WordPress Exploited Vulnerabilities
Wordpress vulnerabilities known to be exploited. Over the past 365 days, sorted by exploit discovery date.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Unauthenticated File Upload Vulnerability in WP-Property Plugin for WordPress
CVE-2012-10027WordPressWordPress PluginπΎπ‘9.3CRITICALArbitrary File Upload Vulnerability in Asset-Manager Plugin for WordPress
CVE-2012-10026WordPressWordPress PluginπΎπ‘10CRITICALRemote File Inclusion in Advanced Custom Fields Plugin Affects WordPress Vendor
CVE-2012-10025WordPressWordPress PluginπΎπ‘10CRITICALPrivilege Escalation in Sala - Startup & SaaS WordPress Theme by WordPress
CVE-2025-4606WordPressSala - Startup & Saas ...πΎπ‘9.8CRITICALArbitrary File Upload Vulnerability in AI Engine Plugin for WordPress
CVE-2025-7847WordPressAi EngineπΎπ‘8.8HIGHReflected Cross-Site Scripting Vulnerability in SureForms Plugin for WordPress
CVE-2025-5921WordPressSureformsπΎπ‘5.8MEDIUMArbitrary File Upload Vulnerability in Alone Charity Theme for WordPress
CVE-2025-5394WordPressAlone β Charity Multip...π₯ππ°πΎπ‘π°9.8CRITICALReflected Cross-Site Scripting Vulnerability in My Reservation System Plugin for WordPress
CVE-2025-7022WordPressMy Reservation SystemπΎπ‘6.1MEDIUMReflected Cross-Site Scripting in Qwizcards Plugin by WordPress
CVE-2025-6174WordPressQwizcards | Online Qui...πΎπ‘6.1MEDIUMUnauthorized File Upload and Deletion in Ajax Load More Plugin by WordPress
CVE-2015-10140WordPressAjax Load MoreπΎπ‘8.8HIGHUser Enumeration Bypass in Stop User Enumeration Plugin for WordPress
CVE-2025-4302WordPressStop User EnumerationπΎπ‘5.3MEDIUMArbitrary File Upload Vulnerability in HT Contact Form Widget for Elementor Page Builder
CVE-2025-7340WordPressHt Contact Form Widget...πΎπ‘9.8CRITICALStored Cross-Site Scripting Vulnerability in GeoDirectory Plugin for WordPress
CVE-2025-6200WordPressGeodirectoryπΎπ‘5.9MEDIUMArbitrary Post Title Disclosure in Order Delivery Date WordPress Plugin by WordPress
CVE-2025-2942WordPressOrder Delivery DateπΎπ‘4.3MEDIUMStored Cross-Site Scripting Vulnerability in Hostel Plugin by WordPress
CVE-2025-6236WordPressHostelπΎπ‘4.8MEDIUMReflected Cross-Site Scripting Vulnerability in Hostel Plugin by WordPress
CVE-2025-6234WordPressHostelπΎπ‘6.1MEDIUMSQL Injection Vulnerability in Events Manager Plugin for WordPress
CVE-2025-6970WordPressEvents Manager β Calen...πΎπ‘EPSS 14%7.5HIGHAuthentication Bypass in WordPress Pie Register Plugin
CVE-2025-34077WordPressWordPress Pie Register...πΎπ‘EPSS 16%10CRITICALCross-site Scripting Vulnerability in Melipayamak by Melipayamak
CVE-2025-30940WordPressMelipayamakπΎπ°5.9MEDIUMCross-Site Request Forgery Vulnerability in 07FLYCMS and Related Products
CVE-2025-7078WordPress07flycmsπΎπ‘5.3MEDIUMImproper Access Control in Sharable Password Protected Posts by WordPress
CVE-2025-5920WordPressSharable Password Prot...πΎπ‘7.5HIGHUnrestricted File Upload Vulnerability in AiBud WP Plugin
CVE-2025-23968WordPressAibud WPπΎπ‘9.1CRITICALPrivilege Escalation Vulnerability in Opal Estate Pro Plugin for WordPress
CVE-2025-6934WordPressOpal Estate Pro β Prop...πΎπ‘9.8CRITICALArbitrary File Deletion in Forminator Forms Plugin for WordPress
CVE-2025-6463WordPressForminator Forms β Con...πΎπ°8.8HIGHXSS Vulnerability in WP Lightbox 2 Plugin by WordPress
CVE-2025-3745WordPressWP Lightbox 2πΎπ‘6.3MEDIUM