Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9570 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9570)
cross-site scripting in wordpress (CVE-2026-9570). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8089 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8089)
cross-site scripting in wordpress (CVE-2026-8089). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22342 |
|
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
|
| CVE-2026-22343 |
|
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
|
| CVE-2026-12165 |
|
Privilege Escalation in wordpress (CVE-2026-12165)
vulnerability in wordpress (CVE-2026-12165). Successful exploitation can lead to full system takeover. Exploitable via ``RegistryUserRole``.
|
| CVE-2026-12360 |
|
SQL Injection in wordpress (CVE-2026-12360)
SQL injection in wordpress (CVE-2026-12360). Confidential information can be exposed externally.
|
| CVE-2025-69135 |
|
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin <= 2.7.2 versions.
|
| CVE-2025-60223 |
|
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 13.6.5 versions.
|
| CVE-2025-69131 |
|
Path Traversal in wordpress (CVE-2025-69131)
path traversal in wordpress (CVE-2025-69131). Confidential information can be exposed externally.
|
| CVE-2025-49403 |
|
Vulnerability in wordpress (CVE-2025-49403)
vulnerability in wordpress (CVE-2025-49403). Confidential information can be exposed externally.
|
| CVE-2026-8442 |
|
Path Traversal in wordpress (CVE-2026-8442)
path traversal in wordpress (CVE-2026-8442). Data can be tampered with by attackers.
|
| CVE-2026-8176 |
|
Privilege Escalation in wordpress (CVE-2026-8176)
vulnerability in wordpress (CVE-2026-8176). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8444 |
|
SQL Injection in wordpress (CVE-2026-8444)
SQL injection in wordpress (CVE-2026-8444). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6933 |
|
Unrestricted File Upload in wordpress (CVE-2026-6933)
vulnerability in wordpress (CVE-2026-6933). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8443 |
|
SQL Injection in wordpress (CVE-2026-8443)
SQL injection in wordpress (CVE-2026-8443). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48964 |
|
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
|
| CVE-2019-25746 |
|
SQL Injection in wordpress (CVE-2019-25746)
SQL injection in wordpress (CVE-2019-25746). Confidential information can be exposed externally.
|
| CVE-2018-25437 |
|
Vulnerability in wordpress (CVE-2018-25437)
vulnerability in wordpress (CVE-2018-25437). Confidential information can be exposed externally.
|
| CVE-2016-20084 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2016-20084)
cross-site scripting in wordpress (CVE-2016-20084). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-20081 |
|
Path Traversal in wordpress (CVE-2016-20081)
path traversal in wordpress (CVE-2016-20081). Confidential information can be exposed externally.
|
| CVE-2016-20076 |
|
Path Traversal in wordpress (CVE-2016-20076)
path traversal in wordpress (CVE-2016-20076). Confidential information can be exposed externally.
|
| CVE-2016-20075 |
|
Authorization Flaw in wordpress (CVE-2016-20075)
vulnerability in wordpress (CVE-2016-20075). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20073 |
|
SQL Injection in wordpress (CVE-2016-20073)
SQL injection in wordpress (CVE-2016-20073). Confidential information can be exposed externally.
|
| CVE-2016-20072 |
|
SQL Injection in wordpress (CVE-2016-20072)
SQL injection in wordpress (CVE-2016-20072). Confidential information can be exposed externally.
|
| CVE-2016-20071 |
|
SQL Injection in wordpress (CVE-2016-20071)
SQL injection in wordpress (CVE-2016-20071). Confidential information can be exposed externally.
|
| CVE-2016-20069 |
|
SQL Injection in wordpress (CVE-2016-20069)
SQL injection in wordpress (CVE-2016-20069). Confidential information can be exposed externally.
|
| CVE-2016-20068 |
|
SQL Injection in wordpress (CVE-2016-20068)
SQL injection in wordpress (CVE-2016-20068). Confidential information can be exposed externally.
|
| CVE-2016-20066 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2016-20066)
cross-site scripting in wordpress (CVE-2016-20066). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5513 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5513)
cross-site scripting in wordpress (CVE-2026-5513). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9109 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9109)
cross-site scripting in wordpress (CVE-2026-9109). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9848 |
|
SQL Injection in wordpress (CVE-2026-9848)
SQL injection in wordpress (CVE-2026-9848). Confidential information can be exposed externally. Exploitable via ``posts_request``.
|
| CVE-2026-46697 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46697)
SSRF in wordpress (CVE-2026-46697). Confidential information can be exposed externally.
|
| CVE-2026-10795 |
|
Vulnerability in wordpress (CVE-2026-10795)
vulnerability in wordpress (CVE-2026-10795). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3018 |
|
SQL Injection in wordpress (CVE-2026-3018)
SQL injection in wordpress (CVE-2026-3018). Confidential information can be exposed externally.
|
| CVE-2026-8071 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8071)
cross-site scripting in wordpress (CVE-2026-8071). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3326 |
|
SQL Injection in wordpress (CVE-2026-3326)
SQL injection in wordpress (CVE-2026-3326). Confidential information can be exposed externally.
|
| CVE-2017-20250 |
|
Path Traversal in wordpress (CVE-2017-20250)
path traversal in wordpress (CVE-2017-20250). Confidential information can be exposed externally.
|
| CVE-2017-20247 |
|
SQL Injection in wordpress (CVE-2017-20247)
SQL injection in wordpress (CVE-2017-20247). Confidential information can be exposed externally.
|
| CVE-2017-20246 |
|
SQL Injection in wordpress (CVE-2017-20246)
SQL injection in wordpress (CVE-2017-20246). Confidential information can be exposed externally.
|
| CVE-2017-20245 |
|
SQL Injection in wordpress (CVE-2017-20245)
SQL injection in wordpress (CVE-2017-20245). Confidential information can be exposed externally.
|
| CVE-2017-20244 |
|
SQL Injection in wordpress (CVE-2017-20244)
SQL injection in wordpress (CVE-2017-20244). Confidential information can be exposed externally.
|
| CVE-2017-20243 |
|
SQL Injection in wordpress (CVE-2017-20243)
SQL injection in wordpress (CVE-2017-20243). Confidential information can be exposed externally.
|
| CVE-2016-20065 |
|
SQL Injection in wordpress (CVE-2016-20065)
SQL injection in wordpress (CVE-2016-20065). Confidential information can be exposed externally.
|
| CVE-2016-20062 |
|
SQL Injection in wordpress (CVE-2016-20062)
SQL injection in wordpress (CVE-2016-20062). Confidential information can be exposed externally.
|
| CVE-2026-8365 |
|
Unsafe Deserialization in wordpress (CVE-2026-8365)
vulnerability in wordpress (CVE-2026-8365). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11616 |
|
Privilege Escalation in wordpress (CVE-2026-11616)
vulnerability in wordpress (CVE-2026-11616). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9662 |
|
Vulnerability in wordpress (CVE-2026-9662)
vulnerability in wordpress (CVE-2026-9662). Successful exploitation can lead to full system takeover. Exploitable via ``tpf``.
|
| CVE-2026-9185 |
|
Vulnerability in wordpress (CVE-2026-9185)
vulnerability in wordpress (CVE-2026-9185). Confidential information can be exposed externally. Exploitable via ``userId``.
|
| CVE-2026-7556 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7556)
cross-site scripting in wordpress (CVE-2026-7556). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-54350 |
|
Vulnerability in c (CVE-2023-54350)
vulnerability in c (CVE-2023-54350). Confidential information can be exposed externally.
|