WordPress Vulnerability Database

Court Reservation – Manage Your Court Bookings Online

High 7.5

2026-05-12< 1.10.12

CVE-2026-1250

Advanced Custom Fields: Extended

Medium 6.5

2026-05-12< 0.9.2.4

CVE-2025-15463

Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend

High 8.5 Unfixed

2026-05-12≤ 3.3.2

CVE-2026-42741

Broadstreet

Medium 5.4

2026-05-12< 1.53.2

CVE-2026-45210

WC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerce

High 8.5

2026-05-12< 4.7.2

CVE-2026-45211

Views for WPForms – Display & Edit WPForms Entries on your site frontend

High 8.5 Unfixed

2026-05-12≤ 3.4.6

CVE-2026-42742

BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net

High 7.6

2026-05-12< 1.1.8

CVE-2026-45213

Asset CleanUp: Page Speed Booster

Medium 5.3

2026-05-12< 1.4.0.4

CVE-2026-45212

Xpro Addons — 140+ Widgets for Elementor

High 8.5

2026-05-12< 1.5.2

CVE-2026-45214

WP Travel – Ultimate Travel Booking System, Tour Management Engine

High 7.7

2026-05-12< 11.5.0

CVE-2026-45218

WP Easy Pay – Payment and Donation form Builder for Square

Medium 5.3

2026-05-12< 4.4.0

CVE-2026-45215

Hustle – Email Marketing, Lead Generation, Optins, Popups

Medium 5.3

2026-05-12< 7.8.10.2

CVE-2026-25431

Essential Real Estate

Medium 5.3 Unfixed

2025-12-16≤ 5.3.2

WordPress Essential Real Estate plugin <= 5.3.2 - Broken Access Control vulnerability

Translate WordPress with ConveyThis – AI Multilingual Plugin

Medium 6.5 Unfixed

2026-02-20≤ 270.3

WordPress ConveyThis plugin <= 269.9 - Broken Access Control vulnerability

Essential Real Estate

Medium 6.5 Unfixed

2025-12-16≤ 5.3.2

WordPress Essential Real Estate plugin <= 5.3.2 - Insecure Direct Object References (IDOR) vulnerability

Court Reservation – Manage Your Court Bookings Online

High 7.1 Unfixed

2026-02-20≤ 1.10.13

WordPress Court Reservation plugin <= 1.10.13 - Cross Site Scripting (XSS) vulnerability

Directorist Booking

Critical 9.3

2026-04-27< 3.0.2

WordPress Directorist Booking plugin < 3.0.2 - SQL Injection vulnerability

Motors – Car Dealership & Classified Listings Plugin

Medium 4.3

2026-05-12< 1.4.104

CVE-2026-1934

WP SEO Structured Data Schema

Medium 4.9 Unfixed

2026-05-12≤ 2.8.1

CVE-2026-3604

Latest Theme Vulnerabilities

View all →

Grand Tour

Critical 9.8 Unfixed

2025-05-23≤ 5.6

CVE-2025-39485

Enzio

High 8.1

2025-05-23< 1.2.6

CVE-2025-31912

Kiamo

High 8.1

2025-05-23< 1.3.6

CVE-2025-31633

Avante

N/A

2026-05-08< 3.0.5

WordPress Avante Theme < 3.0.5 is vulnerable to a medium priority Cross Site Scripting (XSS)

Patchstack Wordfence CVE

Photography

High 7.5 Unfixed

2025-06-06≤ 7.7.2

CVE-2025-47584

CVE EUVD

Krowd

High 8.1

2025-06-09< 1.5.0

CVE-2025-32595

Petito

High 8.1

2025-06-09< 1.6.6

CVE-2025-27362

CVE Patchstack Wordfence EUVD

GiftXtore

High 8.1

2025-06-09< 1.7.7

CVE-2025-28888

CVE Patchstack Wordfence EUVD

FlatNews

High 7.1

2025-06-09< 6.2

CVE-2025-32305

DSK

High 8.1

2025-06-17< 2.4

CVE-2025-24761

PrintXtore

High 8.1

2025-06-27< 1.7.8

CVE-2025-28946

MagOne

High 7.1

2025-06-27< 8.9

CVE-2025-39488

LMS

High 7.1

2025-06-27< 9.3

CVE-2025-52799

Homey

Critical 9.3 Unfixed

2025-06-27≤ 2.4.7

CVE-2025-52834

CVE EUVD Wordfence

Domnoo

High 8.1

2025-06-27< 1.52.1

CVE-2025-52812

LMS

Critical 9.3

2025-07-04< 9.3

CVE-2025-52833

CVE EUVD Wordfence

Red Art

High 8.8

2025-07-04< 3.9

CVE-2025-52828

Pressroom

High 7.1

2025-07-04< 7.1

CVE-2025-32311

Halpes

High 7.1

2025-07-07< 1.2.5

CVE-2024-43334