WordPress Exploited Vulnerabilities
Wordpress vulnerabilities known to be exploited. Over the past 365 days, sorted by exploit discovery date.
Vulnerability Published:
🗓️ Published
- Anytime
Sort By:
🗓️ Published Date
- Descending
PHP Object Injection Vulnerability in Super Stage WP WordPress Plugin
CVE-2026-1542WordPressSuper Stage WP👾🟡Stored Cross-Site Scripting Vulnerability in Essential Addons for Elementor Plugin by WordPress
CVE-2026-1512WordPressEssential Addons For E...👾🟡6.4MEDIUMUnauthenticated Stored XSS Vulnerability in Responsive Lightbox & Gallery Plugin by WordPress
CVE-2025-15386WordPressResponsive Lightbox & ...👾🟡8.8HIGHOpen Redirect Vulnerability in Conditional CAPTCHA WordPress Plugin
CVE-2026-1369WordPressConditional Captcha👾🟡4.3MEDIUMAJAX Handler Vulnerability in Video Conferencing Plugin for WordPress by Zoom
CVE-2026-1368WordPressVideo Conferencing Wit...👾🟡7.5HIGHUnauthenticated Email Relay and File Access Vulnerability in Frontend File Manager by WordPress
CVE-2026-0829WordPressFrontend File Manager ...👾🟡5.8MEDIUMImproper Capability Checks in RegistrationMagic WordPress Plugin
CVE-2026-0929WordPressRegistrationmagic👾🟡4.3MEDIUMUnauthenticated Arbitrary File Upload in WPvivid Backup & Migration Plugin by WordPress
CVE-2026-1357WordPressMigration, Backup, Sta...👾🟡9.8CRITICALData Exposure Vulnerability in RegistrationMagic Plugin for WordPress
CVE-2025-15520WordPressRegistrationmagic👾🟡4.3MEDIUMAuthentication Bypass Vulnerability in AdForest Theme by WordPress
CVE-2026-1729WordPressAdforest👾🟡9.8CRITICALUnauthorized Access Vulnerability in Prime Listing Manager Plugin for WordPress
CVE-2025-14892WordPressPrime Listing Manager👾🟡9.8CRITICALPersistent Cross-Site Scripting in Duplicate Post Plugin by WordPress
CVE-2019-25314WordPressDuplicate-post👾🟡4.8MEDIUMPersistent Cross-Site Scripting Flaw in WordPress Server Log Viewer
CVE-2019-25315WordPressWP Server Log Viewer👾🟡5.1MEDIUMLocal File Inclusion Vulnerability in SportsPress Plugin for WordPress
CVE-2025-15368WordPressSportspress – Sports C...👾🟡8.8HIGHPHP Object Injection Vulnerability in WP eCommerce Plugin
CVE-2026-1235WordPressWP Ecommerce👾🟡6.5MEDIUMUnauthorized AJAX Action Vulnerability in Pix for Woocommerce Plugin by WordPress
CVE-2025-15400WordPressPix Para WooCommerce👾🟡6.5MEDIUMLocal File Inclusion Vulnerability in Post Slides WordPress Plugin
CVE-2025-15491WordPressPost Slides👾🟡5.5MEDIUMCSRF Vulnerability in Five Star Restaurant Reservations Plugin for WordPress
CVE-2026-0658WordPressFive Star Restaurant R...👾🟡4.3MEDIUMReflected Cross-Site Scripting Vulnerability in Library Viewer WordPress Plugin
CVE-2025-15396WordPressLibrary Viewer👾🟡7.1HIGHUser Profile Builder Plugin Vulnerability in WordPress
CVE-2025-15030WordPressUser Profile Builder👾🟡9.8CRITICALPersistent Cross-Site Scripting in Stripe Green Downloads Plugin for WordPress
CVE-2022-50797WordPressStripe Green Downloads👾🟡5.1MEDIUMWeak Password Reset Mechanism in Custom Login Page Customizer for WordPress
CVE-2025-14975WordPressCustom Login Page Cust...👾🟡8.1HIGHAdministrative User Creation Vulnerability in LA-Studio Element Kit for Elementor Plugin
CVE-2026-0920WordPressLa-studio Element Kit ...👾🟡9.8CRITICALArbitrary File Deletion Vulnerability in Snow Monkey Forms Plugin by WordPress
CVE-2026-1056WordPressSnow Monkey Forms👾🟡9.8CRITICALArbitrary Options Manipulation in User Activity Log Plugin by WordPress
CVE-2025-13471WordPressUser Activity Log👾🟡5.3MEDIUM