Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how wordpress compares to other vendors in security performance

View Risk Score →

Software

wordpress
36
wordpress wplms plugin
8
wordpress wordpress
5
wordpress elementor
3
wordpress file upload
3
wordpress ninja forms
3
wordpress unlimited elements for elementor
3
wordpress wp pipes
3
wordpress xstore core
3
wordpress ai engine plugin
2
wordpress automatic
2
wordpress build app online plugin
2
wordpress church admin plugin
2
wordpress contact form 7
2
wordpress crm perks forms
2
wordpress defender security
2
wordpress eventin
2
wordpress front end users
2
wordpress instawp connect
2
wordpress js help desk
2
wordpress js help desk plugin
2
wordpress js job manager plugin
2
wordpress makeaholic theme
2
wordpress moveto plugin
2
wordpress podlove podcast publisher
2
wordpress popup by supsystic
2
wordpress realhomes
2
wordpress s2member plugin
2
wordpress sms alert order notifications – woocommerce
2
wordpress sunshine photo cart
2
wordpress wechat social login plugin
2
wordpress woffice
2
wordpress woocommerce pdf vouchers
2
wordpress wp job portal
2
wordpress wp mailster
2
wordpress wpforms
2
wordpress activecampaign plugin
1
wordpress activedemand plugin
1
wordpress activity link preview for buddypress
1
wordpress addons & fields for woocommerce
1
wordpress adirectory
1
wordpress advanced custom fields
1
wordpress advanced custom fields pro
1
wordpress advanced file manager
1
wordpress advanced linked variations for woocommerce
1
wordpress advanced settings plugin
1
wordpress affiliate links: wordpress plugin for link cloaking and link management
1
wordpress ai engine
1
wordpress all in one login
1
wordpress altair theme
1

WordPress WP Attractive Donations System - Easy Stripe & Paypal donationsWordPress WP Attractive Donations System - Easy Stripe & Paypal donations plugin <= 1.25 - SQL Injection vulnerability

Risk 43
Severity
9.3
EPSS
0.03%
First published (updated )
CVE-2026-28115

ThemeREX Good EnergyWordPress Good Energy theme <= 1.7.7 - PHP Object Injection vulnerability

Risk 61
Severity
9.8
EPSS
0.04%
First published (updated )
CVE-2026-28105

ThemeREX Tennis ClubWordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability

Risk 61
Severity
9.8
EPSS
0.02%
First published (updated )
CVE-2026-27437

WordPress Pets ClubWordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2026-22453

ThemeREX SolarisWordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2026-22454
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

ThemeREX ClassterWordPress Classter theme <= 2.5 - PHP Object Injection vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2025-54001

Jthemes PrestigeWordPress Prestige theme < 1.4.1 - PHP Object Injection vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2025-69329

WordPress Nestbyte CoreWordPress Nestbyte Core plugin <= 1.2 - SQL Injection vulnerability

Risk 61
Severity
9.3
First published (updated )
CVE-2025-69308

ThemeGoods PhotoMeWordPress PhotoMe theme <= 5.6.11 - PHP Object Injection vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2025-69301

LoftOcean PatioTimeWordPress PatioTime theme < 2.1 - PHP Object Injection vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2025-67995
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress Slider FutureSlider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload

Risk 86
Severity
9.8
First published (updated )
CVE-2026-1405

WordPress WordPress Xpro Elementor AddonsWordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Arbitrary File Upload vulnerability

Risk 72
Severity
9.1
First published (updated )
CVE-2025-69312

blazethemes BlogisticWordPress Blogistic theme <= 1.0.5 - Arbitrary File Upload vulnerability

Risk 82
Severity
9.9
First published (updated )
CVE-2025-68909

Farost EnergiaWordPress Energia theme <= 1.1.2 - Arbitrary File Upload vulnerability

Risk 86
Severity
10
First published (updated )
CVE-2025-50002

npm/modular-dsWordPress Modular DS plugin <= 2.5.2 - Privilege Escalation vulnerability

Risk 61
Severity
10
EPSS
0.02%
First published (updated )
CVE-2026-23800
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress Automotive ListingsWordPress Automotive Listings plugin <= 18.6 - SQL Injection vulnerability

Risk 61
Severity
9.3
First published (updated )
CVE-2025-67928

Zozothemes CorpkitWordPress Corpkit theme <= 2.0 - Arbitrary File Upload vulnerability

Risk 82
Severity
9.9
First published (updated )
CVE-2025-67924

WordPress Mobile BuilderWordPress Mobile builder plugin <= 1.4.2 - Broken Authentication vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2025-68860

StylemixThemes MotorsWordPress Motors theme <= 5.6.81 - Arbitrary File Upload vulnerability

Risk 82
Severity
9.9
First published (updated )
CVE-2025-64374

BoldThemes CodiqaWordPress Codiqa theme < 1.2.8 - PHP Object Injection vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2025-64233
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

PenciDesign SoledadWordPress Soledad theme <= 8.6.9 - Privilege Escalation vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2025-64188

AncoraThemes EasyEatWordPress EasyEat theme <= 1.9.0 - Local File Inclusion vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2025-53433

WordPress Tiger themeTiger <= 101.2.1 - Unauthenticated Privilege Escalation

Risk 86
Severity
9.8
First published (updated )
CVE-2025-13675

KingAddons.com King Addons for ElementorWordPress King Addons for Elementor plugin <= 51.1.36 - Privilege Escalation vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2025-6325

Rometheme RTMKitWordPress RTMKit plugin <= 1.6.5 - Arbitrary File Upload vulnerability

Risk 82
Severity
9.9
First published (updated )
CVE-2025-62065
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Elated Themes Search & GoWordPress Search & Go theme <= 2.7 - Broken Authentication vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2025-62064

WordPress Case AddonsWordPress Case Addons plugin < 1.3.0 - Arbitrary File Upload vulnerability

Risk 82
Severity
9.9
First published (updated )
CVE-2025-62047

WordPress WP User ManagerWordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2025-60245

Holest Engineering Selling Commander for WooCommerceWordPress Selling Commander for WooCommerce plugin <= 1.2.46 - Privilege Escalation vulnerability

Risk 86
Severity
9.8
First published (updated )
CVE-2025-60243

addify Custom User Registration Fields for WooCommerceWordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vulnerability

Risk 87
Severity
10
First published (updated )
CVE-2025-60207
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203