4201
CVEs
281
Critical
860
High
0
KEV
317
PoC
1079
Unpatched C/H
4.3%
Patch Rate
0.4%
Avg EPSS
Severity Breakdown
CRITICAL
281
HIGH
860
MEDIUM
2677
LOW
41
Monthly CVE Trend
Affected Products (30)
PHP
3485
Deserialization
103
Woocommerce
39
AI / ML
21
Industrial
19
Open Redirect
17
Ltl Freight Quotes
13
Givewp
9
Ninja Forms
9
Wsdesk
8
Booster For Woocommerce
8
Wp Job Portal
8
Ads Pro
7
Gdpr Cookie Compliance
7
Sureforms
7
Download Manager
7
Everest Forms
6
Forminator Forms
6
Buddyboss Platform
6
Wpbookit
6
Royal Elementor Addons
6
Form Maker
6
Wp Recall
6
School Management System
5
Podlove Podcast Publisher
5
Zoomsounds
5
Profilegrid
5
Wp Project Manager
5
Motors Car Dealer Classifieds Listing
5
Jobcareer
5
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2020-36847 | The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulnerability. Attackers can upload PHP files disguised with image extensions and then rename them back to .php using the plugin's built-in rename functionality, bypassing all upload restrictions. | CRITICAL | 9.8 | 86.1% | 155 |
PoC
|
| CVE-2025-2563 | The User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their account role when the Membership Addon is enabled. This allows unauthenticated users to register with administrator privileges, bypassing all intended access controls. | HIGH | 8.1 | 83.9% | 144 |
PoC
No patch
|
| CVE-2025-34077 | The Pie Register WordPress plugin versions up to 3.7.1.4 contain an authentication bypass that allows unauthenticated attackers to log in as any user including administrators. By submitting a crafted POST request with social_site=true and a target user_id_social_site value, attackers generate valid WordPress sessions for arbitrary accounts. | CRITICAL | 10.0 | 72.4% | 142 |
PoC
No patch
|
| CVE-2020-36849 | The AIT CSV Import/Export WordPress plugin through version 3.0.3 allows unauthorized arbitrary file uploads without file type validation. The upload handler in upload-handler.php is accessible without authentication, enabling remote attackers to deploy PHP webshells and achieve code execution on the WordPress server. | CRITICAL | 9.8 | 72.2% | 141 |
PoC
No patch
|
| CVE-2025-7441 | The StoryChief WordPress plugin through version 1.0.42 contains an unauthenticated arbitrary file upload via the /wp-json/storychief/webhook REST API endpoint. Insufficient file type validation allows attackers to upload executable PHP files, achieving remote code execution on the WordPress server. | CRITICAL | 9.8 | 69.7% | 139 |
PoC
No patch
|
| CVE-2025-13486 | The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accepting user input and then passing that through call_user_func_array(). This makes it possible for unauthenticated attackers to execute arbitrary code on the server, which can be leveraged to inject backdoors or create new administrative user accounts. | CRITICAL | 9.8 | 75.3% | 124 |
No patch
|
| CVE-2020-36848 | The Total Upkeep WordPress backup plugin through version 1.14.9 exposes backup file locations via env-info.php and restore-info.json. Unauthenticated attackers can discover and download complete site backups containing the database, wp-config.php with credentials, and all uploaded files. | HIGH | 7.5 | 56.2% | 114 |
PoC
|
| CVE-2025-2011 | The Depicter Slider & Popup Builder WordPress plugin through version 3.6.1 contains an unauthenticated SQL injection via the 's' search parameter. The insufficient escaping allows attackers to append additional SQL queries, extracting the entire WordPress database without authentication. | HIGH | 7.5 | 52.4% | 110 |
PoC
No patch
|
| CVE-2025-3605 | The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.7%. | CRITICAL | 9.8 | 12.7% | 82 |
PoC
No patch
|
| CVE-2025-8085 | The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.1%. | HIGH | 8.6 | 18.1% | 81 |
PoC
No patch
|
| CVE-2024-6159 | The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 9.8% | 79 |
PoC
No patch
|
| CVE-2025-2907 | The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 9.8% | 79 |
PoC
No patch
|
| CVE-2025-47608 | A remote code execution vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce allows SQL Injection (CVSS 9.3). Risk factors: EPSS 32% exploitation probability. | CRITICAL | 9.3 | 31.8% | 78 |
No patch
|
| CVE-2025-4334 | The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insu | CRITICAL | 9.8 | 29.3% | 78 |
No patch
|
| CVE-2025-6934 | The Opal Estate Pro - Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering. | CRITICAL | 9.8 | 23.6% | 73 |
No patch
|