Wordpress-plugins

This hub aggregates every CVE we track for Wordpress-plugins, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Wordpress-plugins.

• CVE-2026-8118Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 - 1.7.1059 - Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File Source6.5Jun 19, 2026
• CVE-2026-11357Kadence Blocks <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor proData Localization4.3Jun 18, 2026
• CVE-2026-39595WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability4.7Jun 17, 2026
• CVE-2026-12360JetEngine <= 3.8.10.1 - Unauthenticated SQL Injection via Listing Grid Load More AJAX Endpoint7.5Jun 17, 2026
• CVE-2026-41556WordPress ProfilePress plugin <= 4.16.13 - Cross Site Scripting (XSS) vulnerability6.5Jun 15, 2026
• CVE-2026-7665Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler5.3Jun 6, 2026
• CVE-2026-10586Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 6.1.3 - Authenticated (Author+) Server-Side Request Forgery7.2Jun 4, 2026
• CVE-2026-7651User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter5.3May 28, 2026
• CVE-2026-48968WordPress Master Slider plugin <= 3.10.8 - Cross Site Scripting (XSS) vulnerability6.5May 27, 2026
• CVE-2026-42774WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability9.3May 25, 2026
• CVE-2026-6145User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter5.3May 14, 2026
• CVE-2026-6504Royal Addons for Elementor <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Parameter6.4May 14, 2026
• CVE-2026-5193Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user6.5May 14, 2026
• CVE-2026-6214Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook6.5May 7, 2026
• CVE-2026-6222Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter5.3May 7, 2026