WordPress Exploited Vulnerabilities
Wordpress vulnerabilities known to be exploited. Over the past 365 days, sorted by exploit discovery date.
Vulnerability Published:
🗓️ Published
- Anytime
Sort By:
🗓️ Published Date
- Descending
Unauthorized Access to Email Addresses in Decent Comments Plugin
CVE-2026-7385WordPressDecent Comments👾🟡Stored XSS in Email Encoder WordPress Plugin Affects Users
CVE-2026-5776WordPressEmail Encoder👾🟡6.1MEDIUMAPI Key Exposure in Fortis Plugin for WooCommerce by Fortis Technologies
CVE-2025-15609WordPressFortis For WooCommerce👾🟡7.5HIGHCross-site Scripting Vulnerability in Livemesh Addons for Elementor
CVE-2026-39636WordPressLivemesh Addons For El...👾🟡6.5MEDIUMReflected Cross-Site Scripting in Ajax Load More Plugin by WordPress
CVE-2026-6495WordPressAjax Load More👾🟡7.1HIGHUnauthenticated Stored XSS Vulnerability in Autoptimize and Other WordPress Plugins
CVE-2026-3220WordPressAutoptimize👾🟡8.8HIGHSQL Injection Vulnerability in WP Photo Album Plus Plugin by WordPress
CVE-2026-6379WordPressWP Photo Album Plus👾🟡8.6HIGHLocal File Inclusion Vulnerability in WP Maps Plugin for WordPress
CVE-2026-6381WordPressWP Maps👾🟡7.5HIGHUnauthorized Modification in Feeds for YouTube WordPress Plugin by Vendor
CVE-2026-1631WordPressFeeds For Youtube (you...👾🟡5.4MEDIUMArbitrary File Upload Vulnerability in Peugeot Music Plugin for WordPress
CVE-2018-25335WordPressPeugeot Music👾🟡9.3CRITICALRemote File Inclusion Vulnerability in WP with Spritz by WordPress
CVE-2018-25329WordPressWP With Spritz👾🟡8.7HIGHPath Traversal Vulnerability in Google Drive for WordPress by Google
CVE-2018-25326WordPressGoogle Drive👾🟡8.7HIGHLocal File Inclusion Vulnerability in Simple Fields WordPress Plugin
CVE-2018-25324WordPressSimple Fields👾🟡6.9MEDIUMDirectory Traversal Vulnerability in WordPress Plugin Anti-Malware Security and Bruteforce Firewall
CVE-2021-47977WordPressMalware Security And B...👾🟡8.7HIGHArbitrary File Deletion in Backup and Restore Plugin for WordPress
CVE-2021-47979WordPressBackup And Restore👾🟡8.7HIGHStored Cross-Site Scripting in WP Learn Manager by WordPress
CVE-2021-47975WordPressWP Learn Manager👾🟡5.1MEDIUMStored Cross-Site Scripting Vulnerability in Cookie Law Bar Plugin by WordPress
CVE-2021-47957WordPressCookie Law Bar👾🟡5.1MEDIUMLocal File Inclusion Vulnerability in Supsystic Backup Plugin for WordPress
CVE-2020-37246WordPressBackup👾🟡6.9MEDIUMPath Traversal and XSS Vulnerability in Supsystic Digital Publications Plugin
CVE-2020-37245WordPressDigital Publications👾🟡8.7HIGHSQL Injection Vulnerability in Supsystic Membership Plugin for WordPress
CVE-2020-37244WordPressMembership👾🟡8.8HIGHSQL Injection and Cross-Site Scripting in Supsystic Pricing Table Plugin
CVE-2020-37243WordPressPricing Table👾🟡8.8HIGHSQL Injection Vulnerability in Supsystic Ultimate Maps by Supsystic
CVE-2020-37242WordPressUltimate Maps👾🟡8.8HIGHStored Cross-Site Scripting in WordPress Theme Wibar by ThemeFTC
CVE-2020-37235WordPressTheme Wibar👾🟡5.1MEDIUMPersistent Cross-Site Scripting Vulnerability in BuddyPress by WordPress
CVE-2020-37233WordPressBuddypress👾🟡5.1MEDIUMUnrestricted File Upload Vulnerability in HS Brand Logo Slider by Helios Solutions
CVE-2020-37227WordPressHs Brand Logo Slider👾🟡8.7HIGH