordpress (CVE-2026-10029)
vulnerability in wordpress (CVE-2026-10029). Risk of unauthorized operations or information disclosure.
CVE-2026-10023 Vulnerability in wordpress (CVE-2026-10023)
vulnerability in wordpress (CVE-2026-10023). Risk of unauthorized operations or information disclosure.
CVE-2026-10736 SQL Injection in wordpress (CVE-2026-10736)
SQL injection in wordpress (CVE-2026-10736). Confidential information can be exposed externally.
CVE-2026-10623 Vulnerability in wordpress (CVE-2026-10623)
vulnerability in wordpress (CVE-2026-10623). Risk of unauthorized operations or information disclosure.
CVE-2025-69115 Vulnerability in wordpress (CVE-2025-69115)
vulnerability in wordpress (CVE-2025-69115). Successful exploitation can lead to full system takeover.
CVE-2025-69130 Unsafe Deserialization in wordpress (CVE-2025-69130)
vulnerability in wordpress (CVE-2025-69130). Successful exploitation can lead to full system takeover.
CVE-2026-8383 Vulnerability in wordpress (CVE-2026-8383)
vulnerability in wordpress (CVE-2026-8383). Risk of unauthorized operations or information disclosure. Exploitable via ``edit``.
CVE-2026-8494 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8494)
cross-site scripting in wordpress (CVE-2026-8494). Risk of unauthorized operations or information disclosure.
CVE-2026-9570 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9570)
cross-site scripting in wordpress (CVE-2026-9570). Risk of unauthorized operations or information disclosure.
CVE-2026-8607 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8607)
cross-site scripting in wordpress (CVE-2026-8607). Risk of unauthorized operations or information disclosure.
CVE-2026-7850 Vulnerability in wordpress (CVE-2026-7850)
vulnerability in wordpress (CVE-2026-7850). Risk of unauthorized operations or information disclosure.
CVE-2026-8089 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8089)
cross-site scripting in wordpress (CVE-2026-8089). Risk of unauthorized operations or information disclosure.
CVE-2026-25470 Code Injection in wordpress (CVE-2026-25470)
code injection in wordpress (CVE-2026-25470). Successful exploitation can lead to full system takeover.
CVE-2026-22343 Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
CVE-2026-22342 Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
CVE-2026-12115 Unsafe Deserialization in wordpress (CVE-2026-12115)
vulnerability in wordpress (CVE-2026-12115). Successful exploitation can lead to full system takeover.
CVE-2026-12165 Privilege Escalation in wordpress (CVE-2026-12165)
vulnerability in wordpress (CVE-2026-12165). Successful exploitation can lead to full system takeover. Exploitable via ``RegistryUserRole``.
CVE-2026-12360 SQL Injection in wordpress (CVE-2026-12360)
SQL injection in wordpress (CVE-2026-12360). Confidential information can be exposed externally.
CVE-2025-69135 Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.
CVE-2025-69129 Unrestricted File Upload in wordpress (CVE-2025-69129)
vulnerability in wordpress (CVE-2025-69129). Successful exploitation can lead to full system takeover.
CVE-2025-60223 Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
CVE-2025-69131 Path Traversal in wordpress (CVE-2025-69131)
path traversal in wordpress (CVE-2025-69131). Confidential information can be exposed externally.
CVE-2025-49403 Vulnerability in wordpress (CVE-2025-49403)
vulnerability in wordpress (CVE-2025-49403). Confidential information can be exposed externally.
CVE-2026-8442 Path Traversal in wordpress (CVE-2026-8442)
path traversal in wordpress (CVE-2026-8442). Data can be tampered with by attackers.
CVE-2026-52715 Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
CVE-2026-8176 Privilege Escalation in wordpress (CVE-2026-8176)
vulnerability in wordpress (CVE-2026-8176). Successful exploitation can lead to full system takeover.
CVE-2026-2381 Vulnerability in wordpress (CVE-2026-2381)
vulnerability in wordpress (CVE-2026-2381). Risk of unauthorized operations or information disclosure. Exploitable via ``wc_stripe_pay_for_order``.
CVE-2026-8444 SQL Injection in wordpress (CVE-2026-8444)
SQL injection in wordpress (CVE-2026-8444). Successful exploitation can lead to full system takeover.
CVE-2026-10093 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10093)
cross-site scripting in wordpress (CVE-2026-10093). Risk of unauthorized operations or information disclosure.
CVE-2026-8443 SQL Injection in wordpress (CVE-2026-8443)
SQL injection in wordpress (CVE-2026-8443). Successful exploitation can lead to full system takeover.
CVE-2026-5149 Authorization Flaw in wordpress (CVE-2026-5149)
vulnerability in wordpress (CVE-2026-5149). Confidential information can be exposed externally.
CVE-2026-10780 Vulnerability in wordpress (CVE-2026-10780)
vulnerability in wordpress (CVE-2026-10780). Risk of unauthorized operations or information disclosure.
CVE-2026-9187 Vulnerability in wordpress (CVE-2026-9187)
vulnerability in wordpress (CVE-2026-9187). Risk of unauthorized operations or information disclosure.
CVE-2026-6933 Unrestricted File Upload in wordpress (CVE-2026-6933)
vulnerability in wordpress (CVE-2026-6933). Successful exploitation can lead to full system takeover.
CVE-2026-6964 Vulnerability in wordpress (CVE-2026-6964)
vulnerability in wordpress (CVE-2026-6964). Risk of unauthorized operations or information disclosure.
CVE-2026-49776 SQL Injection in wordpress (CVE-2026-49776)
SQL injection in wordpress (CVE-2026-49776). Confidential information can be exposed externally.
CVE-2026-48964 Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
CVE-2026-40773 Vulnerability in wordpress (CVE-2026-40773)
vulnerability in wordpress (CVE-2026-40773). Data can be tampered with by attackers.
CVE-2026-39591 Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
CVE-2026-39468 Path Traversal in wordpress (CVE-2026-39468)
path traversal in wordpress (CVE-2026-39468). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →