Exposure of WordPress
Blogs, CMS2,045
exposure score
2,932,393
sites use
0
exploited
174
critical
CVEs
2,381 resultsCVE-2021-25067—Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS)EPSS 1.3%CVE-2022-0535—E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)EPSS 1.3%CVE-2021-24910—Transposh WordPress Translation < 1.0.8 - Reflected Cross-Site ScriptingEPSS 1.3%CVE-2022-0255—Database Backup for WordPress < 2.5.1 - Admin+ SQL InjectionEPSS 1.3%CVE-2024-6846MEDIUMSmartSearchWP <= 2.4.4 - Unauthenticated Log PurgeEPSS 1.3%CVE-2022-25602HIGHWordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerabilityEPSS 1.3%CVE-2022-1977—WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRFEPSS 1.3%CVE-2024-11028CRITICALMultiManager WP – Manage All Your WordPress Sites Easily <= 1.0.5 - Authentication Bypass via User ImpersonationEPSS 1.3%CVE-2025-3455HIGH1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File UploadEPSS 1.2%CVE-2022-1800—Export any WordPress data to XML/CSV < 1.3.5 - Admin+ SQL InjectionEPSS 1.2%CVE-2021-4346CRITICALuListing <= 1.6.6 - Unauthenticated Arbitrary Account ChangesEPSS 1.2%CVE-2023-4141HIGHWP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code ExecutionEPSS 1.2%CVE-2023-4142HIGHWP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code ExecutionEPSS 1.2%CVE-2021-24877—MainWP Child < 4.1.8 - Admin+ SQL InjectionEPSS 1.2%CVE-2022-3463CRITICALFluentForm < 4.3.13 - CSV InjectionEPSS 1.2%CVE-2023-7082HIGHWP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCEEPSS 1.2%CVE-2016-15041HIGHMainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site ScriptingEPSS 1.2%CVE-2022-28666MEDIUMWordPress Custom Product Tabs for WooCommerce plugin <= 1.7.7 - Broken Access Control vulnerabilityEPSS 1.2%CVE-2012-10025CRITICALWordPress Plugin Advanced Custom Fields <= 3.5.1 Remote File InclusionEPSS 1.2%CVE-2026-8832HIGHWPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPostEPSS 1.2%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →