WordPress Exploited Vulnerabilities
Wordpress vulnerabilities known to be exploited. Over the past 365 days, sorted by exploit discovery date.
Vulnerability Published:
🗓️ Published
- Anytime
Sort By:
🗓️ Published Date
- Descending
WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API
CVE-2017-20251WordPressWoody Code Snippets👾🟡9.3CRITICALWordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download
CVE-2017-20250WordPressMac Photo Gallery👾🟡8.7HIGHWordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download
CVE-2017-20248WordPressApptha Slider Gallery👾🟡8.7HIGHWordPress Plugin Apptha Slider Gallery 1.0 SQL Injection
CVE-2017-20249WordPressApptha Slider Gallery👾🟡8.8HIGHWordPress Plugin PICA Photo Gallery 1.0 SQL Injection
CVE-2017-20247WordPressPica Photo Gallery👾🟡8.8HIGHKittyCatfish 2.2 Plugin for WordPress SQL Injection
CVE-2017-20246WordPressKittycatfish👾🟡8.8HIGHWow Forms WordPress Plugin 2.1 SQL Injection
CVE-2017-20244WordPressWow Forms👾🟡8.8HIGHWow Viral Signups 2.1 WordPress Plugin SQL Injection
CVE-2017-20245WordPressWow Viral Signups👾🟡8.8HIGHWordPress Car Park Booking Plugin SQL Injection via space_id
CVE-2017-20243WordPressCar Park Booking System👾🟡8.8HIGHProduct Catalog 8 1.2 Plugin WordPress SQL Injection
CVE-2016-20065WordPressProduct Catalog 8👾🟡8.8HIGHSingle Personal Message 1.0.3 WordPress Plugin SQL Injection
CVE-2016-20063WordPressSingle Personal Message👾🟡7.1HIGHSimply Poll 1.4.1 Plugin for WordPress SQL Injection
CVE-2016-20062WordPressSimply Poll👾🟡8.8HIGHLazy Blocks < 4.3.0 - Admin+ Stored XSS via Custom Block Frontend HTML
CVE-2026-8981WordPressCustom Block Builder👾🟡3.5LOWWPForms Lite < 1.10.0.5 – Unauthenticated PayPal Webhook Forgery
CVE-2026-4986WordPressWPforms👾🟡5.3MEDIUMWordPress Theme Travelscape 1.0.3 Arbitrary File Upload
CVE-2024-58349WordPressTravelscape👾🟡9.3CRITICALWordPress Background Image Cropper 1.2 Remote Code Execution
CVE-2024-58348WordPressBackground Image Cropper👾🟡9.3CRITICALWordPress Sonaar Music Plugin 4.7 Stored XSS via Comments
CVE-2023-54351WordPressSonaar Music Plugin👾🟡5.1MEDIUMWordPress Seotheme Remote Code Execution Unauthenticated
CVE-2023-54352WordPressTravelscape👾🟡9.3CRITICALWordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated
CVE-2023-54350WordPressAugmented Reality👾🟡8.7HIGHWordPress Plugin admin-word-count-column 2.2 Local File Read
CVE-2022-50953WordPressAdmin-word-count-column👾🟡6.9MEDIUMWordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code
CVE-2021-47983WordPressAccept Stripe Payments👾🟡5.1MEDIUMWordPress Plugin WP24 Domain Check 1.6.2 Stored XSS
CVE-2021-47984WordPressWP24 Domain Check👾🟡5.1MEDIUMWordPress Plugin WP-Paginate 2.1.3 Stored XSS via preset
CVE-2021-47982WordPressWP-paginate👾🟡5.1MEDIUMRemote Code Execution Risk in Everest Forms Pro Plugin by WordPress
CVE-2026-3300WordPressEverest Forms Pro👾🟡📰9.8CRITICALBlind SQL Injection in Contest Gallery Plugin for WordPress
CVE-2026-3180WordPressContest Gallery – Uplo...👾🟡7.5HIGH