Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how wordpress compares to other vendors in security performance

View Risk Score →

Software

wordpress
26
wordpress academy lms plugin
1
wordpress admin and site enhancements (ase)
1
wordpress ai chatbot
1
wordpress all-in-one security
1
wordpress ar for wordpress
1
wordpress button contact vr
1
wordpress button generator
1
wordpress cardealer plugin
1
wordpress cgc maintenance mode
1
wordpress coming soon and maintenance mode plugin
1
wordpress compress & upload
1
wordpress email encoder (wordpress plugin)
1
wordpress essential addons for elementor
1
wordpress event espresso 4 decaf
1
wordpress floating chat widget
1
wordpress hide login page plugin
1
wordpress lws hide login
1
wordpress maintenance mode
1
wordpress oneclick chat to order
1
wordpress paid memberships pro
1
wordpress password protected
1
wordpress pay-with-tweet
1
wordpress rank math seo plugin
1
wordpress tag, category, and taxonomy manager
1
wordpress twitterposts
1
wordpress ultimate dashboard
1
wordpress woocommerce plugin
1
wordpress wordpress
1
wordpress wordpress manutenção
1
wordpress wp favorite posts
1
wordpress wp maintenance plugin
1
wordpress wp-advanced-search
1
wordpress wpdirectorykit
1
wordpress wps hide login
1

WordPress Email Encoder (WordPress plugin)Email Encoder < 2.3.4 - Admin+ Stored XSS

Risk 24
Severity
3.5
First published (updated )
CVE-2024-7083

WordPress OneClick Chat to OrderOneClick Chat to Order <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update

Risk 16
Severity
2.7
First published (updated )
CVE-2025-14270

WordPress Admin and Site Enhancements (ASE)WordPress Admin and Site Enhancements (ASE) plugin <= 8.0.8 - Broken Access Control vulnerability

Risk 16
Severity
2.7
First published (updated )
CVE-2025-64255

WPDeveloper Essential Addons for ElementorWordPress Essential Addons for Elementor plugin <= 6.2.4 - Broken Access Control vulnerability

Risk 16
Severity
2.7
First published (updated )
CVE-2025-64352

Rank Math SEOWordPress Rank Math SEO plugin <= 1.0.252.1 - Broken Access Control vulnerability

Risk 26
Severity
3.8
First published (updated )
CVE-2025-64350
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress Password ProtectedPassword Protected <= 2.7.11 - Unauthenticated Authorization Bypass via IP Address Spoofing

Risk 20
Severity
3.7
First published (updated )
CVE-2025-11244

WordPress AI ChatBotWPBOT < 7.1.0 - Admin+ Stored XSS

Risk 18
Severity
3.5
EPSS
0.05%
First published (updated )
CVE-2025-9111

WordPress Compress & UploadCompress Then Upload < 1.0.5 - Admin+ Arbitrary File Upload

Risk 20
Severity
3.8
EPSS
0.04%
First published (updated )
CVE-2025-8889

WordPress WordPressWordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via p…

Risk 20
Severity
3.7
First published (updated )
CVE-2025-54352

WordPress TwitterPostsTwitterPosts <= 1.0.2 - Settings Update via CSRF

Risk 24
Severity
3.5
First published (updated )
CVE-2023-7297
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress Tag, Category, and Taxonomy ManagerAI Autotagger < 3.30.0 - Admin+ Stored XSS

Risk 24
Severity
3.5
First published (updated )
CVE-2025-0627

WordPress Smart Maintenance ModeSmart Maintenance Mode < 1.5.2 - Admin+ Stored XSS

Risk 24
Severity
3.5
First published (updated )
CVE-2024-12683

WordPress FavoritesFavorites < 2.3.5 - Admin+ Stored XSS

Risk 24
Severity
3.5
First published (updated )
CVE-2025-1452

WordPress WP-Advanced-SearchWP-Advanced-Search < 3.3.9.3 - Admin+ Stored XSS

Risk 24
Severity
3.5
First published (updated )
CVE-2024-10554

NextGen GalleryNextGEN Gallery < 3.59.9 - Admin+ Stored XSS

Risk 24
Severity
3.5
First published (updated )
CVE-2024-10545
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress Paid Memberships ProXSS

Risk 24
Severity
3.5
First published (updated )
CVE-2024-13121

WordPress AR for WordPressAR for WordPress <= 7.3 - Missing Authorization to Unauthenticated Limited File Upload

Risk 20
Severity
3.7
First published (updated )
CVE-2024-12300

wpdirectorykit Wp Directory Kit WordpressWordPress WPDirectoryKit plugin <= 1.3.6 - HTML Injection vulnerability

Risk 16
Severity
2.7
First published (updated )
CVE-2024-37253

Automattic WooCommerceWordPress WooCommerce plugin <= 8.9.2 - Content Injection vulnerability

Risk 24
Severity
3.5
First published (updated )
CVE-2024-35777

Kodezen Limited Academy LMSWordPress Academy LMS plugin <= 2.0.4 - Open Redirection vulnerability

Risk 19
Severity
3.5
First published (updated )
CVE-2024-37234
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

All In One WP Security & Firewall Team All In One WP Security & FirewallWordPress All-In-One Security (AIOS) plugin <= 5.2.4 - Secret Login Page Location Disclosure on Multisites vulnerability

Risk 20
Severity
3.7
First published (updated )
CVE-2023-52147

David Vongries Ultimate DashboardWordPress Ultimate Dashboard plugin <= 3.7.10 - Secret Login Page Location Disclosure on Multisites vulnerability

Risk 20
Severity
3.7
First published (updated )
CVE-2023-49822

Wpserveur WPS Hide LoginWordPress WPS Hide Login plugin <= 1.9.11 - Secret Login Page Location Disclosure on Multisites vulnerability

Risk 20
Severity
3.7
First published (updated )
CVE-2023-49748

WpDevArt Coming soon and Maintenance modeWordPress Coming soon and Maintenance mode plugin <= 3.7.3 - IP Filtering Bypass vulnerability

Risk 20
Severity
3.7
First published (updated )
CVE-2023-49741

Webcraftic Hide login pageWordPress Hide login page plugin <= 1.1.9 - Secret Login Page Location Disclosure on Multisites vulnerability

Risk 20
Severity
3.7
First published (updated )
CVE-2023-48335
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

LWS Hide LoginWordPress LWS Hide Login plugin <= 2.1.8 - Secret Login Page Location Disclosure on Multisites vulnerability

Risk 20
Severity
3.7
First published (updated )
CVE-2023-47818

WP Maintenance WP MaintenanceWordPress WP Maintenance plugin <= 6.1.3 - IP Filtering Bypass vulnerability

Risk 20
Severity
3.7
First published (updated )
CVE-2023-47769

Event Espresso Event Espresso 4 DecafWordPress Event Espresso 4 Decaf plugin <= 4.10.44.decaf - Bypass vulnerability

Risk 20
Severity
3.7
First published (updated )
CVE-2023-27437

WordPress Button contact VRButton contact VR <= 4.7 - Admin+ Stored XSS

Risk 24
Severity
3.5
First published (updated )
CVE-2024-2220

Helderk Maintenance ModeWordPress Maintenance Mode plugin <= 3.0.1 - IP Bypass vulnerability

Risk 20
Severity
3.7
First published (updated )
CVE-2024-32708
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203