Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cms Clear
ID Title
CVE-2026-58480 Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary...
Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary...
CVE-2026-12153 Vulnerability in wordpress (CVE-2026-12153)
vulnerability in wordpress (CVE-2026-12153). Successful exploitation can lead to full system takeover.
CVE-2026-9701 Vulnerability in wordpress (CVE-2026-9701)
vulnerability in wordpress (CVE-2026-9701). Successful exploitation can lead to full system takeover. Exploitable via ``eventer_verification_code``.
CVE-2026-14487 Path Traversal in wordpress (CVE-2026-14487)
path traversal in wordpress (CVE-2026-14487). Data can be tampered with by attackers.
CVE-2026-12375 Vulnerability in wordpress (CVE-2026-12375)
vulnerability in wordpress (CVE-2026-12375). Successful exploitation can lead to full system takeover.
CVE-2026-14345 Unrestricted File Upload in wordpress (CVE-2026-14345)
vulnerability in wordpress (CVE-2026-14345). Successful exploitation can lead to full system takeover.
CVE-2026-4375 Vulnerability in wordpress (CVE-2026-4375)
vulnerability in wordpress (CVE-2026-4375). Successful exploitation can lead to full system takeover.
CVE-2026-6382 Vulnerability in wordpress (CVE-2026-6382)
vulnerability in wordpress (CVE-2026-6382). Successful exploitation can lead to full system takeover.
CVE-2026-9725 Path Traversal in wordpress (CVE-2026-9725)
path traversal in wordpress (CVE-2026-9725). Data can be tampered with by attackers.
CVE-2026-5524 Unrestricted File Upload in wordpress (CVE-2026-5524)
vulnerability in wordpress (CVE-2026-5524). Successful exploitation can lead to full system takeover.
CVE-2026-11387 Authentication Bypass in wordpress (CVE-2026-11387)
authentication bypass in wordpress (CVE-2026-11387). Successful exploitation can lead to full system takeover.
CVE-2026-6070 Vulnerability in wordpress (CVE-2026-6070)
vulnerability in wordpress (CVE-2026-6070). Data can be tampered with by attackers.
CVE-2026-9711 SQL Injection in wordpress (CVE-2026-9711)
SQL injection in wordpress (CVE-2026-9711). Successful exploitation can lead to full system takeover.
CVE-2026-12073 Vulnerability in wordpress (CVE-2026-12073)
vulnerability in wordpress (CVE-2026-12073). Successful exploitation can lead to full system takeover. Exploitable via ``user_login``.
CVE-2026-12415 Privilege Escalation in wordpress (CVE-2026-12415)
vulnerability in wordpress (CVE-2026-12415). Successful exploitation can lead to full system takeover.
CVE-2026-12417 Vulnerability in wordpress (CVE-2026-12417)
vulnerability in wordpress (CVE-2026-12417). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_pravel_change_password``.
CVE-2026-12416 Vulnerability in wordpress (CVE-2026-12416)
vulnerability in wordpress (CVE-2026-12416). Successful exploitation can lead to full system takeover. Exploitable via ``reset_activation_code``.
CVE-2019-25763 Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
CVE-2026-11551 Vulnerability in wordpress (CVE-2026-11551)
vulnerability in wordpress (CVE-2026-11551). Successful exploitation can lead to full system takeover.
CVE-2026-8713 Path Traversal in wordpress (CVE-2026-8713)
path traversal in wordpress (CVE-2026-8713). Data can be tampered with by attackers.
CVE-2026-7515 Vulnerability in wordpress (CVE-2026-7515)
vulnerability in wordpress (CVE-2026-7515). Successful exploitation can lead to full system takeover. Exploitable via ``doc_style``.
CVE-2026-25470 Code Injection in wordpress (CVE-2026-25470)
code injection in wordpress (CVE-2026-25470). Successful exploitation can lead to full system takeover.
CVE-2025-69129 Unrestricted File Upload in wordpress (CVE-2025-69129)
vulnerability in wordpress (CVE-2025-69129). Successful exploitation can lead to full system takeover.
CVE-2026-52715 Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
CVE-2026-49776 SQL Injection in wordpress (CVE-2026-49776)
SQL injection in wordpress (CVE-2026-49776). Confidential information can be exposed externally.
CVE-2026-39591 Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
CVE-2018-25436 Unrestricted File Upload in wordpress (CVE-2018-25436)
vulnerability in wordpress (CVE-2018-25436). Successful exploitation can lead to full system takeover.
CVE-2026-8935 Vulnerability in wordpress (CVE-2026-8935)
vulnerability in wordpress (CVE-2026-8935). Successful exploitation can lead to full system takeover.
CVE-2026-47365 Vulnerability in wordpress (CVE-2026-47365)
vulnerability in wordpress (CVE-2026-47365). Successful exploitation can lead to full system takeover.
CVE-2025-6254 Privilege Escalation in wordpress (CVE-2025-6254)
vulnerability in wordpress (CVE-2025-6254). Successful exploitation can lead to full system takeover.
CVE-2026-9067 Unrestricted File Upload in wordpress (CVE-2026-9067)
vulnerability in wordpress (CVE-2026-9067). Confidential information can be exposed externally.
CVE-2017-20251 Code Injection in wordpress (CVE-2017-20251)
code injection in wordpress (CVE-2017-20251). Successful exploitation can lead to full system takeover.
CVE-2024-58348 Unrestricted File Upload in wordpress (CVE-2024-58348)
vulnerability in wordpress (CVE-2024-58348). Successful exploitation can lead to full system takeover.
CVE-2023-54352 Vulnerability in wordpress (CVE-2023-54352)
vulnerability in wordpress (CVE-2023-54352). Successful exploitation can lead to full system takeover.
CVE-2024-58349 Unrestricted File Upload in wordpress (CVE-2024-58349)
vulnerability in wordpress (CVE-2024-58349). Successful exploitation can lead to full system takeover.
CVE-2026-10580 Vulnerability in wordpress (CVE-2026-10580)
vulnerability in wordpress (CVE-2026-10580). Successful exploitation can lead to full system takeover.
CVE-2019-25738 Vulnerability in wordpress (CVE-2019-25738)
vulnerability in wordpress (CVE-2019-25738). Successful exploitation can lead to full system takeover.
CVE-2019-25727 Path Traversal in wordpress (CVE-2019-25727)
path traversal in wordpress (CVE-2019-25727). Successful exploitation can lead to full system takeover.
CVE-2026-5076 Authentication Bypass in wordpress (CVE-2026-5076)
authentication bypass in wordpress (CVE-2026-5076). Successful exploitation can lead to full system takeover. Exploitable via ``arm_reset_password_key``.
CVE-2026-8206 Privilege Escalation in wordpress (CVE-2026-8206)
vulnerability in wordpress (CVE-2026-8206). Successful exploitation can lead to full system takeover.
CVE-2026-4290 Vulnerability in wordpress (CVE-2026-4290)
vulnerability in wordpress (CVE-2026-4290). Data can be tampered with by attackers.
CVE-2026-3655 Authentication Bypass in wordpress (CVE-2026-3655)
authentication bypass in wordpress (CVE-2026-3655). Successful exploitation can lead to full system takeover. Exploitable via ``lwp_ajax_register``.
CVE-2026-8732 Vulnerability in wordpress (CVE-2026-8732)
vulnerability in wordpress (CVE-2026-8732). Successful exploitation can lead to full system takeover.
CVE-2026-8809 Privilege Escalation in wordpress (CVE-2026-8809)
vulnerability in wordpress (CVE-2026-8809). Successful exploitation can lead to full system takeover.
CVE-2026-8760 Vulnerability in wordpress (CVE-2026-8760)
vulnerability in wordpress (CVE-2026-8760). Successful exploitation can lead to full system takeover.
CVE-2026-48904 Vulnerability in joomla (CVE-2026-48904)
vulnerability in joomla (CVE-2026-48904). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
CVE-2026-48899 Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
CVE-2026-48898 Joomla! Core - [20260513] - Privilege escalation through com_users batch task
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
CVE-2026-48902 Vulnerability in joomla (CVE-2026-48902)
vulnerability in joomla (CVE-2026-48902). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
CVE-2026-40383 Joomla! Core - [20260509] - LFI in HTMLView layout parameter
Joomla! Core - [20260509] - LFI in HTMLView layout parameter

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →