| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Known vulnerabilities affecting Wordpress products and systems
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2021-46889 | The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693. | 6.1 |
| 381 |
| Neutral |
| Yes |
| No |
| CVE-2021-46782 | The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scrip... | 6.1 | 381 | Neutral | Yes | No |
| CVE-2021-46781 | The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross... | 6.1 | 381 | Neutral | Yes | No |
| CVE-2021-46780 | The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting | 6.1 | 381 | Neutral | Yes | No |
| CVE-2021-45729 | The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps. | 5.4 | 121 | Neutral | No | Yes |
| CVE-2021-45252 | Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be ... | 9.8 | 827 | Neutral | Yes | No |
| CVE-2021-44779 | Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed. | 9.8 | 717 | Neutral | No | Yes |
| CVE-2021-44777 | Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6). | 4.3 | 163 | Neutral | No | Yes |
| CVE-2021-44760 | Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). | 5.4 | 223 | Neutral | No | Yes |
| CVE-2021-4458 | The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wp_ajax_mec_load_single_page' AJAX action in all versions up to, and including, 6.3.0... | 9.8 | 717 | Neutral | No | Yes |
| CVE-2021-4457 | The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server. | 9.1 | 806 | Neutral | Yes | No |
| CVE-2021-4452 | The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitizati... | 5.4 | 223 | Neutral | No | Yes |
| CVE-2021-4451 | The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization ... | 7.2 | 442 | Neutral | No | Yes |
| CVE-2021-4450 | The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack ... | 8.8 | 673 | Neutral | No | Yes |
| CVE-2021-4449 | The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible... | 9.8 | 827 | Neutral | Yes | No |
| CVE-2021-4448 | The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This ma... | 9.8 | 762 | Neutral | Yes | No |
| CVE-2021-4447 | The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form an... | 8.8 | 617 | Neutral | No | No |
| CVE-2021-4446 | The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it... | 4.3 | 171 | Neutral | No | No |
| CVE-2021-4445 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_di... | 4.3 | 265 | Neutral | Yes | Yes |
| CVE-2021-4436 | The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to uploa... | 9.8 | 827 | Neutral | Yes | No |