Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how wordpress compares to other vendors in security performance

View Risk Score →

Software

wordpress
562
wordpress wordpress
107
wordpress download manager
14
wordpress wplms plugin
14
wordpress file upload
8
wordpress ninja forms
7
wordpress profilegrid
7
wordpress wp mailster
7
wordpress church admin plugin
6
wordpress essential addons for elementor
6
wordpress link library
6
wordpress newsletters
6
wordpress salon booking system plugin
6
wordpress eventin
5
wordpress seriously simple podcasting
5
wordpress simple shopping cart
5
wordpress sunshine photo cart
5
wordpress academy lms plugin
4
wordpress advanced custom fields pro
4
wordpress ai engine plugin
4
wordpress armember plugin
4
wordpress betheme
4
wordpress build app online plugin
4
wordpress community events
4
wordpress elementor
4
wordpress elementsready addons for elementor
4
wordpress essential blocks
4
wordpress exclusive addons for elementor
4
wordpress file manager
4
wordpress js help desk plugin
4
wordpress simple paypal shopping cart
4
wordpress the pack elementor addons
4
wordpress wp compress
4
wordpress wp gotowebinar
4
wordpress wp job portal
4
wordpress wpforms
4
wordpress xstore core
4
wordpress admin and site enhancements (ase)
3
wordpress affiliate-toolkit
3
wordpress analytify
3
wordpress arconix shortcodes
3
wordpress arforms
3
wordpress arforms form builder
3
wordpress ba book everything
3
wordpress contact form email
3
wordpress js job manager plugin
3
wordpress listingpro
3
wordpress olive one click demo import
3
wordpress post grid master
3
wordpress redirection for contact form 7
3

WordPress General OptionsGeneral Options <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ad_contact_number' Parameter

Risk 28
Severity
4.4
First published (updated )
CVE-2026-6399

WordPress StickySticky <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'readmoretext' Shortcode Attribute

Risk 39
Severity
6.4
First published (updated )
CVE-2026-6397

WordPress LJ Comments Import: ReloadedLJ comments import: reloaded <= 0.97.1 - Reflected Cross-Site Scripting via PHP_SELF Parameter

Risk 27
Severity
6.1
EPSS
0.08%
First published (updated )
CVE-2026-8624

BleepingComputerHackers exploit auth bypass flaw in Burst Statistics WordPress plugin

Exploited
First published (updated )
News
BleepingComputer

WordPress WordPress Picture GalleryWordPress Picture Gallery 1.4.2 Stored XSS via Edit Content URL

Risk 39
Severity
5.1
First published (updated )
CVE-2021-47951
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress Contact Form to EmailWordPress Contact Form to Email 1.3.24 Stored XSS

Risk 39
Severity
5.1
First published (updated )
CVE-2021-47926

WordPress International Sms For Contact Form 7 IntegrationWordPress International Sms Contact Form 7 Integration 1.2 XSS

Risk 38
Severity
5.1
First published (updated )
CVE-2022-50960

WordPress Contact Form BuilderWordPress Contact Form Builder 1.6.1 Cross-Site Scripting via code_generator.php

Risk 38
Severity
5.1
First published (updated )
CVE-2022-50959

WordPress Curtain (WordPress plugin)WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery

Risk 45
Severity
5.3
First published (updated )
CVE-2022-50955

WordPress Plugin Videos sync PDFWordPress Plugin Videos sync PDF 1.7.4 Stored XSS

Risk 39
Severity
5.1
First published (updated )
CVE-2022-50949
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress Charts NinjaCharts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'chartid' Shortcode Attribute

Risk 39
Severity
6.4
First published (updated )
CVE-2026-4730

WordPress Google PageRank DisplayGoogle PageRank Display <= 1.4 - Cross-Site Request Forgery to Settings Update via Settings Page

Risk 16
Severity
4.3
EPSS
0.01%
First published (updated )
CVE-2026-6294

WordPress HTTP HeadersHTTP Headers <= 1.19.2 - Authenticated (Administrator+) CRLF Injection via Custom Header Values

Risk 39
Severity
5.5
First published (updated )
CVE-2026-2717

WordPress Call To Action PluginCall To Action Plugin <= 3.1.3 - Cross-Site Request Forgery via Settings Update

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4118

WordPress HTTP HeadersHTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin Setting

Risk 28
Severity
4.4
First published (updated )
CVE-2026-1379
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress Email Encoder (WordPress plugin)Email Encoder < 2.3.4 - Admin+ Stored XSS

Risk 24
Severity
3.5
First published (updated )
CVE-2024-7083

WordPress Content Blocks (Custom Post Widget)Content Blocks (Custom Post Widget) <= 3.3.9 - Authenticated (Author+) Stored Cross-Site Scripting via content_block Shortcode

Risk 39
Severity
6.4
First published (updated )
CVE-2026-0894

WordPress Drag and Drop Multiple File Upload for Contact Form 7Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.6 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass

Risk 54
Severity
8.1
EPSS
0.16%
First published (updated )
CVE-2026-5718

WordPress Magazine BlocksWordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability

Risk 22
Severity
4.3
First published (updated )
CVE-2026-40728

WordPress List View Google CalendarList View Google Calendar <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description

Risk 28
Severity
4.4
First published (updated )
CVE-2026-2396
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress 12 Step Meeting ListWordPress 12 Step Meeting List plugin <= 3.19.9 - Sensitive Data Exposure vulnerability

Risk 27
Severity
5.3
First published (updated )
CVE-2026-39570

WordPress WebmentionWebmention <= 5.6.2 - Unauthenticated Blind Server-Side Request Forgery

Risk 44
Severity
7.2
First published (updated )
CVE-2026-0686

WordPress Conditional MenusConditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update

Risk 22
Severity
4.3
First published (updated )
CVE-2026-1032

WordPress Shared FilesShared Files < 1.7.58 - Contributor+ Arbitrary File Download

Risk 37
Severity
6.8
First published (updated )
CVE-2025-15433

WordPress Import and export users and customersImport and export users and customers <= 1.29.7 - Privilege Escalation to Administrator via save_extra_user_profile_fields

Risk 54
Severity
8.1
EPSS
0.06%
First published (updated )
CVE-2026-3629
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress Multi Post Carousel by CategoryMulti Post Carousel by Category <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slides' Shortcode Attribute

Risk 39
Severity
6.4
First published (updated )
CVE-2026-1275

WordPress Multi Functional Flexi LightboxMulti Functional Flexi Lightbox <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter

Risk 24
Severity
5.5
EPSS
0.03%
First published (updated )
CVE-2026-3347

WordPress Info Cards – Add Text and Media in Card LayoutsInfo Cards <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

Risk 28
Severity
6.4
EPSS
0.05%
First published (updated )
CVE-2026-4120

WordPress Add Custom Fields to MediaAdd Custom Fields to Media <= 2.0.3 - Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter

Risk 16
Severity
4.3
EPSS
0.02%
First published (updated )
CVE-2026-4068

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User RegistrationUser Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter

Risk 27
Severity
5.3
First published (updated )
CVE-2026-2233
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203