Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how wordpress compares to other vendors in security performance

View Risk Score →

Software

wordpress
378
wordpress wordpress
81
wordpress download manager
8
wordpress church admin plugin
6
wordpress content blocks (custom post widget)
4
wordpress elementsready addons for elementor
4
wordpress ninja forms
4
wordpress analytify
3
wordpress arconix shortcodes
3
wordpress bear plugin
3
wordpress betheme
3
wordpress better elementor addons
3
wordpress buddyforms
3
wordpress church admin
3
wordpress contact form email
3
wordpress link library
3
wordpress seriously simple podcasting
3
wordpress simple shopping cart
3
wordpress survey maker
3
wordpress accept stripe payments
2
wordpress accordion slider
2
wordpress advanced custom fields pro
2
wordpress affiliate-toolkit
2
wordpress ajax contact form
2
wordpress arforms
2
wordpress auto featured image
2
wordpress auto prune posts
2
wordpress automatic plugin
2
wordpress ba book everything
2
wordpress backup & migration plugin
2
wordpress base64 encoder/decoder
2
wordpress beaver builder plugin
2
wordpress black widgets for elementor
2
wordpress blix
2
wordpress blockspare plugin
2
wordpress bookingpress
2
wordpress booster for woocommerce
2
wordpress bp email assign templates
2
wordpress bulk posts editing
2
wordpress button contact vr
2
wordpress charity addon for elementor
2
wordpress classified listing – classified ads & business directory plugin
2
wordpress clearfy cache
2
wordpress colibri page builder
2
wordpress comments extra fields for post, pages and cpt
2
wordpress comments import & export
2
wordpress community events
2
wordpress comparison slider
2
wordpress dethemekit for elementor
2
wordpress e2pdf plugin
2

WordPress General OptionsGeneral Options <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ad_contact_number' Parameter

Risk 28
Severity
4.4
First published (updated )
CVE-2026-6399

WordPress StickySticky <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'readmoretext' Shortcode Attribute

Risk 39
Severity
6.4
First published (updated )
CVE-2026-6397

WordPress LJ Comments Import: ReloadedLJ comments import: reloaded <= 0.97.1 - Reflected Cross-Site Scripting via PHP_SELF Parameter

Risk 27
Severity
6.1
EPSS
0.08%
First published (updated )
CVE-2026-8624

WordPress WordPress Picture GalleryWordPress Picture Gallery 1.4.2 Stored XSS via Edit Content URL

Risk 39
Severity
5.1
First published (updated )
CVE-2021-47951

WordPress Contact Form to EmailWordPress Contact Form to Email 1.3.24 Stored XSS

Risk 39
Severity
5.1
First published (updated )
CVE-2021-47926
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress International Sms For Contact Form 7 IntegrationWordPress International Sms Contact Form 7 Integration 1.2 XSS

Risk 38
Severity
5.1
First published (updated )
CVE-2022-50960

WordPress Contact Form BuilderWordPress Contact Form Builder 1.6.1 Cross-Site Scripting via code_generator.php

Risk 38
Severity
5.1
First published (updated )
CVE-2022-50959

WordPress Curtain (WordPress plugin)WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery

Risk 45
Severity
5.3
First published (updated )
CVE-2022-50955

WordPress Plugin Videos sync PDFWordPress Plugin Videos sync PDF 1.7.4 Stored XSS

Risk 39
Severity
5.1
First published (updated )
CVE-2022-50949

WordPress Charts NinjaCharts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'chartid' Shortcode Attribute

Risk 39
Severity
6.4
First published (updated )
CVE-2026-4730
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress Google PageRank DisplayGoogle PageRank Display <= 1.4 - Cross-Site Request Forgery to Settings Update via Settings Page

Risk 16
Severity
4.3
EPSS
0.01%
First published (updated )
CVE-2026-6294

WordPress HTTP HeadersHTTP Headers <= 1.19.2 - Authenticated (Administrator+) CRLF Injection via Custom Header Values

Risk 39
Severity
5.5
First published (updated )
CVE-2026-2717

WordPress Call To Action PluginCall To Action Plugin <= 3.1.3 - Cross-Site Request Forgery via Settings Update

Risk 22
Severity
4.3
First published (updated )
CVE-2026-4118

WordPress HTTP HeadersHTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin Setting

Risk 28
Severity
4.4
First published (updated )
CVE-2026-1379

WordPress Content Blocks (Custom Post Widget)Content Blocks (Custom Post Widget) <= 3.3.9 - Authenticated (Author+) Stored Cross-Site Scripting via content_block Shortcode

Risk 39
Severity
6.4
First published (updated )
CVE-2026-0894
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress Magazine BlocksWordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability

Risk 22
Severity
4.3
First published (updated )
CVE-2026-40728

WordPress List View Google CalendarList View Google Calendar <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description

Risk 28
Severity
4.4
First published (updated )
CVE-2026-2396

WordPress 12 Step Meeting ListWordPress 12 Step Meeting List plugin <= 3.19.9 - Sensitive Data Exposure vulnerability

Risk 27
Severity
5.3
First published (updated )
CVE-2026-39570

WordPress Conditional MenusConditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update

Risk 22
Severity
4.3
First published (updated )
CVE-2026-1032

WordPress Shared FilesShared Files < 1.7.58 - Contributor+ Arbitrary File Download

Risk 37
Severity
6.8
First published (updated )
CVE-2025-15433
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WordPress Multi Post Carousel by CategoryMulti Post Carousel by Category <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slides' Shortcode Attribute

Risk 39
Severity
6.4
First published (updated )
CVE-2026-1275

WordPress Multi Functional Flexi LightboxMulti Functional Flexi Lightbox <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via 'message' Parameter

Risk 24
Severity
5.5
EPSS
0.03%
First published (updated )
CVE-2026-3347

WordPress Info Cards – Add Text and Media in Card LayoutsInfo Cards <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

Risk 28
Severity
6.4
EPSS
0.05%
First published (updated )
CVE-2026-4120

WordPress Add Custom Fields to MediaAdd Custom Fields to Media <= 2.0.3 - Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter

Risk 16
Severity
4.3
EPSS
0.02%
First published (updated )
CVE-2026-4068

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User RegistrationUser Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter

Risk 27
Severity
5.3
First published (updated )
CVE-2026-2233
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

WebGeniusLab BigHeartsWordPress BigHearts theme <= 3.1.14 - Broken Access Control vulnerability

Risk 19
Severity
5.3
EPSS
0.04%
First published (updated )
CVE-2026-32439

Vowelweb VW PortfolioWordPress VW Portfolio theme <= 1.3.3 - Broken Access Control vulnerability

Risk 19
Severity
5.3
EPSS
0.04%
First published (updated )
CVE-2026-32437

WordPress VW FitnessWordPress VW Fitness theme <= 4.3.4 - Broken Access Control vulnerability

Risk 19
Severity
5.3
EPSS
0.04%
First published (updated )
CVE-2026-32434

WordPress Admin and Site Enhancements (ASE)WordPress Admin and Site Enhancements (ASE) plugin <= 8.4.0 - Broken Access Control vulnerability

Risk 25
Severity
5.4
EPSS
0.03%
First published (updated )
CVE-2026-32423

linethemes SmartFixWordPress SmartFix theme < 1.2.4 - Broken Access Control vulnerability

Risk 25
Severity
5.4
EPSS
0.03%
First published (updated )
CVE-2026-32391
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203