WordPress Exploited Vulnerabilities
Wordpress vulnerabilities known to be exploited. Over the past 365 days, sorted by exploit discovery date.
Vulnerability Published:
๐๏ธ Published
- Anytime
Sort By:
๐๏ธ Published Date
- Descending
Access Control Flaw in BuddyPress Docs Plugin
CVE-2025-5526WordPressBuddypress Docs๐พ๐กStored Cross-Site Scripting in WP Map Block WordPress Plugin
CVE-2025-5194WordPressWP Map Block๐พ๐กStored Cross-Site Scripting Vulnerability in Responsive Lightbox & Gallery Plugin by WordPress
CVE-2025-5093WordPressResponsive Lightbox & ...๐พ๐ก5.4MEDIUMStored Cross-Site Scripting Vulnerability in Firelight Lightbox Plugin for WordPress
CVE-2025-5035WordPressFirelight Lightbox๐พ๐ก5.4MEDIUMSQL Injection vulnerability in TI WooCommerce Wishlist
CVE-2024-43917WordPressTi WooCommerce Wishlist๐พ๐กEPSS 82%9.8CRITICALArbitrary File Upload Vulnerability in ZoomSounds Plugin by WordPress
CVE-2021-4457WordPressZoomsounds๐พ๐กArbitrary File Upload Vulnerability in Drag and Drop Multiple File Upload for Contact Form 7 by WordPress
CVE-2025-3515WordPressDrag And Drop Multiple...๐พ๐ก8.1HIGHReflected Cross-Site Scripting in wp-file-download Plugin by WordPress
CVE-2025-5034WordPressWP-file-download๐พ๐ก7.1HIGHCross-Site Scripting Vulnerability in Custom Post Carousels Plugin by WordPress
CVE-2025-5125WordPressCustom Post Carousels ...๐พ๐ก4.8MEDIUMArbitrary File Upload Vulnerability in Pixabay Images Plugin for WordPress
CVE-2025-4413WordPressPixabay Images๐พ๐ฐ8.8HIGHArbitrary File Upload Vulnerability in Ultra Addons for Contact Form 7 Plugin by WordPress
CVE-2025-6220WordPressUltra Addons For Conta...๐พ๐ก7.2HIGHStored Cross-site Scripting in Tarteaucitron.io Plugin for WordPress
CVE-2025-4955WordPressTarteaucitron.io๐พ๐ก4.7MEDIUMCross-Site Scripting Vulnerability in Ivory Search by WordPress
CVE-2025-5209WordPressIvory Search๐พ๐ก4.8MEDIUMSQL Injection Flaw in Likes and Dislikes Plugin for WordPress
CVE-2025-5287WordPressLikes And Dislikes Plugin๐พ๐กEPSS 14%7.5HIGHData Modification Vulnerability in HyperComments Plugin for WordPress
CVE-2025-5701WordPressHypercomments๐พ๐ก9.8CRITICALPrivilege Escalation in Real Estate WordPress Theme by Inspyre
CVE-2025-4601WordPressRh - Real Estate WordP...๐พ๐ก8.8HIGHFile Upload Vulnerability in Axle Demo Importer Plugin by WordPress
CVE-2025-4954WordPressAxle Demo Importer๐พ๐ก8.8HIGHSQL Injection Risk in Inprosysmedia Likes Dislikes Post Plugin for WordPress
CVE-2025-4840WordPressInprosysmedia-likes-di...๐พ๐ก7.5HIGHUnauthorized Data Access in File Away Plugin for WordPress
CVE-2025-2539WordPressFile Away๐พ๐กEPSS 10%7.5HIGHReflected Cross-Site Scripting in Broadstreet WordPress Plugin
CVE-2025-4652WordPressBroadstreet๐พ๐ก6.1MEDIUMStored Cross-Site Scripting Vulnerability in Newsletter WordPress Plugin
CVE-2025-3582WordPressNewsletter๐พ๐ก4.8MEDIUMStored Cross-Site Scripting in Newsletter WordPress Plugin by WordPress
CVE-2025-3581WordPressNewsletter๐พ๐ก4.8MEDIUMSQL Injection Vulnerability in Short URL Plugin for WordPress
CVE-2023-2921WordPressShort Url๐พ๐ก8.8HIGHArbitrary File Read Vulnerability in Eventin Plugin for WordPress
CVE-2025-3419WordPressEvent Manager, Events ...๐พ๐ก7.5HIGHCSRF Vulnerability in File Provider Plugin for WordPress by Unknown Vendor
CVE-2025-4580WordPressFile Provider๐พ๐ก4.3MEDIUM