269 new vulnerabilities

WordPress Vulnerability
Database

269 known vulnerabilities across plugins, themes and core. Updated daily from multiple sources.

269

Total vulns

Critical

High

173

Medium

Low

263

Plugins

Themes

Core

Closed plugins

269 results

Severity	Title	Type	Slug	CVE	Fixed in	Published
MEDIUM CVSS 4.9	NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.12 - Authenticated (Administrator+…	plugin	`nex-forms-ultimate-forms-plugin-for-wordpress`	CVE-2026-7046	—	May 15, 2026
MEDIUM CVSS 6.4	The7 <= 14.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode '…	theme	`the7-website-and-ecommerce-builder-for-wordpress`	CVE-2026-6646	—	May 15, 2026
MEDIUM CVSS 4.3	EUVD-2026-30519 (CVE-2026-7563) — The Classified Listing – AI-Powered Classified ads & Bu…	plugin		CVE-2026-7563	—	May 15, 2026
MEDIUM CVSS 4.3	EUVD-2026-30520 (CVE-2026-8425) — The Notify Odoo plugin for WordPress is vulnerable to C…	plugin		CVE-2026-8425	—	May 15, 2026
HIGH CVSS 7.5	EUVD-2026-30517 (CVE-2026-6403) — The Quick Playground plugin for WordPress is vulnerable…	plugin		CVE-2026-6403	—	May 15, 2026
MEDIUM CVSS 6.4	EUVD-2026-30521 (CVE-2026-6415) — The Advanced Custom Fields: Font Awesome plugin for Wor…	plugin		CVE-2026-6415	—	May 15, 2026
MEDIUM CVSS 4.9	EUVD-2026-30518 (CVE-2026-7046) — The NEX-Forms – Ultimate Forms Plugin for WordPress plu…	plugin		CVE-2026-7046	—	May 15, 2026
MEDIUM CVSS 6.5	EUVD-2026-30515 (CVE-2026-4683) — The Smartcat Translator for WPML plugin for WordPress i…	plugin		CVE-2026-4683	—	May 15, 2026
HIGH CVSS 8.8	EUVD-2026-30513 (CVE-2026-6228) — The Frontend Admin by DynamiApps plugin for WordPress i…	plugin		CVE-2026-6228	—	May 15, 2026
CRITICAL CVSS 9.8	EUVD-2026-30516 (CVE-2026-5229) — The Form Notify plugin for WordPress is vulnerable to A…	plugin		CVE-2026-5229	—	May 15, 2026
HIGH CVSS 8.1	EUVD-2026-30507 (CVE-2026-4094) — The FOX – Currency Switcher Professional for WooCommerc…	plugin		CVE-2026-4094	—	May 15, 2026
MEDIUM CVSS 6.4	EUVD-2026-30509 (CVE-2026-6646) — The The7 theme for WordPress is vulnerable to Stored Cr…	plugin		CVE-2026-6646	—	May 15, 2026
HIGH CVSS 7.5	Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection	plugin	`mongoose`	CVE-2026-42334	—	May 14, 2026
HIGH CVSS 7.5	EUVD-2026-30349 (CVE-2026-42334) — Mongoose is a MongoDB object modeling tool designed to…	plugin		CVE-2026-42334	—	May 14, 2026
HIGH CVSS 8.1	Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitra…	plugin	`database-backup-for-wordpress`	CVE-2026-4030	—	May 14, 2026
HIGH CVSS 7.5	Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Databas…	plugin	`database-backup-for-wordpress`	CVE-2026-4029	—	May 14, 2026
HIGH CVSS 7.5	Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Databas…	plugin	`database-backup-for-wordpress`	CVE-2026-4031	—	May 14, 2026
HIGH CVSS 7.5	CVE-2026-4031 — The Database Backup for WordPress plugin for WordPress is vulnerable to a…	plugin		CVE-2026-4031	—	May 14, 2026
HIGH CVSS 8.1	CVE-2026-4030 — The Database Backup for WordPress plugin for WordPress is vulnerable to u…	plugin		CVE-2026-4030	—	May 14, 2026
HIGH CVSS 7.5	CVE-2026-4029 — The Database Backup for WordPress plugin for WordPress is vulnerable to u…	plugin		CVE-2026-4029	—	May 14, 2026
HIGH CVSS 7.5	EUVD-2026-30272 (CVE-2026-4029) — The Database Backup for WordPress plugin for WordPress …	plugin		CVE-2026-4029	—	May 14, 2026
HIGH CVSS 8.1	EUVD-2026-30273 (CVE-2026-4030) — The Database Backup for WordPress plugin for WordPress …	plugin		CVE-2026-4030	—	May 14, 2026
HIGH CVSS 7.5	EUVD-2026-30274 (CVE-2026-4031) — The Database Backup for WordPress plugin for WordPress …	plugin		CVE-2026-4031	—	May 14, 2026
CRITICAL CVSS 9.1	EUVD-2026-30262 (CVE-2026-6512) — The InfusedWoo Pro plugin for WordPress is vulnerable t…	plugin		CVE-2026-6512	—	May 14, 2026
MEDIUM CVSS 6.4	EUVD-2026-30261 (CVE-2026-6504) — The Royal Elementor Addons and Templates plugin for Wor…	plugin		CVE-2026-6504	—	May 14, 2026
MEDIUM CVSS 5.3	EUVD-2026-30257 (CVE-2026-6145) — The User Registration & Membership plugin for WordPress…	plugin		CVE-2026-6145	—	May 14, 2026
MEDIUM CVSS 6.4	EUVD-2026-30259 (CVE-2026-6174) — The CC Child Pages plugin for WordPress is vulnerable t…	plugin		CVE-2026-6174	—	May 14, 2026
MEDIUM CVSS 5.3	EUVD-2026-30260 (CVE-2026-6206) — The MW WP Form plugin for WordPress is vulnerable to In…	plugin		CVE-2026-6206	—	May 14, 2026
HIGH CVSS 7.5	EUVD-2026-30263 (CVE-2026-6514) — The InfusedWoo Pro plugin for WordPress is vulnerable t…	plugin		CVE-2026-6514	—	May 14, 2026
CRITICAL CVSS 9.8	Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover	plugin	`burst-statistics-privacy-friendly-wordpress-analytics-google-analytics-alternative`	CVE-2026-8181	—	May 14, 2026
MEDIUM CVSS 6.5	EUVD-2026-30256 (CVE-2026-6670) — The Media Sync plugin for WordPress is vulnerable to Pa…	plugin		CVE-2026-6670	—	May 14, 2026
MEDIUM CVSS 6.4	EUVD-2026-30252 (CVE-2026-6252) — The Meta Field Block plugin for WordPress is vulnerable…	plugin		CVE-2026-6252	—	May 14, 2026
HIGH CVSS 7.2	EUVD-2026-30246 (CVE-2026-3718) — The ManageWP Worker plugin for WordPress is vulnerable …	plugin		CVE-2026-3718	—	May 14, 2026
HIGH CVSS 8.2	EUVD-2026-30250 (CVE-2026-5395) — The Fluent Forms – Customizable Contact Forms, Survey, …	plugin		CVE-2026-5395	—	May 14, 2026
MEDIUM CVSS 6.4	EUVD-2026-30244 (CVE-2026-3694) — The Bold Page Builder plugin for WordPress is vulnerabl…	plugin		CVE-2026-3694	—	May 14, 2026
MEDIUM CVSS 4.3	EUVD-2026-30249 (CVE-2026-5365) — The LatePoint plugin for WordPress is vulnerable to Cro…	plugin		CVE-2026-5365	—	May 14, 2026
HIGH CVSS 8.8	EUVD-2026-30254 (CVE-2026-6506) — The InfusedWoo Pro plugin for WordPress is vulnerable t…	plugin		CVE-2026-6506	—	May 14, 2026
MEDIUM CVSS 6.5	EUVD-2026-30248 (CVE-2026-5193) — The Essential Addons for Elementor – Popular Elementor …	plugin		CVE-2026-5193	—	May 14, 2026
HIGH CVSS 8.1	EUVD-2026-30247 (CVE-2026-3892) — The Motors – Car Dealership & Classified Listings Plugi…	plugin		CVE-2026-3892	—	May 14, 2026
MEDIUM CVSS 6.5	EUVD-2026-30251 (CVE-2026-6225) — The Taskbuilder – Project Management & Task Management …	plugin		CVE-2026-6225	—	May 14, 2026
CRITICAL CVSS 9.8	EUVD-2026-30255 (CVE-2026-6510) — The InfusedWoo Pro plugin for WordPress is vulnerable t…	plugin		CVE-2026-6510	—	May 14, 2026
CRITICAL CVSS 9.8	EUVD-2026-30253 (CVE-2026-6271) — The Career Section plugin for WordPress is vulnerable t…	plugin		CVE-2026-6271	—	May 14, 2026
MEDIUM CVSS 6.1	EUVD-2025-209837 (CVE-2025-15345) — The MapGeo – Interactive Geo Maps plugin for WordPres…	plugin		CVE-2025-15345	—	May 14, 2026
MEDIUM CVSS 5.4	EUVD-2026-30228 (CVE-2026-3829) — The WP Encryption – One Click Free SSL Certificate & SS…	plugin		CVE-2026-3829	—	May 14, 2026
CRITICAL CVSS 9.8	EUVD-2026-30242 (CVE-2026-8181) — The Burst Statistics – Privacy-Friendly WordPress Analy…	plugin		CVE-2026-8181	—	May 14, 2026
MEDIUM CVSS 6.1	EUVD-2026-30236 (CVE-2026-6417) — The GLS Shipping for WooCommerce plugin for WordPress i…	plugin		CVE-2026-6417	—	May 14, 2026
HIGH CVSS 8.2	EUVD-2026-30232 (CVE-2026-5396) — The Fluent Forms plugin for WordPress is vulnerable to …	plugin		CVE-2026-5396	—	May 14, 2026
MEDIUM CVSS 6.4	EUVD-2026-30231 (CVE-2026-5243) — The The Plus Addons for Elementor – Addons for Elemento…	plugin		CVE-2026-5243	—	May 14, 2026
MEDIUM CVSS 4.3	LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authentic…	plugin	`learnpress-wordpress-lms-plugin-for-create-and-sell-online-courses`	CVE-2026-7648	—	May 14, 2026
MEDIUM CVSS 6.4	EUVD-2026-30215 (CVE-2026-5361) — The Envira Gallery Lite plugin for WordPress is vulnera…	plugin		CVE-2026-5361	—	May 14, 2026

…

WordPress VulnerabilityDatabase

WordPress Vulnerability
Database