WordPress Exploited Vulnerabilities
Wordpress vulnerabilities known to be exploited. Over the past 365 days, sorted by exploit discovery date.
Vulnerability Published:
🗓️ Published
- Anytime
Sort By:
🗓️ Published Date
- Descending
Unauthenticated PHP Code Execution in AccessAlly WordPress Plugin
CVE-2020-36875WordPressAccessally👾🟡9.3CRITICALStored Cross-Site Scripting Vulnerability in NEX-Forms WordPress Plugin
CVE-2025-14803WordPressNex-forms👾🟡6.8MEDIUMInsecure Direct Object Reference in ACF to REST API Plugin for WordPress
CVE-2025-12030WordPressAcf To Rest Api👾🟡4.3MEDIUMSQL Injection Vulnerability in Relevanssi WordPress Plugin by Never5
CVE-2025-14719WordPressRelevanssi👾🟡4.9MEDIUMPath Traversal Vulnerability in Frontend File Manager for WordPress
CVE-2025-14804WordPressFrontend File Manager ...👾🟡7.7HIGHPrivilege Escalation Vulnerability in Branda Plugin for WordPress
CVE-2025-14998WordPressBranda – White Label &...👾🟡9.8CRITICALStored Cross-Site Scripting in FlexTable Plugin for WordPress by FlexSoft
CVE-2025-9543WordPressFlextable👾🟡3.5LOWSQL Injection Vulnerability in Team WordPress Plugin
CVE-2025-14124WordPressTeam👾🟡8.6HIGHAccess Token Generation Vulnerability in Ninja Forms Plugin by WordPress
CVE-2025-14072WordPressNinja Forms👾🟡5.3MEDIUMStored Cross-Site Scripting in Logo Slider Plugin for WordPress
CVE-2025-13153WordPressLogo Slider👾🟡6.1MEDIUMReflected Cross-Site Scripting Vulnerability in ShopBuilder Plugin for WordPress
CVE-2025-13456WordPressShopbuilder👾🟡6.1MEDIUMCSRF Vulnerability in WPBookit Plugin by WordPress
CVE-2025-12685WordPressWPbookit👾🟡6.5MEDIUMUser Authentication Weakness in WordPress Comments Plugin by Disqus
CVE-2025-13820WordPressComments👾🟡5.3MEDIUMUnsecured AJAX Endpoints in Ultimate Post Kit Addons for Elementor Plugin
CVE-2025-14434WordPressUltimate Post Kit Addo...👾🟡5.3MEDIUMUser Deletion Vulnerability in Knowband Mobile App Builder by Knowband
CVE-2025-13029WordPressKnowband Mobile App Bu...👾🟡7.5HIGHReflected Cross-Site Scripting Vulnerability in Advance WP Query Search Filter Plugin
CVE-2025-14313WordPressAdvance WP Query Searc...👾🟡6.1MEDIUMReflected Cross-Site Scripting Vulnerability in Advance WP Query Search Filter by WordPress
CVE-2025-14312WordPressAdvance WP Query Searc...👾🟡6.1MEDIUMStored Cross-Site Scripting Vulnerability in YaMaps for WordPress Plugin by WordPress
CVE-2025-13958WordPressYamaps For WordPress P...👾🟡5.9MEDIUMSQL Injection Vulnerability in Plugin Organizer by WordPress
CVE-2025-13417WordPressPlugin Organizer👾🟡8.6HIGHFile Upload Vulnerability in Gravity Forms Plugin by Rocketgenius
CVE-2025-13407WordPressGravity Forms👾🟡6.8MEDIUMAuthorization Bypass in Pure WC Variation Swatches Plugin by WordPress
CVE-2025-12820WordPressPure Wc Variation Swat...👾🟡5.3MEDIUMSQL Injection Vulnerability in Themefic Hydra Booking Plugin
CVE-2025-68055WordPressHydra Booking👾🟡8.5HIGHRemote Code Execution in Ocean Modal Window WordPress Plugin
CVE-2025-13307WordPressOcean Modal Window👾🟡7.2HIGHStored Cross-Site Scripting Vulnerability in Omnipress Plugin for WordPress
CVE-2025-12163WordPressOmnipress👾🟡6.4MEDIUMReflected Cross-Site Scripting Vulnerability in URL Shortify Plugin for WordPress
CVE-2025-13355WordPressUrl Shortify👾🟡7.1HIGH