Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-7517 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7517)
cross-site scripting in wordpress (CVE-2026-7517). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12923 |
|
Vulnerability in wordpress (CVE-2026-12923)
vulnerability in wordpress (CVE-2026-12923). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13468 |
|
Vulnerability in wordpress (CVE-2026-13468)
vulnerability in wordpress (CVE-2026-13468). Confidential information can be exposed externally.
|
| CVE-2026-10513 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10513)
cross-site scripting in wordpress (CVE-2026-10513). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8141 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8141)
cross-site scripting in wordpress (CVE-2026-8141). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12240 |
|
Unsafe Deserialization in wordpress (CVE-2026-12240)
vulnerability in wordpress (CVE-2026-12240). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11590 |
|
Vulnerability in wordpress (CVE-2026-11590)
vulnerability in wordpress (CVE-2026-11590). Confidential information can be exposed externally.
|
| CVE-2026-11589 |
|
Vulnerability in wordpress (CVE-2026-11589)
vulnerability in wordpress (CVE-2026-11589). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10083 |
|
Vulnerability in wordpress (CVE-2026-10083)
vulnerability in wordpress (CVE-2026-10083). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8095 |
|
Vulnerability in wordpress (CVE-2026-8095)
vulnerability in wordpress (CVE-2026-8095). Data can be tampered with by attackers.
|
| CVE-2026-10820 |
|
Vulnerability in wordpress (CVE-2026-10820)
vulnerability in wordpress (CVE-2026-10820). Data can be tampered with by attackers.
|
| CVE-2026-56011 |
|
Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
|
| CVE-2025-68063 |
|
Vulnerability in wordpress (CVE-2025-68063)
vulnerability in wordpress (CVE-2025-68063). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10835 |
|
Vulnerability in wordpress (CVE-2026-10835)
vulnerability in wordpress (CVE-2026-10835). Confidential information can be exposed externally.
|
| CVE-2026-10823 |
|
Vulnerability in wordpress (CVE-2026-10823)
vulnerability in wordpress (CVE-2026-10823). Confidential information can be exposed externally.
|
| CVE-2026-9702 |
|
Vulnerability in wordpress (CVE-2026-9702)
vulnerability in wordpress (CVE-2026-9702). Data can be tampered with by attackers.
|
| CVE-2026-5305 |
|
Vulnerability in wordpress (CVE-2026-5305)
vulnerability in wordpress (CVE-2026-5305). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12937 |
|
SQL Injection in wordpress (CVE-2026-12937)
SQL injection in wordpress (CVE-2026-12937). Confidential information can be exposed externally.
|
| CVE-2026-12077 |
|
SQL Injection in wordpress (CVE-2026-12077)
SQL injection in wordpress (CVE-2026-12077). Confidential information can be exposed externally.
|
| CVE-2026-12242 |
|
Code Injection in wordpress (CVE-2026-12242)
code injection in wordpress (CVE-2026-12242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7761 |
|
Vulnerability in wordpress (CVE-2026-7761)
vulnerability in wordpress (CVE-2026-7761). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9710 |
|
Vulnerability in wordpress (CVE-2026-9710)
vulnerability in wordpress (CVE-2026-9710). Confidential information can be exposed externally. Exploitable via ``cornerstone``.
|
| CVE-2026-9709 |
|
Vulnerability in wordpress (CVE-2026-9709)
vulnerability in wordpress (CVE-2026-9709). Confidential information can be exposed externally. Exploitable via ``cornerstone``.
|
| CVE-2026-9643 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9643)
cross-site scripting in wordpress (CVE-2026-9643). Risk of unauthorized operations or information disclosure. Exploitable via ``wp_wpms_links.link_url``.
|
| CVE-2026-9179 |
|
SQL Injection in wordpress (CVE-2026-9179)
SQL injection in wordpress (CVE-2026-9179). Confidential information can be exposed externally.
|
| CVE-2026-9178 |
|
Vulnerability in wordpress (CVE-2026-9178)
vulnerability in wordpress (CVE-2026-9178). Confidential information can be exposed externally.
|
| CVE-2026-8705 |
|
SQL Injection in wordpress (CVE-2026-8705)
SQL injection in wordpress (CVE-2026-8705). Confidential information can be exposed externally. Exploitable via ``clearsale_total_push``.
|
| CVE-2026-4297 |
|
Vulnerability in wordpress (CVE-2026-4297)
vulnerability in wordpress (CVE-2026-4297). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12100 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-12100)
SSRF in wordpress (CVE-2026-12100). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12095 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-12095)
SSRF in wordpress (CVE-2026-12095). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10749 |
|
Vulnerability in wordpress (CVE-2026-10749)
vulnerability in wordpress (CVE-2026-10749). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10735 |
|
Vulnerability in wordpress (CVE-2026-10735)
vulnerability in wordpress (CVE-2026-10735). Confidential information can be exposed externally.
|
| CVE-2026-10092 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10092)
cross-site scripting in wordpress (CVE-2026-10092). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10091 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10091)
cross-site scripting in wordpress (CVE-2026-10091). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3652 |
|
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
|
| CVE-2026-8379 |
|
Vulnerability in wordpress (CVE-2026-8379)
vulnerability in wordpress (CVE-2026-8379). Confidential information can be exposed externally.
|
| CVE-2026-8172 |
|
Vulnerability in wordpress (CVE-2026-8172)
vulnerability in wordpress (CVE-2026-8172). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8163 |
|
Vulnerability in wordpress (CVE-2026-8163)
vulnerability in wordpress (CVE-2026-8163). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8157 |
|
Privilege Escalation in wordpress (CVE-2026-8157)
vulnerability in wordpress (CVE-2026-8157). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4259 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4259)
cross-site scripting in wordpress (CVE-2026-4259). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6858 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6858)
cross-site scripting in wordpress (CVE-2026-6858). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37255 |
|
Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
|
| CVE-2026-11911 |
|
Path Traversal in wordpress (CVE-2026-11911)
path traversal in wordpress (CVE-2026-11911). Confidential information can be exposed externally.
|
| CVE-2026-11912 |
|
Vulnerability in wordpress (CVE-2026-11912)
vulnerability in wordpress (CVE-2026-11912). Data can be tampered with by attackers.
|
| CVE-2026-9843 |
|
Path Traversal in wordpress (CVE-2026-9843)
path traversal in wordpress (CVE-2026-9843). Data can be tampered with by attackers.
|
| CVE-2026-11395 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-11395)
SSRF in wordpress (CVE-2026-11395). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9860 |
|
Unrestricted File Upload in wordpress (CVE-2026-9860)
vulnerability in wordpress (CVE-2026-9860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12407 |
|
Vulnerability in wordpress (CVE-2026-12407)
vulnerability in wordpress (CVE-2026-12407). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69130 |
|
Unsafe Deserialization in wordpress (CVE-2025-69130)
vulnerability in wordpress (CVE-2025-69130). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69115 |
|
Vulnerability in wordpress (CVE-2025-69115)
vulnerability in wordpress (CVE-2025-69115). Successful exploitation can lead to full system takeover.
|