CVE

Security vulnerability reports and CVE analysis for WordPress plugins, themes, and core.

41 articles

CVE 6 min read

CVE-2026-4123 Branda Account Takeover. A critical privilege escalation vulnerability has been discovered in the Branda plugin for WordPress,…

April 24, 2026 Read More

CVE 6 min read

A critical authentication bypass CVE-2026-4119 Create DB Tables vulnerability vulnerability has been discovered in the Comments WordPress plugin,…

April 24, 2026 Read More

CVE 3 min read

If you run a WordPress site using the WebStack theme, there is no patch available for a critical…

April 24, 2026 Read More

CVE 2 min read

CVE-2026-4119 Create DB Tables. A critical authorization bypass vulnerability affects the Create DB Tables WordPress plugin. The disclosure…

April 23, 2026 Read More

CVE 4 min read

A critical SQL injection flaw (CVSS 9.6) in the Contact Form CFDB7 Database Addon plugin allows unauthenticated attackers…

April 23, 2026 Read More

CVE 4 min read

On April 6, 2026, Wordfence publicly disclosed a critical unauthenticated arbitrary file upload vulnerability in the Ninja Forms…

April 22, 2026 Read More

CVE 6 min read

A missing return-value check in WPvivid Backup and Migration turned a failed RSA decryption into an unauthenticated remote…

April 20, 2026 Read More

CVE 5 min read

A privilege escalation flaw in LatePoint lets users with the Agent role rebind customer records to the site…

April 17, 2026 Read More

CVE 3 min read

A path traversal vulnerability in The Events Calendar (CVE-2026-3585) shows how a skipped update and a lingering author…

April 16, 2026 Read More

CVE 3 min read

A CVSS 9.8 Remote Code Execution flaw in Advanced Custom Fields: Extended left 100,000 WordPress sites open to…

April 15, 2026 Read More