WordPress Exploited Vulnerabilities
Wordpress vulnerabilities known to be exploited. Over the past 365 days, sorted by exploit discovery date.
Vulnerability Published:
๐๏ธ Published
- Anytime
Sort By:
๐๏ธ Published Date
- Descending
SQL Injection Vulnerability in TAX SERVICE Electronic HDM Plugin by WordPress
CVE-2025-12061WordPressTax Service Electronic...๐พ๐ก8.6HIGHArbitrary File Upload Vulnerability in AI Feeds Plugin for WordPress
CVE-2025-13597WordPressAi Feeds๐พ๐ก9.8CRITICALArbitrary File Upload Vulnerability in CIBELES AI Plugin for WordPress
CVE-2025-13595WordPressCibeles Ai๐พ๐ก9.8CRITICALRemote Code Execution Vulnerability in Sneeit Framework Plugin for WordPress
CVE-2025-6389WordPressSneeit Framework๐พ๐ก9.8CRITICALWeak Backup Code Generation in WP 2FA Plugin by WordPress
CVE-2025-12628WordPressWP 2fa๐พ๐ก6.3MEDIUMReflected Cross-Site Scripting Vulnerability in Broken Link Manager Plugin
CVE-2025-12629WordPressBroken Link Manager๐พ๐ก7.1HIGHBackup Migration Plugin Vulnerability in WordPress
CVE-2025-12394WordPressBackup Migration๐พ๐ก5.9MEDIUMOpen Redirect Vulnerability in Frontend Posting Plugin by WordPress
CVE-2025-12569WordPressGuest Posting / Fronte...๐พ๐ก4.7MEDIUMReflected Cross-Site Scripting Vulnerability in WordPress eCommerce Plugin
CVE-2024-14015WordPressWordPress Ecommerce Pl...๐พ๐ก7.1HIGHVulnerability in Mstoreapp Mobile App by Mstoreapp Allows Unauthenticated Access
CVE-2025-11127WordPressMstoreapp Mobile App๐พ๐ก9.8CRITICALArbitrary File Read Vulnerability in AI Engine for WordPress by ChatGPT
CVE-2025-13380WordPressAi Engine For WordPres...๐พ๐ก6.5MEDIUMSQL Injection Vulnerability in Attention-Bar Plugin for WordPress
CVE-2025-12502WordPressAttention-bar๐พ๐ก6.8MEDIUMArbitrary File Upload Vulnerability in WavePlayer Plugin for WordPress
CVE-2025-12057WordPressWaveplayer๐พ๐ก9.8CRITICALCommand Injection Vulnerability in W3 Total Cache WordPress Plugin
CVE-2025-9501WordPressW3 Total Cache๐๐ฐ๐พ๐ก๐ฐ9CRITICALLocal File Inclusion Vulnerability in Creta Testimonial Showcase Plugin by Creta Technology
CVE-2025-10686WordPressCreta Testimonial Show...๐พ๐ก7.2HIGHStored Cross-Site Scripting Vulnerability in WP Statistics Plugin by WordPress
CVE-2025-9816WordPressWP Statistics โ Simple...๐พ๐ก7.2HIGHReflected Cross-Site Scripting in Team Members Showcase Plugin by WordPress
CVE-2025-11560WordPressTeam Members Showcase๐พ๐ก4.8MEDIUMAge-Restriction WordPress Plugin Vulnerability Affects Users
CVE-2025-11855WordPressAge-restriction๐พ๐ก7.5HIGHCross-Site Scripting Vulnerabilities in WP Go Maps Plugin by WordPress
CVE-2025-11307WordPressWP Go Maps (formerly W...๐พ๐ก8.8HIGHAuthorization Flaw in Make Email Customizer for WooCommerce Plugin by WordPress
CVE-2025-11237WordPressMake Email Customizer ...๐พ๐ก5.3MEDIUMArbitrary File Upload Vulnerability in WooCommerce Designer Pro Plugin for WordPress
CVE-2025-6440WordPressWooCommerce Designer Pro๐พ๐ก9.8CRITICALFile Path Vulnerability in MelAbu WP Download Counter Button Plugin by WordPress
CVE-2025-11072WordPressMelabu WP Download Cou...๐พ๐ก5.3MEDIUMPassword Reset Vulnerability in Ace User Management WordPress Plugin
CVE-2025-6027WordPressAce User Management๐พ๐ก6.3MEDIUMElementInvader Addons for Elementor WordPress Plugin Exposes Email Functionality
CVE-2025-10873WordPressElementinvader Addons ...๐พ๐ก5.3MEDIUMReflected XSS Vulnerability in FunnelKit WordPress Plugin
CVE-2025-10567WordPressFunnelkit๐พ๐ก6.3MEDIUM