WordPress Exploited Vulnerabilities
Wordpress vulnerabilities known to be exploited. Over the past 365 days, sorted by exploit discovery date.
Vulnerability Published:
🗓️ Published
- Anytime
Sort By:
🗓️ Published Date
- Descending
Privilege Escalation Vulnerability in Advanced Custom Fields: Extended Plugin for WordPress
CVE-2026-8809WordPressAdvanced Custom Fields...👾🟡9.8CRITICALSecure Copy Content Protection and Content Locking < 5.1.5 - Admin+ Stored XSS via ays_sccp_sub_icon_image Parameter
CVE-2026-9269WordPressSecure Copy Content Pr...👾🟡3.5LOWUpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
CVE-2026-10795WordPressUpdraftplus: WP Backup...👾🟡8.1HIGHSchema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload
CVE-2026-9067WordPressSchema & Structured Da...👾🟡9.1CRITICALSpam protection, Honeypot, Anti-Spam by CleanTalk < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass
CVE-2026-8071WordPressAnti-spam By Cleantalk...👾🟡8.8HIGHAgile Store Locator < 1.6.6 - Admin+ Stored XSS via map_style
CVE-2026-9060WordPressStore Locator WordPress👾🟡3.5LOWXStore < 9.7.3 - Unauthenticated SQLi
CVE-2026-3326WordPressXstore👾🟡8.6HIGHWordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API
CVE-2017-20251WordPressWoody Code Snippets👾🟡9.3CRITICALWordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download
CVE-2017-20250WordPressMac Photo Gallery👾🟡8.7HIGHWordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download
CVE-2017-20248WordPressApptha Slider Gallery👾🟡8.7HIGHWordPress Plugin Apptha Slider Gallery 1.0 SQL Injection
CVE-2017-20249WordPressApptha Slider Gallery👾🟡8.8HIGHWordPress Plugin PICA Photo Gallery 1.0 SQL Injection
CVE-2017-20247WordPressPica Photo Gallery👾🟡8.8HIGHKittyCatfish 2.2 Plugin for WordPress SQL Injection
CVE-2017-20246WordPressKittycatfish👾🟡8.8HIGHWow Forms WordPress Plugin 2.1 SQL Injection
CVE-2017-20244WordPressWow Forms👾🟡8.8HIGHWow Viral Signups 2.1 WordPress Plugin SQL Injection
CVE-2017-20245WordPressWow Viral Signups👾🟡8.8HIGHWordPress Car Park Booking Plugin SQL Injection via space_id
CVE-2017-20243WordPressCar Park Booking System👾🟡8.8HIGHProduct Catalog 8 1.2 Plugin WordPress SQL Injection
CVE-2016-20065WordPressProduct Catalog 8👾🟡8.8HIGHSingle Personal Message 1.0.3 WordPress Plugin SQL Injection
CVE-2016-20063WordPressSingle Personal Message👾🟡7.1HIGHSimply Poll 1.4.1 Plugin for WordPress SQL Injection
CVE-2016-20062WordPressSimply Poll👾🟡8.8HIGHLazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML
CVE-2026-8981WordPressCustom Block Builder👾🟡3.5LOWWPForms Lite < 1.10.0.5 – Unauthenticated PayPal Webhook Forgery
CVE-2026-4986WordPressWPforms👾🟡5.3MEDIUMWordPress Theme Travelscape 1.0.3 Arbitrary File Upload
CVE-2024-58349WordPressTravelscape👾🟡9.3CRITICALWordPress Background Image Cropper 1.2 Remote Code Execution
CVE-2024-58348WordPressBackground Image Cropper👾🟡9.3CRITICALWordPress Sonaar Music Plugin 4.7 Stored XSS via Comments
CVE-2023-54351WordPressSonaar Music Plugin👾🟡5.1MEDIUMWordPress Seotheme Remote Code Execution Unauthenticated
CVE-2023-54352WordPressTravelscape👾🟡9.3CRITICAL