WordPress Latest Vulnerabilities
November 15
WordPress Jobs Plugin Vulnerable to Stored Cross-Site Scripting Attacks
CVE-2024-10104
WordPressJobs For WordPress
October 26
Authentication Bypass Vulnerability in User Toolkit Plugin for WordPress
CVE-2024-9890
WordPress👾8.8HIGH
September 17
WordPress Plugin Vulnerability Could Allow CSRF Attacks on Logged-In Admins
CVE-2024-8093
WordPressPosts Reminder6.5MEDIUM
September 12
Unsafe Settings Update in WordPress Plug-in
CVE-2024-7862
WordPressBlogintroduction-WordP...6.5MEDIUM
August 12
WordPress Plugin Vulnerable to CSRF Attacks
CVE-2024-6136
WordPressWP-cart-for-digital-pr...
WordPress Plugin Vulnerability Could Expose High Privilege Users to Cross-Site Scripting
CVE-2024-6134
WordPressWP-cart-for-digital-pr...
August 7
Unauthenticated XSS Vulnerability in File Upload Plugin
CVE-2024-6494
WordPress
August 6
WordPress File Upload Vulnerability Leads to Reflected Cross-Site Scripting
CVE-2024-6651
WordPressWordPress File Upload
August 2
Cross-Site Request Forgery Vulnerability in Superfly Responsive Menu Plugin for WordPress
CVE-2024-3238
WordPress8.8HIGH
July 30
CSRF Flaw in WordPress Plugin Could Allow Attackers to Trick Admin into Making Unintended Actions
CVE-2024-6230
WordPressپلاگین پرداخت دلخواه
July 13
Ditty Plugin Vulnerability Could Lead to Cross-Site Scripting Attacks
CVE-2024-5575
WordPressDitty
Cross-Site Scripting Vulnerability in WordPress wp-affiliate-platform Plugin
CVE-2024-5286
WordPressWP-affiliate-platform
WordPress Plugin Vulnerability: Reflected Cross-Site Scripting Flaw
CVE-2024-5283
WordPressWP-affiliate-platform
Cross-Site Scripting Vulnerability in WordPress' wp-affiliate-platform Plugin
CVE-2024-5282
WordPressWP-affiliate-platform
WordPress Plugin Vulnerable to Reflected Cross-Site Scripting
CVE-2024-5281
WordPressWP-affiliate-platform
WordPress Plugin Vulnerability Leaves Non-Logged in Users Susceptible to XSS Attacks
CVE-2024-5280
WordPressWP-affiliate-platform
Security Risk: Unsanitised Settings Can Lead to Stored Cross-Site Scripting Attacks
CVE-2024-5002
WordPressUser Submitted Posts
July 12
Plugin vulnerability puts WordPress websites at risk of Stored Cross-Site Scripting attacks
CVE-2024-2430
WordPressWebsite Content In Pag...5.4MEDIUM
July 11
WordPress Plugin Vulnerable to Stored Cross-Site Scripting Attacks
CVE-2024-5444
WordPressBible Text5.4MEDIUM
June 27
False URL Redirect Vulnerability in Contact Form 7 Plugin
CVE-2024-4704
WordPressContact Form 76.1MEDIUM
June 15
Stored Cross-Site Scripting Vulnerability in WordPress Newspaper Theme
CVE-2024-3815
WordPressNewspaper - News & Woo...4.8MEDIUM
June 14
Unfiltered HTML Settings in Jitsi Shortcode Plugin Can Lead to Stored XSS Attacks
CVE-2024-3977
WordPressWordPress Jitsi Shortcode4.8MEDIUM
Similarity Plugin Vulnerability Allows CSRF Attacks
CVE-2024-3971
WordPressSimilarity4.3MEDIUM
June 12
Unfiltered HTML Setting Vulnerability in WordPress Social Sharing Plugin Could Lead to Stored Cross-Site Scripting Attacks
CVE-2024-4924
WordPressSocial Sharing Plugin
June 4
AJAX Vulnerability in WordPress Events Calendar Plugin
CVE-2024-4180
WordPressThe Events Calendar
May 15
Unfiltered HTML Setting Vulnerability in WordPress Plugin Allows Stored XSS Attacks
CVE-2024-3634
WordPressMonth Name Translation...
May 3
Stored Cross-Site Scripting Vulnerability in WordPress Core
CVE-2024-4439
WordPress😄👾7.2HIGH
April 26
WordPress Social Sharing Plugin Vulnerable to Stored Cross-Site Scripting Attacks
CVE-2024-2159
WordPressSocial Sharing Plugin
Salon Booking System Plugin Vulnerable to Stored Cross-Site Scripting Attacks
CVE-2024-2439
WordPress
Unprotected CSRF Vulnerability in Salon Booking System Plugin
CVE-2024-2429
WordPressSalon Booking System
April 24
SSRF Attacks in Multisite Configurations
CVE-2023-7253
WordPressImport WP
April 18
Reflected Cross-Site Scripting Vulnerability in Jobs for WordPress Plugin
CVE-2024-2833
WordPress
April 17
Stored Cross-Site Scripting vulnerability in Salon booking system WordPress plugin
CVE-2024-2102
WordPressSalon Booking System
Stored Cross-Site Scripting vulnerability in Salon booking system WordPress plugin
CVE-2024-2101
WordPressSalon Booking System
April 15
Cross-Site Scripting (XSS) Vulnerability in Social Share, Social Login and Social Comments Plugin for WordPress
CVE-2024-2836
WordPressSocial Share, Social L...
April 10
CSRF Vulnerability in Ping Optimizer Plugin Could Allow Attackers to Trigger Unwanted Actions
CVE-2023-6385
WordPressWordPress Ping Optimizer
April 4
Temporary File Upload Vulnerability in WordPress Affects Administrator Users
CVE-2024-31210
WordPress
WordPress Fixes Critical Unserialization Vulnerability
CVE-2024-31211
WordPress
Stored Cross-Site Scripting Vulnerability in WordPress Tag and Category Manager AI Autotagger Plugin
CVE-2024-2830
WordPress
March 26
Unauthenticated Access to Sensitive Log Data in Backup and Restore WordPress Plugin
CVE-2023-7232
WordPressBackup And Restore Wor...
March 25
Plugin Vulnerability Allows Contributor User Access to Custom Fields on Any Post
CVE-2024-1564
WordPressWP-schema-pro
February 27
Fatal Error Notify Plugin Vulnerable to Spam Attacks
CVE-2023-7202
WordPressFatal Error Notify
October 16
WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure
CVE-2023-5561
WordPressWordPress👾5.3MEDIUM
October 13
WordPress < 6.3.2 is vulnerable to Broken Access Control
CVE-2023-39999
WordPressWordPress4.3MEDIUM
Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block
CVE-2023-38000
WordPressWordPress5.4MEDIUM
June 4
Blogger Importer Plugin blogger-importer.php restart cross-site request forgery
CVE-2013-10027
WordPressBlogger Importer Plugin4.3MEDIUM
January 5
CVE-2023-22622
WordPressWordPress5.3MEDIUM
December 14
WP <= 6.1.1 - Unauthenticated Blind SSRF via DNS Rebinding
CVE-2022-3590
WordPressWordPress👾5.9MEDIUM
April 18
CVE-2011-1762
WordPresswordpress6.5MEDIUM
January 6
Stored XSS in WordPress
CVE-2022-21662
WordPressWordPress-develop8HIGH
Authenticated Object Injection in Multisites in WordPress
CVE-2022-21663
WordPressWordPress-develop6.6MEDIUM
SQL injection in WordPress
CVE-2022-21664
WordPressWordPress-develop7.4HIGH
SQL injection in WordPress
CVE-2022-21661
WordPressWordPress-develop👾8HIGH
November 25
CVE-2021-44223
WordPressWordPress8.1HIGH
September 9
Private data disclosure/privilege escalation through the block editor in Wordpress
CVE-2021-39203
WordPressWordPress-develop6.8MEDIUM
WordPress 5.8 beta: Stored Cross-Site Scripting (XSS) vulnerability in widget
CVE-2021-39202
WordPressWordPress-develop7.6HIGH
Authenticated cross-site scripting (XSS) in WordPress editor
CVE-2021-39201
WordPressWordPress-develop7.6HIGH
Information Disclosure in wp_die() via JSONP in wordpress
CVE-2021-39200
WordPressWordPress-develop5.3MEDIUM
April 27
Insecure Deserialization of untrusted data in rmccue/requests
CVE-2021-29476
WordPressRequests9.8CRITICAL
April 15
WordPress Authenticated disclosure of password-protected posts and pages
CVE-2021-29450
WordPressWordPress-develop6.5MEDIUM
WordPress Authenticated XXE attack when installation is running PHP 8
CVE-2021-29447
WordPressWordPress-develop👾7.1HIGH
November 2
CVE-2020-28037
WordPressWordPress9.8CRITICAL
CVE-2020-28032
WordPressWordPress👾9.8CRITICAL
CVE-2020-28035
WordPressWordPress9.8CRITICAL
CVE-2020-28039
WordPressWordPress9.1CRITICAL
CVE-2020-28036
WordPressWordPress9.8CRITICAL
CVE-2020-28038
WordPressWordPress6.1MEDIUM
CVE-2020-28033
WordPressWordPress7.5HIGH
CVE-2020-28034
WordPressWordPress6.1MEDIUM
CVE-2020-28040
WordPressWordPress4.3MEDIUM
September 13
CVE-2020-25286
WordPressWordPress5.3MEDIUM
June 12
Authenticated XSS via media attachment page in WordPress
CVE-2020-4047
WordPressWordPress-develop6.8MEDIUM
Open redirect in wp_validate_redirect() in WordPress
CVE-2020-4048
WordPressWordPress-develop5.7MEDIUM
Authenticated self-XSS via theme uploads in WordPress
CVE-2020-4049
WordPressWordPress-develop2.4LOW
set-screen-option filter misuse by plugins leading to privilege escalation in WordPress
CVE-2020-4050
WordPressWordPress-develop3.5LOW
Authenticated XSS through embed block in WordPress
CVE-2020-4046
WordPressWordPress-develop5.4MEDIUM
April 30
Specially crafted filenames in WordPress leading to XSS
CVE-2020-11026
WordPressWordPress8.7HIGH
Cross-site scripting in stats method (object cache) in WordPress
CVE-2020-11029
WordPressWordPress5.8MEDIUM
Unauthenticated disclosure of certain private posts in WordPress
CVE-2020-11028
WordPressWordPress5.8MEDIUM
Password reset links invalidation issue in WordPress
CVE-2020-11027
WordPressWordPress6.1MEDIUM
Cross-site scripting (XSS) in Search block in WordPress
CVE-2020-11030
WordPressWordPress6.4MEDIUM
Authenticated cross-site scripting (XSS) in WordPress Customizer
CVE-2020-11025
WordPressWordPress5.8MEDIUM
December 27
CVE-2019-20041
WordPressWordPress9.8CRITICAL
CVE-2019-20042
WordPressWordPress6.1MEDIUM
CVE-2019-20043
WordPressWordPress4.3MEDIUM
December 26
Stored cross-site scripting (XSS) in WordPress block editor
CVE-2019-16781
WordPressWordPress5.8MEDIUM
Stored cross-site scripting (XSS) in WordPress block editor
CVE-2019-16780
WordPressWordPress5.8MEDIUM
October 17
CVE-2019-17671
WordPressWordPress👾5.3MEDIUM
CVE-2019-17672
WordPressWordPress6.1MEDIUM
CVE-2019-17673
WordPressWordPress7.5HIGH
CVE-2019-17675
WordPressWordPress8.8HIGH
CVE-2019-17674
WordPressWordPress5.4MEDIUM
CVE-2019-17669
WordPressWordPress9.8CRITICAL
CVE-2019-17670
WordPressWordPress9.8CRITICAL
September 11
CVE-2019-16217
WordPressWordPress6.1MEDIUM
CVE-2019-16219
WordPressWordPress6.1MEDIUM
CVE-2019-16221
WordPressWordPress6.1MEDIUM
CVE-2019-16222
WordPressWordPress6.1MEDIUM
CVE-2019-16223
WordPressWordPress5.4MEDIUM
CVE-2019-16220
WordPressWordPress6.1MEDIUM