Live vulnerability tracking

WordPress security
alerts that matter

Get notified the moment a vulnerability is found in WordPress core, your plugins, or your theme. Free newsletter + personalised alerts for your sites.

I agree to receive the WP Alerts newsletter and accept the Privacy Policy.

Double opt-in · GDPR compliant · Unsubscribe anytime

Security overview Last 7 days

Critical

High

183

Medium

Subscribers

294 total vulnerabilities tracked

Everything you need to stay secure

One platform for all WordPress security intelligence.

🔍

Site Scanner

Scan any WordPress site to detect installed plugins, themes and core version — then instantly check for known vulnerabilities.

📬

Daily Newsletter

Receive a curated daily digest of new WordPress vulnerabilities. Critical issues get their own immediate alert.

🎯

Personalized Alerts

Monitor your specific sites. Get an email only when a vulnerability affects plugins or themes you actually use.

🚫

Closed Plugin Tracker

Track plugins removed from the WordPress.org repository — often a sign of a serious security issue.

🔗

WP Plugin Integration

Install our free WordPress plugin on your site for automatic detection of all installed components — no manual URL entry.

🛡️

GDPR Compliant

Double opt-in, transparent data use, easy one-click unsubscribe. Your data stays in the EU. No tracking.

Latest vulnerabilities

Most recent WordPress security issues from all sources.

Scan your site →

5.1

WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component

MEDIUM Theme theme-wibar CVE-2020-37235 May 16, 2026

5.1

WordPress Plugin Buddypress 6.2.0 Persistent Cross-Site Scripting

MEDIUM Plugin buddypress CVE-2020-37233 May 16, 2026

6.4

CVE-2020-37235 — WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand compon

MEDIUM Theme CVE-2020-37235 May 16, 2026

6.4

CVE-2020-37233 — WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allo

MEDIUM Plugin CVE-2020-37233 May 16, 2026

5.1

EUVD-2021-34825 (CVE-2021-47957) — Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerability that …

MEDIUM Plugin CVE-2021-47957 May 16, 2026

5.1

EUVD-2020-31237 (CVE-2020-37235) — WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerabilit…

MEDIUM Plugin CVE-2020-37235 May 16, 2026

5.1

EUVD-2020-31235 (CVE-2020-37233) — WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vu…

MEDIUM Plugin CVE-2020-37233 May 16, 2026

4.3

EUVD-2025-209886 (CVE-2025-4202) — The Multicollab: Content Team Collaboration and Editorial Workflow plugin for W…

MEDIUM Plugin CVE-2025-4202 May 16, 2026

5.3

EUVD-2026-30669 (CVE-2026-8681) — The Essential Chat Support plugin for WordPress is vulnerable to authorization …

MEDIUM Plugin CVE-2026-8681 May 16, 2026

4.9

NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.12 - Authenticated (Administrator+) SQL Injection via 'table' Parameter

MEDIUM Plugin nex-forms-ultimate-forms-plugin-for-wordpress CVE-2026-7046 May 15, 2026

Recently removed from WordPress.org

These plugins were closed/removed from the repository.

🚫

epic-gallery

epic-gallery