CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Wordfence Blog•added last week•11 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 18, 2026 to May 24, 2026)

Last week, there were 101 vulnerabilities disclosed in 88 WordPress Plugins and 1 WordPress Theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 69 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

6.1AI score

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43543

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvca carousel and lvca posts carousel shortcode attributes in all versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. Specifically,...

6.4CVSS6AI score0.00032EPSS

Exploits0References4

CNNVD•added 2026/05/27 12:0 a.m.•3 views

WordPress plugin ElementsKit Elementor addons Lite 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

5.3CVSS5.8AI score0.00037EPSS

Cvelist•added 2026/05/18 6:0 a.m.•34 views

CVE-2026-3220 Multiple Plugins - Unauthenticated Stored XSS via Minify Library

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...

0.00016EPSS

CNNVD•added 2026/05/18 12:0 a.m.•6 views

WordPress多款产品跨站脚本漏洞

8.8CVSS5.7AI score0.00016EPSS

Positive Technologies•added 2026/05/14 12:0 a.m.•4 views

PT-2026-41125

Name of the Vulnerable Software and Affected Versions eMagicOne Store Manager versions prior to 1.3.3 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data...

9.3CVSS5.9AI score0.00039EPSS

Exploits0References5

CNNVD•added 2026/05/14 12:0 a.m.•4 views

WordPress plugin InfusedWoo Pro 安全漏洞

9.8CVSS5.8AI score0.00222EPSS

Patchstack•added 2026/05/04 2:2 p.m.•2 views

WordPress Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin <= 4.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Post Expirator versions = 4.10.0...

5.5CVSS5.8AI score0.00036EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/01 5:29 a.m.•25 views

CVE-2024-13362 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

6.1CVSS0.00135EPSS

CVE•added 2026/05/01 5:29 a.m.•5 views

CVE-2024-13362

CVE-2024-13362 concerns Freemius versions <= 2.10.1 used in multiple WordPress plugins/themes. The flaw is a reflected DOM-based XSS via the url parameter , caused by insufficient input sanitization and output escaping. Consequences: unauthenticated attackers could cause a user to execute arbi...

6.1CVSS5.5AI score0.00135EPSS

EUVD•added 2026/05/01 5:29 a.m.•1 views

EUVD-2024-55564

6.1CVSS5.5AI score0.00135EPSS

Vulnrichment•added 2026/05/01 5:29 a.m.•1 views

CVE-2024-13362 Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter

6.1CVSS6AI score0.00135EPSS

Wordfence Blog•added 2026/04/23 3:44 p.m.•4 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)

Last week, there were 139 vulnerabilities disclosed in 118 WordPress Plugins and 10 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 85 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6AI score

RedhatCVE•added 2026/04/22 1:22 a.m.•2 views

CVE-2026-6443

All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in all of the plugin's they acquired. This makes it possible for the threat actor to maintain a...

9.8CVSS5.8AI score0.00023EPSS

CNNVD•added 2026/04/21 12:0 a.m.•4 views

WordPress plugin Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider 代码问题漏洞

7.2CVSS5.9AI score0.00063EPSS

Exploits0References2

EUVD•added 2026/04/17 6:31 a.m.•2 views

EUVD-2026-23354

The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary Directory Deletion in versions up to and including 3.1.19.8. This is due to insufficient input validation on the fileName parameter in the file upload handler. The plugin sanitizes...

4.9CVSS5.5AI score0.00027EPSS

Exploits0References9

ATTACKERKB•added 2026/04/17 3:36 a.m.•1 views

CVE-2026-4853

4.9CVSS5.5AI score0.00027EPSS

Exploits0References9

CNNVD•added 2026/04/15 12:0 a.m.•3 views

WordPress plugin Tutor LMS 安全漏洞

5.4CVSS5.8AI score0.00046EPSS

Packet Storm News•added 2026/04/13 12:0 a.m.•2 views

WPProbe Plugin Enumeration Tool 0.11.8

A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...

5.8AI score