WordPress Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by wordpress
Vulnerability Published:
🗓️ Published
- Anytime
Sort By:
🗓️ Published Date
- Descending
WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API
CVE-2017-20251WordPressWoody Code Snippets👾🟡9.3CRITICALWordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download
CVE-2017-20250WordPressMac Photo Gallery👾🟡8.7HIGHWordPress Plugin Apptha Slider Gallery 1.0 SQL Injection
CVE-2017-20249WordPressApptha Slider Gallery👾🟡8.8HIGHWordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download
CVE-2017-20248WordPressApptha Slider Gallery👾🟡8.7HIGHWordPress Plugin PICA Photo Gallery 1.0 SQL Injection
CVE-2017-20247WordPressPica Photo Gallery👾🟡8.8HIGHKittyCatfish 2.2 Plugin for WordPress SQL Injection
CVE-2017-20246WordPressKittycatfish👾🟡8.8HIGHWow Viral Signups 2.1 WordPress Plugin SQL Injection
CVE-2017-20245WordPressWow Viral Signups👾🟡8.8HIGHWow Forms WordPress Plugin 2.1 SQL Injection
CVE-2017-20244WordPressWow Forms👾🟡8.8HIGHWordPress Car Park Booking Plugin SQL Injection via space_id
CVE-2017-20243WordPressCar Park Booking System👾🟡8.8HIGHProduct Catalog 8 1.2 Plugin WordPress SQL Injection
CVE-2016-20065WordPressProduct Catalog 8👾🟡8.8HIGHSingle Personal Message 1.0.3 WordPress Plugin SQL Injection
CVE-2016-20063WordPressSingle Personal Message👾🟡7.1HIGHSimply Poll 1.4.1 Plugin for WordPress SQL Injection
CVE-2016-20062WordPressSimply Poll👾🟡8.8HIGHBlocksy <= 2.1.41 - Authenticated (Contributor+) PHP Object Injection via Deserialization of Untrusted Data via 'blocksy_meta' REST API Field
CVE-2026-8365WordPressBlocksy8.8HIGHEvents Calendar for GeoDirectory <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation
CVE-2026-11616WordPressEvents Calendar For Ge...8.8HIGH6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter
CVE-2026-9185WordPress6storage Rentals7.5HIGHRecover Exit For WooCommerce <= 1.0.3 - Unauthenticated Local File Inclusion via 'tpf' Parameter
CVE-2026-9662WordPressRecover Exit For WooCo...8.1HIGHFV Flowplayer Video Player <= 7.5.49.7212 - Unauthenticated Stored Cross-Site Scripting via Comment Text
CVE-2026-7556WordPressFv FloWPlayer Video Pl...7.2HIGHWordPress Theme Travelscape 1.0.3 Arbitrary File Upload
CVE-2024-58349WordPressTravelscape👾🟡9.3CRITICALWordPress Background Image Cropper 1.2 Remote Code Execution
CVE-2024-58348WordPressBackground Image Cropper👾🟡9.3CRITICALWordPress Seotheme Remote Code Execution Unauthenticated
CVE-2023-54352WordPressTravelscape👾🟡9.3CRITICALWordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated
CVE-2023-54350WordPressAugmented Reality👾🟡8.7HIGHBooking Package <= 1.7.16 - Authenticated (Editor+) Privilege Escalation via Account Takeover to updateUser AJAX Action
CVE-2026-9851WordPressBooking Package7.2HIGHMDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter
CVE-2026-7537WordPressMdjm Event Management7.2HIGHAll-In-One Security (AIOS) <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting via REST API Request Path
CVE-2026-8438WordPressAll-in-one Security (a...7.2HIGHIntegration for Freshsales <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Form Submission Data
CVE-2026-8901WordPressIntegration For Freshs...7.2HIGH