Exposição de WordPress
Blogs, CMS2.045
score de exposição
2.932.393
sites usam
0
em exploração
174
críticos
CVEs
2.380 resultadosCVE-2025-5394CRITICALAlone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin InstallationEPSS 47.8%CVE-2023-0448MEDIUMThe WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected croEPSS 44.5%CVE-2023-28662CRITICALThe Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerabilitEPSS 42.2%CVE-2023-6505HIGHPrime Mover < 1.9.3 - Directory Listing to Sensitive Data ExposureEPSS 39.9%CVE-2024-4434CRITICALLearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL InjectionEPSS 36.9%CVE-2024-10470CRITICALWPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and DeletionEPSS 34.1%CVE-2025-4380HIGHAds Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File InclusionEPSS 28.2%CVE-2024-2340MEDIUMAvada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory ListingEPSS 28.0%CVE-2023-6389MEDIUMWordPress Toolbar <= 2.2.6 - Open RedirectEPSS 25.7%CVE-2022-29455MEDIUMWordPress Elementor plugin <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerabilityEPSS 23.2%CVE-2021-25076—WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site ScriptingEPSS 19.0%CVE-2021-24867—Backdoored Plugins & Themes from AccessPress ThemesEPSS 18.9%CVE-2025-4322CRITICALMotors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account TakeoverEPSS 16.8%CVE-2025-4094CRITICALDigits < 8.4.6.1 - Auth Bypass via OTP BruteforcingEPSS 16.4%CVE-2021-4374CRITICALWordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options UpdateEPSS 16.4%CVE-2024-6651MEDIUMWordPress File Upload < 4.24.8 - Reflected XSSEPSS 16.4%CVE-2026-8181CRITICALBurst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account TakeoverEPSS 14.6%CVE-2020-11027MEDIUMPassword reset links invalidation issue in WordPressEPSS 13.6%CVE-2024-10392CRITICALAI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File UploadEPSS 13.1%CVE-2021-24915—Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address DisclosureEPSS 12.7%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →