WordPress Exploited Vulnerabilities

Wordpress vulnerabilities known to be exploited. Over the past 365 days, sorted by exploit discovery date.

JSON RSS CSV 🔔 Create Alert Trigger

Stored Cross-Site Scripting in IndieWeb Plugin for WordPress
CVE-2025-14893
WordPressIndieweb👾🟡6.4MEDIUM
Stored Cross-Site Scripting in Contact List Plugin for WordPress
CVE-2026-3516
WordPressContact List – Online ...👾🟡6.4MEDIUM
Insecure Direct Object References in Tutor LMS Plugin for WordPress
CVE-2026-1375
WordPressTutor Lms – Elearning ...👾🟡8.1HIGH
Authorization Flaw in MyRewards Loyalty Points Plugin for WooCommerce
CVE-2025-15260
WordPressMyrewards👾🟡6.5MEDIUM
Improper Access Control in ActivityPub Plugin for WordPress
CVE-2026-4338
WordPressActivitypub👾🟡7.5HIGH
Reflected Cross-Site Scripting Vulnerability in Gravity Forms Plugin for WordPress
CVE-2026-4406
WordPressGravity Forms👾🟡4.7MEDIUM
Unauthenticated Settings Update Vulnerability in Link Whisper Free Plugin by WordPress
CVE-2026-1900
WordPressLink Whisper Free👾🟡6.5MEDIUM
SQL Injection Vulnerability in SQL Chart Builder Plugin by WordPress
CVE-2026-4079
WordPressSql Chart Builder👾🟡6.5MEDIUM
Cross-Site Request Forgery Vulnerability in Popup Box Plugin for WordPress
CVE-2025-15611
WordPressPopup Box👾🟡5.4MEDIUM
Privilege Escalation Vulnerability in Service Finder Booking by Aonetheme
CVE-2025-23970
WordPressService Finder Booking👾🟡9.8CRITICAL
Remote Code Execution in Spam Protect for Contact Form 7 Plugin by WordPress
CVE-2026-1540
WordPressSpam Protect For Conta...👾🟡7.2HIGH
Security Flaw in Export All URLs Plugin for WordPress
CVE-2026-2696
WordPressExport All Urls👾🟡5.3MEDIUM
Authentication Bypass in Order Notification for WooCommerce Plugin by WordPress
CVE-2025-15484
WordPressOrder Notification For...👾🟡9.1CRITICAL
Security Flaw in Performance Monitor Plugin for WordPress
CVE-2026-3881
WordPressPerformance Monitor👾🟡5.8MEDIUM
Unauthorized Image File Upload in EventPrime Plugin for WordPress
CVE-2026-1657
WordPressEventprime – Events Ca...👾🟡5.3MEDIUM
Privilege Escalation in Restaurant Cafeteria Theme by WordPress
CVE-2025-15445
WordPressRestaurant Cafeteria👾🟡5.4MEDIUM
SQL Injection Vulnerability in Business Directory Plugin for WordPress
CVE-2026-2576
WordPressBusiness Directory Plu...👾🟡7.5HIGH
Stored Cross-Site Scripting in WP Lightbox 2 Plugin by WordPress
CVE-2026-1430
WordPressWP Lightbox 2👾🟡4.8MEDIUM
Unauthorized Data Modification in LeadConnector Plugin by LeadConnector
CVE-2026-1890
WordPressLeadconnector👾🟡5.3MEDIUM
Arbitrary Shortcode Execution in Responsive Plus Plugin for WordPress
CVE-2025-15488
WordPressResponsive Plus👾🟡6.5MEDIUM
Path Traversal Vulnerability in Shared Files Plugin by WordPress
CVE-2025-15433
WordPressShared Files👾🟡6.8MEDIUM
Remote Code Execution Vulnerability in Kali Forms Plugin for WordPress
CVE-2026-3584
WordPressKali Forms — Contact F...👾🟡9.8CRITICAL
Information Disclosure Vulnerability in PeproDev Ultimate Invoice Plugin for WordPress
CVE-2026-2343
WordPressPeprodev Ultimate Invoice👾🟡5.3MEDIUM
File Upload Vulnerability in trx_addons Plugin by WordPress
CVE-2026-1969
WordPressTrx Addons👾🟡5.3MEDIUM
Stored Cross-Site Scripting Vulnerability in Meta-box GalleryMeta Plugin for WordPress
CVE-2026-1302
WordPressMeta-box Gallerymeta👾🟡4.4MEDIUM

WordPress Exploited Vulnerabilities

Vulnerability Published:

Sort By:

Stored Cross-Site Scripting in IndieWeb Plugin for WordPress

Stored Cross-Site Scripting in Contact List Plugin for WordPress

Insecure Direct Object References in Tutor LMS Plugin for WordPress

Authorization Flaw in MyRewards Loyalty Points Plugin for WooCommerce

Improper Access Control in ActivityPub Plugin for WordPress

Reflected Cross-Site Scripting Vulnerability in Gravity Forms Plugin for WordPress

Unauthenticated Settings Update Vulnerability in Link Whisper Free Plugin by WordPress

SQL Injection Vulnerability in SQL Chart Builder Plugin by WordPress

Cross-Site Request Forgery Vulnerability in Popup Box Plugin for WordPress

Privilege Escalation Vulnerability in Service Finder Booking by Aonetheme

Remote Code Execution in Spam Protect for Contact Form 7 Plugin by WordPress

Security Flaw in Export All URLs Plugin for WordPress

Authentication Bypass in Order Notification for WooCommerce Plugin by WordPress

Security Flaw in Performance Monitor Plugin for WordPress

Unauthorized Image File Upload in EventPrime Plugin for WordPress

Privilege Escalation in Restaurant Cafeteria Theme by WordPress

SQL Injection Vulnerability in Business Directory Plugin for WordPress

Stored Cross-Site Scripting in WP Lightbox 2 Plugin by WordPress

Unauthorized Data Modification in LeadConnector Plugin by LeadConnector

Arbitrary Shortcode Execution in Responsive Plus Plugin for WordPress

Path Traversal Vulnerability in Shared Files Plugin by WordPress

Remote Code Execution Vulnerability in Kali Forms Plugin for WordPress

Information Disclosure Vulnerability in PeproDev Ultimate Invoice Plugin for WordPress

File Upload Vulnerability in trx_addons Plugin by WordPress

Stored Cross-Site Scripting Vulnerability in Meta-box GalleryMeta Plugin for WordPress