Exploit Directory: WordPress (38)
Litespeed Cache WordPress Plugin 6.3.0.1 – Privilege Escalation
High CVE-2024-28000 php Milad karimi 2025-06-15
view exploit
WordPress User Registration & Membership Plugin 4.1.2 – Authentication Bypass
High CVE-2025-2594 multiple Mohammed Idrees Banyamer 2025-05-25
view exploit
WordPress Frontend Login and Registration Blocks Plugin 1.0.7 – Privilege Escalation
High CVE-2025-3605 multiple Md Shoriful Islam 2025-05-13
view exploit
WordPress Depicter Plugin 3.6.1 – SQL Injection
Critical CVE-2025-2011 multiple Andrew Long 2025-05-09
view exploit
WordPress Core 6.2 – Directory Traversal
High CVE-2023-2745 php Milad karimi 2025-04-22
view exploit
LearnPress WordPress LMS Plugin 4.2.7 – SQL Injection
Critical CVE-2024-8522 php Francisco Moraga (BTshell) 2025-04-11
view exploit
WordPress User Registration & Membership Plugin 4.1.1 – Unauthenticated Privilege Escalation
High multiple Al Baradi Joy 2025-04-08
view exploit
WordPress Theme XStore 9.3.8 – SQLi
High CVE-2024-33559 php Abdualhadi khalifa 2024-05-19
view exploit
WordPress Plugin Background Image Cropper v1.2 – Remote Code Execution
Critical php Milad karimi 2024-04-21
view exploit
WordPress Plugin Playlist for Youtube 1.32 – Stored Cross-Site Scripting (XSS)
Medium php Erdemstar 2024-04-12
view exploit
WordPress Plugin WP Video Playlist 1.1.1 – Stored Cross-Site Scripting (XSS)
Medium php Erdemstar 2024-04-12
view exploit
WordPress Theme Travelscape v1.0.3 – Arbitrary File Upload
Critical php Milad karimi 2024-04-08
view exploit
WordPress Plugin Alemha Watermarker 1.3.1 – Stored Cross-Site Scripting (XSS)
Medium php Erdemstar 2024-04-03
view exploit
WordPress Plugin – Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)
Critical CVE-2022-4395 php Milad karimi 2024-04-02
view exploit
WordPress File Upload Plugin < 4.23.3 - Stored XSS
Medium php Faiyaz Ahmad 2024-03-18
view exploit
WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover
High php Dmitrii Ignatyev 2024-03-11
view exploit
Neontext WordPress Plugin – Stored XSS
Medium php Eren Car 2024-03-05
view exploit
WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 – _Dashboard Redirect_ field Stored Cross-Site Scripting (XSS)
Medium php Rachit Arora 2024-02-28
view exploit
WordPress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)
Critical php Leopoldo Angulo (leoanggal1) 2024-02-27
view exploit
WordPress Augmented-Reality – Remote Code Execution Unauthenticated
Critical php Milad karimi 2024-02-09
view exploit
WordPress Seotheme – Remote Code Execution Unauthenticated
Critical php Milad karimi 2024-02-09
view exploit
Media Library Assistant WordPress Plugin – RCE and LFI
High CVE-2023-4634 php Florent MONTEL 2023-10-09
view exploit
WordPress Plugin Masterstudy LMS – 3.0.17 – Unauthenticated Instructor Account Creation
High CVE-2023-4278 php Revan Arifio 2023-10-09
view exploit
WordPress Sonaar Music Plugin 4.7 – Stored XSS
Medium php Furkan Karaarslan 2023-10-09
view exploit
WordPress Plugin Elementor 3.5.5 – Iframe Injection
High CVE-2022-4953 php Miguel Santareno 2023-09-08
view exploit
WordPress adivaha Travel Plugin 2.3 – Reflected XSS
Medium php CraCkEr 2023-08-04
view exploit
WordPress adivaha Travel Plugin 2.3 – SQL Injection
Critical php CraCkEr 2023-08-04
view exploit
WordPress Plugin EventON Calendar 4.4 – Unauthenticated Event Access
High CVE-2023-2796 php Miguel Santareno 2023-08-04
view exploit
WordPress Plugin EventON Calendar 4.4 – Unauthenticated Post Access via IDOR
High CVE-2023-3219 php Miguel Santareno 2023-08-04
view exploit
WordPress Plugin Forminator 1.24.6 – Unauthenticated Remote Command Execution
High php Mehmet Kelepçe 2023-08-04
view exploit
WordPress Plugin Ninja Forms 3.6.25 – Reflected XSS
Medium CVE-2023-37979 php Mehran Seifalinia 2023-08-04
view exploit
WordPress Plugin AN_Gradebook 5.0.1 – SQLi
High Verified CVE-2023-2636 php Lukas Kinneberg 2023-07-28
view exploit
WordPress Theme Medic v1.0.0 – Weak Password Recovery Mechanism for Forgotten Password
High CVE-2020-11027 php Amirhossein Bahramizadeh 2023-06-19
view exploit
WordPress Theme Workreap 2.2.2 – Unauthenticated Upload Leading to Remote Code Execution
Critical CVE-2021-24499 php Mohammad Hossein Khanaki 2023-06-09
view exploit
WordPress Plugin Backup Migration 1.2.8 – Unauthenticated Database Backup
High php Wadeek 2023-05-23
view exploit
Paid Memberships Pro v2.9.8 (WordPress Plugin) – Unauthenticated SQL Injection
Critical Verified CVE-2023-23488 php r3nt0n 2023-04-03
view exploit
NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi
High Verified CVE-2022-3142 php Elias Hohl 2023-03-25
view exploit
Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection
Critical Verified CVE-2022-3141 php Elias Hohl 2023-03-25
view exploit