Exposure of WordPress
Blogs, CMS2,045
exposure score
2,932,393
sites use
0
exploited
174
critical
CVEs
2,380 resultsCVE-2022-23988—WS Form < 1.8.176 - Unauthenticated Stored Cross-Site ScriptingEPSS 2.2%CVE-2024-13496HIGHGamiPress <= 7.3.1 - Unauthenticated SQL Injection via orderby ParameterEPSS 2.2%CVE-2024-12824CRITICALNokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password ChangeEPSS 2.2%CVE-2015-4617—Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying fEPSS 2.2%CVE-2020-11029MEDIUMCross-site scripting in stats method (object cache) in WordPressEPSS 2.1%CVE-2019-1010209—GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload EPSS 2.1%CVE-2022-33901MEDIUMWordPress MultiSafepay plugin for WooCommerce plugin <= 4.13.1 - Unauthenticated Arbitrary File Read vulnerabilityEPSS 2.1%CVE-2021-36879CRITICALWordPress uListing plugin <= 2.0.5 - Unauthenticated Privilege Escalation vulnerabilityEPSS 2.1%CVE-2024-13346HIGHAvada Theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 2.1%CVE-2020-11026HIGHSpecially crafted filenames in WordPress leading to XSSEPSS 2.1%CVE-2021-36880HIGHWordPress uListing plugin <= 2.0.3 - Unauthenticated SQL Injection (SQLi) vulnerabilityEPSS 2.1%CVE-2021-39200MEDIUMInformation Disclosure in wp_die() via JSONP in wordpressEPSS 2.1%CVE-2017-1002028—Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php EPSS 2.0%CVE-2022-0208—MapPress Maps for WordPress < 2.73.4 - Reflected Cross-Site scriptingEPSS 2.0%CVE-2022-0254—Zero Spam < 5.2.11 - Admin+ SQL InjectionEPSS 2.0%CVE-2022-0633—UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup DownloadEPSS 2.0%CVE-2020-5768—Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WEPSS 2.0%CVE-2025-11693CRITICALExport WP Page to Static HTML & PDF <= 4.3.4 - Unauthenticated Cookie Exposure via Log FileEPSS 2.0%CVE-2021-36917MEDIUMWordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated Plugin Deactivation vulnerabilityEPSS 1.9%CVE-2021-24221—Quiz And Survey Master < 7.1.12 - Authenticated SQL injection via shortcodeEPSS 1.9%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →