260 new vulnerabilities

WordPress Vulnerability
Database

260 known vulnerabilities across plugins, themes and core. Updated daily from multiple sources.

260

Total vulns

Critical

High

167

Medium

Low

254

Plugins

Themes

Core

Closed plugins

260 results

Severity	Title	Type	Slug	CVE	Fixed in	Published
MEDIUM CVSS 6.4	The7 <= 14.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode '…	theme	`the7-website-and-ecommerce-builder-for-wordpress`	CVE-2026-6646	—	May 15, 2026
HIGH CVSS 8.1	EUVD-2026-30507 (CVE-2026-4094) — The FOX – Currency Switcher Professional for WooCommerc…	plugin		CVE-2026-4094	—	May 15, 2026
MEDIUM CVSS 6.4	EUVD-2026-30509 (CVE-2026-6646) — The The7 theme for WordPress is vulnerable to Stored Cr…	plugin		CVE-2026-6646	—	May 15, 2026
HIGH CVSS 7.5	Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection	plugin	`mongoose`	CVE-2026-42334	—	May 14, 2026
HIGH CVSS 7.5	EUVD-2026-30349 (CVE-2026-42334) — Mongoose is a MongoDB object modeling tool designed to…	plugin		CVE-2026-42334	—	May 14, 2026
HIGH CVSS 8.1	Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitra…	plugin	`database-backup-for-wordpress`	CVE-2026-4030	—	May 14, 2026
HIGH CVSS 7.5	Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Databas…	plugin	`database-backup-for-wordpress`	CVE-2026-4029	—	May 14, 2026
HIGH CVSS 7.5	Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Databas…	plugin	`database-backup-for-wordpress`	CVE-2026-4031	—	May 14, 2026
HIGH CVSS 7.5	CVE-2026-4031 — The Database Backup for WordPress plugin for WordPress is vulnerable to a…	plugin		CVE-2026-4031	—	May 14, 2026
HIGH CVSS 8.1	CVE-2026-4030 — The Database Backup for WordPress plugin for WordPress is vulnerable to u…	plugin		CVE-2026-4030	—	May 14, 2026
HIGH CVSS 7.5	CVE-2026-4029 — The Database Backup for WordPress plugin for WordPress is vulnerable to u…	plugin		CVE-2026-4029	—	May 14, 2026
HIGH CVSS 7.5	EUVD-2026-30272 (CVE-2026-4029) — The Database Backup for WordPress plugin for WordPress …	plugin		CVE-2026-4029	—	May 14, 2026
HIGH CVSS 8.1	EUVD-2026-30273 (CVE-2026-4030) — The Database Backup for WordPress plugin for WordPress …	plugin		CVE-2026-4030	—	May 14, 2026
HIGH CVSS 7.5	EUVD-2026-30274 (CVE-2026-4031) — The Database Backup for WordPress plugin for WordPress …	plugin		CVE-2026-4031	—	May 14, 2026
CRITICAL CVSS 9.1	EUVD-2026-30262 (CVE-2026-6512) — The InfusedWoo Pro plugin for WordPress is vulnerable t…	plugin		CVE-2026-6512	—	May 14, 2026
MEDIUM CVSS 6.4	EUVD-2026-30261 (CVE-2026-6504) — The Royal Elementor Addons and Templates plugin for Wor…	plugin		CVE-2026-6504	—	May 14, 2026
MEDIUM CVSS 5.3	EUVD-2026-30257 (CVE-2026-6145) — The User Registration & Membership plugin for WordPress…	plugin		CVE-2026-6145	—	May 14, 2026
MEDIUM CVSS 6.4	EUVD-2026-30259 (CVE-2026-6174) — The CC Child Pages plugin for WordPress is vulnerable t…	plugin		CVE-2026-6174	—	May 14, 2026
MEDIUM CVSS 5.3	EUVD-2026-30260 (CVE-2026-6206) — The MW WP Form plugin for WordPress is vulnerable to In…	plugin		CVE-2026-6206	—	May 14, 2026
HIGH CVSS 7.5	EUVD-2026-30263 (CVE-2026-6514) — The InfusedWoo Pro plugin for WordPress is vulnerable t…	plugin		CVE-2026-6514	—	May 14, 2026
CRITICAL CVSS 9.8	Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover	plugin	`burst-statistics-privacy-friendly-wordpress-analytics-google-analytics-alternative`	CVE-2026-8181	—	May 14, 2026
MEDIUM CVSS 6.5	EUVD-2026-30256 (CVE-2026-6670) — The Media Sync plugin for WordPress is vulnerable to Pa…	plugin		CVE-2026-6670	—	May 14, 2026
HIGH CVSS 7.2	EUVD-2026-30246 (CVE-2026-3718) — The ManageWP Worker plugin for WordPress is vulnerable …	plugin		CVE-2026-3718	—	May 14, 2026
MEDIUM CVSS 6.4	EUVD-2026-30252 (CVE-2026-6252) — The Meta Field Block plugin for WordPress is vulnerable…	plugin		CVE-2026-6252	—	May 14, 2026
MEDIUM CVSS 6.4	EUVD-2026-30244 (CVE-2026-3694) — The Bold Page Builder plugin for WordPress is vulnerabl…	plugin		CVE-2026-3694	—	May 14, 2026
HIGH CVSS 8.2	EUVD-2026-30250 (CVE-2026-5395) — The Fluent Forms – Customizable Contact Forms, Survey, …	plugin		CVE-2026-5395	—	May 14, 2026
HIGH CVSS 8.8	EUVD-2026-30254 (CVE-2026-6506) — The InfusedWoo Pro plugin for WordPress is vulnerable t…	plugin		CVE-2026-6506	—	May 14, 2026
MEDIUM CVSS 4.3	EUVD-2026-30249 (CVE-2026-5365) — The LatePoint plugin for WordPress is vulnerable to Cro…	plugin		CVE-2026-5365	—	May 14, 2026
MEDIUM CVSS 6.5	EUVD-2026-30248 (CVE-2026-5193) — The Essential Addons for Elementor – Popular Elementor …	plugin		CVE-2026-5193	—	May 14, 2026
HIGH CVSS 8.1	EUVD-2026-30247 (CVE-2026-3892) — The Motors – Car Dealership & Classified Listings Plugi…	plugin		CVE-2026-3892	—	May 14, 2026
MEDIUM CVSS 6.5	EUVD-2026-30251 (CVE-2026-6225) — The Taskbuilder – Project Management & Task Management …	plugin		CVE-2026-6225	—	May 14, 2026
CRITICAL CVSS 9.8	EUVD-2026-30255 (CVE-2026-6510) — The InfusedWoo Pro plugin for WordPress is vulnerable t…	plugin		CVE-2026-6510	—	May 14, 2026
CRITICAL CVSS 9.8	EUVD-2026-30253 (CVE-2026-6271) — The Career Section plugin for WordPress is vulnerable t…	plugin		CVE-2026-6271	—	May 14, 2026
MEDIUM CVSS 6.1	EUVD-2025-209837 (CVE-2025-15345) — The MapGeo – Interactive Geo Maps plugin for WordPres…	plugin		CVE-2025-15345	—	May 14, 2026
MEDIUM CVSS 5.4	EUVD-2026-30228 (CVE-2026-3829) — The WP Encryption – One Click Free SSL Certificate & SS…	plugin		CVE-2026-3829	—	May 14, 2026
CRITICAL CVSS 9.8	EUVD-2026-30242 (CVE-2026-8181) — The Burst Statistics – Privacy-Friendly WordPress Analy…	plugin		CVE-2026-8181	—	May 14, 2026
HIGH CVSS 8.2	EUVD-2026-30232 (CVE-2026-5396) — The Fluent Forms plugin for WordPress is vulnerable to …	plugin		CVE-2026-5396	—	May 14, 2026
MEDIUM CVSS 6.1	EUVD-2026-30236 (CVE-2026-6417) — The GLS Shipping for WooCommerce plugin for WordPress i…	plugin		CVE-2026-6417	—	May 14, 2026
MEDIUM CVSS 6.4	EUVD-2026-30231 (CVE-2026-5243) — The The Plus Addons for Elementor – Addons for Elemento…	plugin		CVE-2026-5243	—	May 14, 2026
MEDIUM CVSS 4.3	LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authentic…	plugin	`learnpress-wordpress-lms-plugin-for-create-and-sell-online-courses`	CVE-2026-7648	—	May 14, 2026
MEDIUM CVSS 6.4	EUVD-2026-30215 (CVE-2026-5361) — The Envira Gallery Lite plugin for WordPress is vulnera…	plugin		CVE-2026-5361	—	May 14, 2026
MEDIUM CVSS 4.3	EUVD-2026-30218 (CVE-2026-7648) — The LearnPress – WordPress LMS Plugin for Create and Se…	plugin		CVE-2026-7648	—	May 14, 2026
MEDIUM CVSS 4.3	EUVD-2026-30217 (CVE-2026-7525) — The My Calendar – Accessible Event Manager plugin for W…	plugin		CVE-2026-7525	—	May 14, 2026
MEDIUM CVSS 6.5	EUVD-2026-30214 (CVE-2026-5486) — The Unlimited Elements for Elementor plugin for WordPre…	plugin		CVE-2026-5486	—	May 14, 2026
MEDIUM CVSS 6.8	WordPress Plugin ultimate-member 2.1.3 Local File Inclusion	plugin	`ultimate-member`	CVE-2020-37169	—	May 13, 2026
MEDIUM CVSS 5.5	CVE-2020-37169 — WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion v…	plugin		CVE-2020-37169	—	May 13, 2026
MEDIUM CVSS 6.8	EUVD-2020-31216 (CVE-2020-37169) — WordPress Plugin ultimate-member 2.1.3 contains a loca…	plugin		CVE-2020-37169	—	May 13, 2026
MEDIUM CVSS 4.3	EUVD-2026-29952 (CVE-2026-4607) — The ProfileGrid – User Profiles, Groups and Communities…	plugin		CVE-2026-4607	—	May 13, 2026
HIGH CVSS 7.1	EUVD-2026-29954 (CVE-2026-4609) — The ProfileGrid – User Profiles, Groups and Communities…	plugin		CVE-2026-4609	—	May 13, 2026
MEDIUM CVSS 6.5	EUVD-2026-29953 (CVE-2026-4608) — The ProfileGrid – User Profiles, Groups and Communities…	plugin		CVE-2026-4608	—	May 13, 2026

…

WordPress VulnerabilityDatabase

WordPress Vulnerability
Database