212 new vulnerabilities

WordPress Vulnerability
Database

212 known vulnerabilities across plugins, themes and core. Updated daily from multiple sources.

212

Total vulns

Critical

High

145

Medium

Low

207

Plugins

Themes

Core

Closed plugins

212 results

Severity	Title	Type	Slug	CVE	Fixed in	Published
MEDIUM CVSS 6.8	EUVD-2020-31216 (CVE-2020-37169) — WordPress Plugin ultimate-member 2.1.3 contains a loca…	plugin		CVE-2020-37169	—	May 13, 2026
MEDIUM CVSS 6.8	WordPress Plugin ultimate-member 2.1.3 Local File Inclusion	plugin	`ultimate-member`	CVE-2020-37169	—	May 13, 2026
MEDIUM CVSS 5.5	CVE-2020-37169 — WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion v…	plugin		CVE-2020-37169	—	May 13, 2026
MEDIUM CVSS 4.3	EUVD-2026-29952 (CVE-2026-4607) — The ProfileGrid – User Profiles, Groups and Communities…	plugin		CVE-2026-4607	—	May 13, 2026
HIGH CVSS 7.1	EUVD-2026-29954 (CVE-2026-4609) — The ProfileGrid – User Profiles, Groups and Communities…	plugin		CVE-2026-4609	—	May 13, 2026
MEDIUM CVSS 6.5	EUVD-2026-29953 (CVE-2026-4608) — The ProfileGrid – User Profiles, Groups and Communities…	plugin		CVE-2026-4608	—	May 13, 2026
MEDIUM CVSS 5.3	CVE-2026-2515 — The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for…	plugin		CVE-2026-2515	—	May 13, 2026
HIGH CVSS 7.2	EUVD-2026-29945 (CVE-2026-6177) — The Custom Twitter Feeds plugin for WordPress is vulner…	plugin		CVE-2026-6177	—	May 13, 2026
HIGH CVSS 8.8	EUVD-2026-29937 (CVE-2026-3425) — The RTMKit Addons for Elementor plugin for WordPress is…	plugin		CVE-2026-3425	—	May 13, 2026
MEDIUM CVSS 4.3	EUVD-2026-29938 (CVE-2026-3426) — The RTMKit Addons for Elementor plugin for WordPress is…	plugin		CVE-2026-3426	—	May 13, 2026
MEDIUM CVSS 5.3	Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integrati…	plugin	`hostinger-reach-ai-powered-email-marketing-for-wordpress`	CVE-2026-2515	—	May 13, 2026
MEDIUM CVSS 6.5	EUVD-2026-29933 (CVE-2026-4782) — The Avada Builder plugin for WordPress is vulnerable to…	plugin		CVE-2026-4782	—	May 13, 2026
HIGH CVSS 7.5	EUVD-2026-29934 (CVE-2026-4798) — The Avada Builder plugin for WordPress is vulnerable to…	plugin		CVE-2026-4798	—	May 13, 2026
MEDIUM CVSS 5.3	EUVD-2026-29918 (CVE-2026-2515) — The Hostinger Reach – AI-Powered Email Marketing for Wo…	plugin		CVE-2026-2515	—	May 13, 2026
MEDIUM CVSS 5.5	EUVD-2025-209823 (CVE-2025-14767) — The WPC Badge Management for WooCommerce plugin for W…	plugin		CVE-2025-14767	—	May 13, 2026
MEDIUM CVSS 6.4	EUVD-2026-29916 (CVE-2026-3004) — The Snow Monkey Blocks plugin for WordPress is vulnerab…	plugin		CVE-2026-3004	—	May 13, 2026
HIGH CVSS 8.1	coreActivity: Activity Logging for WordPress <= 3.0 - Unauthenticated PHP Object Injectio…	plugin	`coreactivity-activity-logging-for-wordpress`	CVE-2026-7635	—	May 13, 2026
MEDIUM CVSS 6.5	Charitable <= 1.8.10.4 - Authenticated (Custom+) SQL Injection via 's' Search Parameter	plugin	`charitable-donation-plugin-for-wordpress-fundraising-with-recurring-donations-more`	CVE-2026-7619	—	May 13, 2026
MEDIUM CVSS 5.3	EUVD-2026-29914 (CVE-2026-6965) — The Tutor LMS – eLearning and online course solution pl…	plugin		CVE-2026-6965	—	May 13, 2026
MEDIUM CVSS 5.3	EUVD-2025-209822 (CVE-2025-14033) — The ilGhera Support System for WooCommerce plugin for…	plugin		CVE-2025-14033	—	May 13, 2026
HIGH CVSS 7.5	EUVD-2026-29913 (CVE-2026-6929) — The JoomSport – for Sports: Team & League, Football, Ho…	plugin		CVE-2026-6929	—	May 13, 2026
HIGH CVSS 8.1	CVE-2026-7635 — The coreActivity: Activity Logging for WordPress plugin for WordPress is …	plugin		CVE-2026-7635	—	May 13, 2026
MEDIUM CVSS 4.4	EUVD-2025-209820 (CVE-2025-9989) — The Broadstreet plugin for WordPress is vulnerable to …	plugin		CVE-2025-9989	—	May 13, 2026
MEDIUM CVSS 6.4	EUVD-2026-29897 (CVE-2026-6828) — The Fluent Forms – Customizable Contact Forms, Survey, …	plugin		CVE-2026-6828	—	May 13, 2026
MEDIUM CVSS 5.4	EUVD-2026-29899 (CVE-2026-7051) — The Blog2Social: Social Media Auto Post & Scheduler plu…	plugin		CVE-2026-7051	—	May 13, 2026
MEDIUM CVSS 5.3	EUVD-2025-209818 (CVE-2025-9987) — The Broadstreet plugin for WordPress is vulnerable to …	plugin		CVE-2025-9987	—	May 13, 2026
MEDIUM CVSS 6.4	EUVD-2026-29898 (CVE-2026-6962) — The Cost of Goods: Product Cost & Profit Calculator for…	plugin		CVE-2026-6962	—	May 13, 2026
HIGH CVSS 8.1	EUVD-2026-29901 (CVE-2026-7635) — The coreActivity: Activity Logging for WordPress plugin…	plugin		CVE-2026-7635	—	May 13, 2026
MEDIUM CVSS 6.5	EUVD-2026-29900 (CVE-2026-7619) — The Charitable – Donation Plugin for WordPress – Fundra…	plugin		CVE-2026-7619	—	May 13, 2026
MEDIUM CVSS 4.3	EUVD-2025-209819 (CVE-2025-9988) — The Broadstreet plugin for WordPress is vulnerable to …	plugin		CVE-2025-9988	—	May 13, 2026
MEDIUM CVSS 5.3	EUVD-2025-209816 (CVE-2025-14755) — The Cost Calculator Builder plugin for WordPress is v…	plugin		CVE-2025-14755	—	May 13, 2026
HIGH CVSS 7.1	MonsterInsights <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitiv…	plugin	`monsterinsights-google-analytics-dashboard-for-wordpress-website-stats-made-easy`	CVE-2026-5371	—	May 13, 2026
MEDIUM CVSS 6.5	EUVD-2025-209809 (CVE-2025-15463) — The The Advanced Custom Fields: Extended plugin for W…	plugin		CVE-2025-15463	—	May 12, 2026
HIGH CVSS 7.5	EUVD-2026-29871 (CVE-2026-1250) — The Court Reservation – Manage Your Court Bookings Onli…	plugin		CVE-2026-1250	—	May 12, 2026
HIGH CVSS 7.1	EUVD-2026-29886 (CVE-2026-5371) — The MonsterInsights – Google Analytics Dashboard for Wo…	plugin		CVE-2026-5371	—	May 12, 2026
MEDIUM CVSS 6.1	Tm – WordPress Redirection <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scrip…	plugin	`tm-wordpress-redirection`	CVE-2026-7561	—	May 12, 2026
MEDIUM CVSS 4.4	EUVD-2026-29444 (CVE-2026-6813) — The Continually plugin for WordPress is vulnerable to S…	plugin		CVE-2026-6813	—	May 12, 2026
MEDIUM CVSS 4.4	EUVD-2026-29443 (CVE-2026-6800) — The FastBots plugin for WordPress is vulnerable to Stor…	plugin		CVE-2026-6800	—	May 12, 2026
MEDIUM CVSS 4.3	EUVD-2026-29422 (CVE-2026-1934) — The Motors – Car Dealership & Classified Listings plugi…	plugin		CVE-2026-1934	—	May 12, 2026
MEDIUM CVSS 6.4	EUVD-2026-29388 (CVE-2026-2300) — The BJ Lazy Load plugin for WordPress is vulnerable to …	plugin		CVE-2026-2300	—	May 12, 2026
MEDIUM CVSS 6.1	EUVD-2026-29415 (CVE-2026-7464) — The WP Google Maps Integration plugin for WordPress is …	plugin		CVE-2026-7464	—	May 12, 2026
MEDIUM CVSS 6.4	EUVD-2026-29402 (CVE-2026-6247) — The scratchblocks for WP plugin for WordPress is vulner…	plugin		CVE-2026-6247	—	May 12, 2026
MEDIUM CVSS 6.5	EUVD-2026-29397 (CVE-2026-5028) — The Eight Day Week Print Workflow plugin for WordPress …	plugin		CVE-2026-5028	—	May 12, 2026
MEDIUM CVSS 6.4	EUVD-2026-29403 (CVE-2026-6256) — The Credits Shortcode plugin for WordPress is vulnerabl…	plugin		CVE-2026-6256	—	May 12, 2026
MEDIUM CVSS 4.3	EUVD-2026-29409 (CVE-2026-6710) — The Skysa Text Ticker App plugin for WordPress is vulne…	plugin		CVE-2026-6710	—	May 12, 2026
MEDIUM CVSS 5.3	EUVD-2026-29399 (CVE-2026-5693) — The Smart Appointment & Booking plugin for WordPress is…	plugin		CVE-2026-5693	—	May 12, 2026
MEDIUM CVSS 4.3	EUVD-2026-29412 (CVE-2026-6932) — The Woo Commerce Minimum Weight plugin for WordPress is…	plugin		CVE-2026-6932	—	May 12, 2026
MEDIUM CVSS 5.3	EUVD-2026-29394 (CVE-2026-4663) — The iPOSpays Gateways WC plugin for WordPress is vulner…	plugin		CVE-2026-4663	—	May 12, 2026
MEDIUM CVSS 4.3	EUVD-2026-29408 (CVE-2026-6709) — The Coinbase Commerce for Contact Form 7 plugin for Wor…	plugin		CVE-2026-6709	—	May 12, 2026
MEDIUM CVSS 6.4	EUVD-2026-29400 (CVE-2026-5715) — The Voyage Plus plugin for WordPress is vulnerable to S…	plugin		CVE-2026-5715	—	May 12, 2026

…

WordPress VulnerabilityDatabase

WordPress Vulnerability
Database