WordPress Exploited Vulnerabilities
Wordpress vulnerabilities known to be exploited. Over the past 365 days, sorted by exploit discovery date.
Vulnerability Published:
🗓️ Published
- Anytime
Sort By:
🗓️ Published Date
- Descending
Authorization Bypass in Pure WC Variation Swatches Plugin by WordPress
CVE-2025-12820WordPressPure Wc Variation Swat...👾🟡SQL Injection Vulnerability in Themefic Hydra Booking Plugin
CVE-2025-68055WordPressHydra Booking👾🟡8.5HIGHRemote Code Execution in Ocean Modal Window WordPress Plugin
CVE-2025-13307WordPressOcean Modal Window👾🟡7.2HIGHStored Cross-Site Scripting Vulnerability in Omnipress Plugin for WordPress
CVE-2025-12163WordPressOmnipress👾🟡6.4MEDIUMReflected Cross-Site Scripting Vulnerability in URL Shortify Plugin for WordPress
CVE-2025-13355WordPressUrl Shortify👾🟡7.1HIGHReflected Cross Site Scripting in URL Shortify WordPress Plugin
CVE-2025-12684WordPressUrl Shortify👾🟡7.1HIGHUnauthorized File Upload Vulnerability in Royal Addons for Elementor by WordPress
CVE-2025-11363WordPressRoyal Addons For Eleme...👾🟡5.3MEDIUMAuthorization and CSRF Bypass in HelloLeads CRM Form Shortcode Plugin
CVE-2025-12696WordPressHelloleads Crm Form Sh...👾🟡5.3MEDIUMReflected Cross-Site Scripting Vulnerability in WPS Visitor Counter Plugin by WordPress
CVE-2025-9116WordPressWPs Visitor Counter Pl...👾🟡5.8MEDIUMFile Deletion Vulnerability in WooMulti WordPress Plugin by WooMulti
CVE-2025-12835WordPressWoomulti👾🟡7.3HIGHUnauthenticated Access in Bookit Plugin Leads to Payment Option Alterations
CVE-2025-12841WordPressBookit👾🟡5.3MEDIUMAuthorization Bypass and CSRF in Construction Light WordPress Theme
CVE-2025-10684WordPressConstruction Light👾🟡4.3MEDIUMReflected Cross-Site Scripting in HandL UTM Grabber / Tracker Plugin by WordPress
CVE-2025-13073WordPressHandl Utm Grabber / Tr...👾🟡7.1HIGHReflected Cross-Site Scripting Vulnerability in HandL UTM Grabber / Tracker Plugin
CVE-2025-13072WordPressHandl Utm Grabber / Tr...👾🟡7.1HIGHUnauthorized Modification Vulnerability in Frontend Admin Plugin by DynamiApps
CVE-2025-13342WordPressFrontend Admin By Dyna...👾🟡9.8CRITICALLocal File Inclusion Vulnerability in CSV to SortTable Plugin by WordPress
CVE-2025-13070WordPressCsv To Sorttable👾🟡6.6MEDIUMReflected Cross-Site Scripting in Custom Admin Menu Plugin for WordPress
CVE-2025-13071WordPressCustom Admin Menu👾🟡7.1HIGHStored Cross-Site Scripting Vulnerability in WPeMatico RSS Feed Fetcher by WordPress
CVE-2025-13031WordPressWPematico Rss Feed Fet...👾🟡5.9MEDIUMRemote Code Execution Vulnerability in Advanced Custom Fields Extended Plugin for WordPress
CVE-2025-13486WordPressAdvanced Custom Fields...👾🟡EPSS 71%9.8CRITICALPrivilege Escalation in King Addons for Elementor Plugin by WordPress
CVE-2025-8489WordPressKing Addons For Elemen...👾EPSS 48%📰9.8CRITICALArbitrary Event Disclosure in MotoPress Timetable and Event Schedule Plugin
CVE-2025-12954WordPressTimetable And Event Sc...👾🟡2.7LOWArbitrary Option Disclosure in Upload.am WordPress Plugin
CVE-2025-12630WordPressUpload.am👾🟡4.9MEDIUMUnauthorized Access in db-access Plugin for WordPress
CVE-2025-13000WordPressDb-access👾🟡7.7HIGHSQL Injection Vulnerability in Donation Plugin for WordPress
CVE-2025-13001WordPressDonation👾🟡4.1MEDIUMSQL Injection Vulnerability in TAX SERVICE Electronic HDM Plugin by WordPress
CVE-2025-12061WordPressTax Service Electronic...👾🟡8.6HIGH