CVE-2026-8442 - The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions u

CVE-2026-52715 - Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.

CVE-2026-2381 - The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modificati

CVE-2026-8444 - The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]'

CVE-2026-10093 - The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Store

CVE-2026-9187 - The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post delet

CVE-2026-6933 - The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing auth

CVE-2026-5149 - The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and

CVE-2026-10780 - The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versi

CVE-2026-6964 - The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all v

CVE-2017-20251 - WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that al

CVE-2017-20247 - WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthen

CVE-2017-20246 - KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenti

CVE-2017-20245 - Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthent

CVE-2017-20244 - Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthent

CVE-2017-20243 - WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerab

CVE-2016-20065 - Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unaut

CVE-2016-20062 - Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthent

CVE-2026-4058 - The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registrat

CVE-2026-8677 - The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is

CVE-2026-8599 - The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for Word

CVE-2026-8365 - The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Executi

CVE-2026-11616 - The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in v

CVE-2026-8981 - The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_h

CVE-2026-4986 - The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal we

CVE-2026-9662 - The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all v

CVE-2026-9185 - The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Control

CVE-2026-8977 - The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-8940 - The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-8910 - The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-8909 - The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a

CVE-2026-8907 - The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up

CVE-2026-8904 - The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin

CVE-2026-8902 - The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ver

CVE-2026-8895 - The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's

CVE-2026-8883 - The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Script

CVE-2026-8882 - The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-8880 - The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'b

CVE-2026-8841 - The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-8499 - The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP

CVE-2026-7662 - The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '

CVE-2026-11603 - The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site S

CVE-2026-10738 - The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Foo

CVE-2026-10553 - The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v

CVE-2026-10024 - The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'b

CVE-2026-7556 - The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-5714 - The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘

CVE-2026-10862 - The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion b

CVE-2026-3011 - The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th

CVE-2024-58349 - WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauth

CVE-2024-58348 - WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that a

CVE-2023-54352 - WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attack

CVE-2023-54351 - WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows u

CVE-2023-54350 - WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder co

CVE-2022-50953 - WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows un

CVE-2021-47984 - WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that a

CVE-2021-47983 - WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that al

CVE-2021-47982 - WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows

CVE-2026-9851 - The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover

CVE-2026-9829 - The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to tim

CVE-2026-9016 - The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable t

CVE-2026-8839 - The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through U

CVE-2026-8611 - The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Refere

CVE-2026-9280 - The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Sit

CVE-2026-9197 - The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to,

CVE-2026-8991 - The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stor

CVE-2026-8978 - The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable

CVE-2026-8502 - The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vul

CVE-2026-7796 - The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more pl

CVE-2026-7795 - The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-7792 - The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin

CVE-2026-7665 - The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is v

CVE-2026-7566 - The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection

CVE-2026-7565 - The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read v

CVE-2026-7537 - The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all version

CVE-2026-2500 - The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and

CVE-2026-9281 - The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits

CVE-2026-9008 - The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and

CVE-2026-8901 - The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin f

CVE-2026-8438 - The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored

CVE-2026-9719 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-9290 - The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local

CVE-2026-8976 - The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu

CVE-2026-8900 - The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Short

CVE-2026-8893 - The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-8608 - The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to

CVE-2026-7047 - The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers

CVE-2026-6448 - The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to

CVE-2026-10038 - The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin

CVE-2025-12656 - The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to ar

CVE-2026-7654 - The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code

CVE-2026-7523 - The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and

CVE-2026-10580 - The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass le

CVE-2026-10586 - The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress i

CVE-2019-25744 - WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows au

CVE-2019-25743 - WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows

CVE-2019-25742 - WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability tha

CVE-2019-25738 - WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allow

CVE-2019-25727 - WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows

CVE-2026-8653 - The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL Injection via the 'co

CVE-2026-10737 - The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a

CVE-2026-9732 - The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross

CVE-2026-7421 - The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versi

CVE-2026-5076 - The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in a

CVE-2026-5074 - The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parame

CVE-2026-5073 - The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter o

CVE-2026-1829 - The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution

CVE-2026-5191 - The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site s

CVE-2026-9730 - The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery i

CVE-2026-9722 - The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t

CVE-2026-9599 - The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u

CVE-2026-9234 - The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in ver

CVE-2026-8885 - The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-8422 - The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery

CVE-2026-4081 - The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [zemstl] short

CVE-2026-4080 - The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_to_cart

CVE-2026-4071 - The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to,

CVE-2026-3620 - The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replace

CVE-2026-2425 - The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via

CVE-2026-2382 - The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th

CVE-2026-1451 - The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' paramet

CVE-2026-1450 - The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' para

CVE-2025-5085 - The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole_l

CVE-2026-8293 - The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor chal

CVE-2026-8206 - The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable t

CVE-2026-3722 - The Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)

CVE-2026-10100 - The Simple Custom Login Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t

CVE-2026-9050 - The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable t

CVE-2026-9048 - The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versio

CVE-2018-25434 - WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to

CVE-2026-8382 - The Advanced Custom Fields (ACF®) plugin for WordPress is vulnerable to authorization bypass in all

CVE-2026-9757 - The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng'

CVE-2026-7465 - The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerab

CVE-2026-7459 - The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to a

CVE-2026-4290 - The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-

CVE-2025-12714 - The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unau

CVE-2026-9189 - The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via

CVE-2026-6075 - The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers

CVE-2026-10039 - The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the

CVE-2026-9243 - The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-3655 - The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authenticati

CVE-2025-11262 - The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user

CVE-2026-9714 - The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-8732 - The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account

CVE-2026-6275 - The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Si

CVE-2025-14042 - The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-S

CVE-2025-11993 - The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object

CVE-2026-2128 - The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorize

CVE-2026-8995 - The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Se

CVE-2026-7430 - The Post Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions

CVE-2026-8809 - The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via

CVE-2026-9015 - The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for Wo

CVE-2026-8689 - The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missin

CVE-2026-7526 - The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all version

CVE-2026-7048 - The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to tim

CVE-2026-6937 - The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress

CVE-2026-6226 - The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege esc

CVE-2026-4334 - The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headl

CVE-2026-9227 - The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all v

CVE-2026-8682 - The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnera

CVE-2026-7862 - The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access t

CVE-2026-7797 - The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress

CVE-2026-7660 - The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via th

CVE-2026-7651 - The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, Us

CVE-2026-7634 - The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Us

CVE-2026-7621 - The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized acces

CVE-2026-7052 - The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to S

CVE-2026-6455 - The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery le

CVE-2026-6427 - The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions u

CVE-2026-9644 - The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-9009 - The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code E

CVE-2026-7533 - The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v

CVE-2026-3173 - The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all v

CVE-2026-9241 - The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Autho

CVE-2026-9228 - The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct

CVE-2026-7802 - The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all v

CVE-2026-5737 - The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all v

CVE-2026-2374 - The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-4888 - The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPr

CVE-2026-42726 - Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds

CVE-2026-3349 - The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via t

CVE-2026-3348 - The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-2288 - The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_titl

CVE-2026-2280 - The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings

CVE-2025-0898 - The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all

CVE-2026-8942 - The MetaMagic SEO Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ver

CVE-2026-8906 - The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up

CVE-2026-8832 - The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for W

CVE-2026-8143 - The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hb_country_iso'

CVE-2026-8042 - The Github Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'repo

CVE-2026-7618 - The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based bl

CVE-2026-6169 - The affiliate-toolkit plugin for WordPress is vulnerable to remote code execution in all versions up

CVE-2026-3897 - The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scrip

CVE-2026-3896 - The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi

CVE-2026-3895 - The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site

CVE-2026-3375 - The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-js

CVE-2026-3279 - The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of

CVE-2026-3001 - The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' para

CVE-2026-2030 - The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site

CVE-2026-9200 - The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to

CVE-2026-9014 - The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a mis

CVE-2026-8994 - The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up t

CVE-2026-8943 - The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve

CVE-2026-8941 - The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up

CVE-2026-8939 - The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in version

CVE-2026-8938 - The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers

CVE-2026-8911 - The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up

CVE-2026-8903 - The Two-factor authentication (formerly IP Vault) plugin for WordPress is vulnerable to Cross-Site R

CVE-2026-8899 - The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'thumbn

CVE-2026-8898 - The Events In City plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'org-ev

CVE-2026-8897 - The Shortcode Buddy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode

CVE-2026-8894 - The iWR Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `

CVE-2026-8891 - The BitForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bitf

CVE-2026-8887 - The Listen Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'list

CVE-2026-8886 - The hk_shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title-pl

CVE-2026-8884 - The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable to Stored Cross-Site Scriptin

CVE-2026-8877 - The Responsive Video Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-8875 - The Easy Prism Syntax Highlighter plugin for WordPress is vulnerable to Stored Cross-Site Scripting

CVE-2026-8873 - The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcod

CVE-2026-8872 - The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p

CVE-2026-8871 - The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ki

CVE-2026-8870 - The Team Master – A Modern WordPress Team Showcase plugin for WordPress is vulnerable to Stored Cros

CVE-2026-8869 - The Mutual Funds Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tit

CVE-2026-8868 - The Single Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sing

CVE-2026-8867 - The Post Category Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the

CVE-2026-8847 - The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dideo'

CVE-2026-8846 - The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'TUXQUOTE' sh

CVE-2026-8845 - The Islamic Database plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'isla

CVE-2026-8844 - The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rspc

CVE-2026-8837 - The WP Iframe Geo Style for Amazon affiliates plugin for WordPress is vulnerable to Stored Cross-Sit

CVE-2026-8787 - The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in

CVE-2026-8760 - The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to

CVE-2026-8708 - The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi

CVE-2026-8707 - The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via P

CVE-2026-8703 - The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode A

CVE-2026-8702 - The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripting in version 1.0 vi

CVE-2026-8701 - The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in vers

CVE-2026-8698 - The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable to Stored Cross-Site

CVE-2026-8048 - The My Email Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'su

CVE-2026-8040 - The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color'

CVE-2026-7614 - The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve

CVE-2026-6268 - The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eve

CVE-2026-9236 - The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress i

CVE-2026-6287 - The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin for WordPress is vulnerable to

CVE-2025-14481 - The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all version

CVE-2026-9022 - The Splide Carousel Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'url

CVE-2026-7493 - The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress

CVE-2026-6565 - The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor Patterns plugin for

CVE-2026-8174 - Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery (CSRF). This issue

CVE-2018-25352 - WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulner