Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

WordPress — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting WordPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WordPress operates as an open-source content management system powering a significant portion of the global web, primarily enabling users to create and manage websites without extensive coding knowledge. Its widespread adoption has made it a frequent target for attackers, resulting in thirty-two recorded Common Vulnerabilities and Exposures. Historically, the platform has been susceptible to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insecure plugin architectures or insufficient input validation. Security incidents frequently involve unauthorized administrative access or data exfiltration through exploited themes and extensions. While the core software undergoes rigorous review, the extensive ecosystem of third-party contributions introduces variability in security hygiene. Regular updates and strict adherence to security best practices are essential for mitigating risks associated with its complex, modular structure and high visibility in the digital landscape.

Found 1 results / 33Clear Filters
Top products by WordPress: wordpress-develop WordPress Requests Social-Share-Buttons Buddypress
HighCVE-2026-119952026-06-19
CF7 to Webhook <= 5.0.0 - Unauthenticated Server-Side Request Forgery via CF7 Field Placeholder in Webhook URL Host
MediumCVE-2025-114022026-06-19
Services Section Block <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Block Attribute
MediumCVE-2026-100932026-06-18
File Sharing & Download Manager <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'fldr_ttl' Parame
MediumCVE-2026-121152026-06-17
Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import
High2026-06-17
PHP Object Injection in WordPress Entrepreneur - Booking for Small Businesses WordPress Theme Theme - Patchstack
High2026-06-17
Local File Inclusion in WordPress Gamic Theme - Patchstack
High2026-06-17
Local File Inclusion in WordPress Snow Club Theme - Patchstack
High2026-06-17
Local File Inclusion in WordPress Eventicity Theme - Patchstack
High2026-06-17
Local File Inclusion in WordPress Granola Theme - Patchstack
Low2026-06-17
Broken Access Control in WordPress Metro Magazine Theme - Patchstack
High2026-06-17
Local File Inclusion in WordPress Tipsy Theme - Patchstack
High2026-06-17
Local File Inclusion in WordPress Quirky Theme - Patchstack
High2026-06-17
Local File Inclusion in WordPress Orpheus Theme - Patchstack
High2026-06-17
Local File Inclusion in WordPress Snowy Theme - Patchstack
High2026-06-17
Local File Inclusion in WordPress Rosaleen Theme - Patchstack
High2026-06-17
Local File Inclusion in WordPress Grecko Theme - Patchstack
MediumCVE-2026-91872026-06-17
Abandoned Contact Form 7 <= 2.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion via 'recover_id' Para
Medium2026-06-16
Cross Site Scripting (XSS) in WordPress Media LIbrary Assistant Plugin - Patchstack
MediumCVE-2026-107802026-06-16
Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure
MediumCVE-2026-107382026-06-14
jQuery Hover Footnotes <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Sy

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with WordPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.