Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cms Tag: privilege-escalation Clear
ID Title
CVE-2026-14250 Privilege Escalation in wordpress (CVE-2026-14250)
vulnerability in wordpress (CVE-2026-14250). Risk of unauthorized operations or information disclosure.
CVE-2026-9842 Privilege Escalation in wordpress (CVE-2026-9842)
vulnerability in wordpress (CVE-2026-9842). Data can be tampered with by attackers. Exploitable via ``manage_options``.
CVE-2026-14482 Privilege Escalation in wordpress (CVE-2026-14482)
vulnerability in wordpress (CVE-2026-14482). Successful exploitation can lead to full system takeover. Exploitable via ``update_option``.
CVE-2026-13228 Privilege Escalation in wordpress (CVE-2026-13228)
vulnerability in wordpress (CVE-2026-13228). Successful exploitation can lead to full system takeover.
CVE-2026-11387 Authentication Bypass in wordpress (CVE-2026-11387)
authentication bypass in wordpress (CVE-2026-11387). Successful exploitation can lead to full system takeover.
CVE-2026-12224 Privilege Escalation in wordpress (CVE-2026-12224)
vulnerability in wordpress (CVE-2026-12224). Successful exploitation can lead to full system takeover.
CVE-2026-12073 Vulnerability in wordpress (CVE-2026-12073)
vulnerability in wordpress (CVE-2026-12073). Successful exploitation can lead to full system takeover. Exploitable via ``user_login``.
CVE-2026-12415 Privilege Escalation in wordpress (CVE-2026-12415)
vulnerability in wordpress (CVE-2026-12415). Successful exploitation can lead to full system takeover.
CVE-2026-4297 Vulnerability in wordpress (CVE-2026-4297)
vulnerability in wordpress (CVE-2026-4297). Successful exploitation can lead to full system takeover.
CVE-2026-12417 Vulnerability in wordpress (CVE-2026-12417)
vulnerability in wordpress (CVE-2026-12417). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_pravel_change_password``.
CVE-2026-11551 Vulnerability in wordpress (CVE-2026-11551)
vulnerability in wordpress (CVE-2026-11551). Successful exploitation can lead to full system takeover.
CVE-2026-12165 Privilege Escalation in wordpress (CVE-2026-12165)
vulnerability in wordpress (CVE-2026-12165). Successful exploitation can lead to full system takeover. Exploitable via ``RegistryUserRole``.
CVE-2026-8176 Privilege Escalation in wordpress (CVE-2026-8176)
vulnerability in wordpress (CVE-2026-8176). Successful exploitation can lead to full system takeover.
CVE-2016-20084 Cross-Site Scripting (XSS) in wordpress (CVE-2016-20084)
cross-site scripting in wordpress (CVE-2016-20084). Risk of unauthorized operations or information disclosure.
CVE-2016-20070 Cross-Site Scripting (XSS) in wordpress (CVE-2016-20070)
cross-site scripting in wordpress (CVE-2016-20070). Risk of unauthorized operations or information disclosure.
CVE-2025-6254 Privilege Escalation in wordpress (CVE-2025-6254)
vulnerability in wordpress (CVE-2025-6254). Successful exploitation can lead to full system takeover.
CVE-2026-11616 Privilege Escalation in wordpress (CVE-2026-11616)
vulnerability in wordpress (CVE-2026-11616). Successful exploitation can lead to full system takeover.
CVE-2026-9851 Vulnerability in wordpress (CVE-2026-9851)
vulnerability in wordpress (CVE-2026-9851). Successful exploitation can lead to full system takeover.
CVE-2026-8206 Privilege Escalation in wordpress (CVE-2026-8206)
vulnerability in wordpress (CVE-2026-8206). Successful exploitation can lead to full system takeover.
CVE-2026-8732 Vulnerability in wordpress (CVE-2026-8732)
vulnerability in wordpress (CVE-2026-8732). Successful exploitation can lead to full system takeover.
CVE-2026-5343 Vulnerability in drupal (CVE-2026-5343)
vulnerability in drupal (CVE-2026-5343). Confidential information can be exposed externally.
CVE-2026-8809 Privilege Escalation in wordpress (CVE-2026-8809)
vulnerability in wordpress (CVE-2026-8809). Successful exploitation can lead to full system takeover.
CVE-2026-6226 Privilege Escalation in wordpress (CVE-2026-6226)
vulnerability in wordpress (CVE-2026-6226). Successful exploitation can lead to full system takeover.
CVE-2026-8787 Privilege Escalation in wordpress (CVE-2026-8787)
vulnerability in wordpress (CVE-2026-8787). Successful exploitation can lead to full system takeover. Exploitable via ``user_email``.
CVE-2026-48898 Joomla! Core - [20260513] - Privilege escalation through com_users batch task
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
CVE-2026-48899 Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
CVE-2026-6895 Privilege Escalation in wordpress (CVE-2026-6895)
vulnerability in wordpress (CVE-2026-6895). Successful exploitation can lead to full system takeover.
CVE-2026-6419 Privilege Escalation in wordpress (CVE-2026-6419)
vulnerability in wordpress (CVE-2026-6419). Successful exploitation can lead to full system takeover.
CVE-2026-9018 Privilege Escalation in wordpress (CVE-2026-9018)
vulnerability in wordpress (CVE-2026-9018). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_eel_register``.
CVE-2026-5118 Privilege Escalation in wordpress (CVE-2026-5118)
vulnerability in wordpress (CVE-2026-5118). Successful exploitation can lead to full system takeover.
CVE-2026-7467 Privilege Escalation in wordpress (CVE-2026-7467)
vulnerability in wordpress (CVE-2026-7467). Successful exploitation can lead to full system takeover.
CVE-2026-7284 Privilege Escalation in wordpress (CVE-2026-7284)
vulnerability in wordpress (CVE-2026-7284). Successful exploitation can lead to full system takeover.
CVE-2026-6456 Authentication Bypass in wordpress (CVE-2026-6456)
authentication bypass in wordpress (CVE-2026-6456). Successful exploitation can lead to full system takeover. Exploitable via ``rememberLogin``.
CVE-2026-8719 Privilege Escalation in wordpress (CVE-2026-8719)
vulnerability in wordpress (CVE-2026-8719). Successful exploitation can lead to full system takeover.
CVE-2026-6228 Privilege Escalation in wordpress (CVE-2026-6228)
vulnerability in wordpress (CVE-2026-6228). Successful exploitation can lead to full system takeover.
CVE-2026-6510 Vulnerability in wordpress (CVE-2026-6510)
vulnerability in wordpress (CVE-2026-6510). Successful exploitation can lead to full system takeover.
CVE-2026-6506 Vulnerability in wordpress (CVE-2026-6506)
vulnerability in wordpress (CVE-2026-6506). Successful exploitation can lead to full system takeover.
CVE-2026-5193 Privilege Escalation in wordpress (CVE-2026-5193)
vulnerability in wordpress (CVE-2026-5193). Data can be tampered with by attackers.
CVE-2026-8181 Authentication Bypass in wordpress (CVE-2026-8181)
authentication bypass in wordpress (CVE-2026-8181). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
CVE-2021-47932 Vulnerability in wordpress (CVE-2021-47932)
vulnerability in wordpress (CVE-2021-47932). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →