wpforoarbitrary-file-deletion
CVE-2026-5809: wpForo Forum's Unpatched Arbitrary File Deletion Is a Serious Problem
Apr 13, 2026·6 min read
Free WordPress Security Audit
Is Your WordPress Site
Actually Safe?
Enter your site URL. We'll detect every plugin, check for known vulnerabilities, and score your security posture — in seconds.
55,000+
Plugins tracked
34K+
CVEs indexed
10M+
Active installs analyzed
Daily
Data refresh
Highest Risk
Highest Risk Plugins
Active installs × vulnerability severity — the plugins putting the most sites at risk right now.
LiteSpeed Cache
litespeed-cache
B
82
All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...
7.0M 18 CVEs
WooCommerce
woocommerce
A
87
Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.
7.0M 43 CVEs
Elementor Website Builder – more than just a page builder
elementor
A
88
The Elementor Website Builder has it all: drag and drop page builder, Atomic Editor, pixel perfect design, global and reusable style systems, mobile r …
10.0M 49 CVEs
Hosting Providers
WordPress Hosting Market Share
Real-world hosting distribution from our crawl data — see who powers the WordPress ecosystem.
CVE Database
Latest Vulnerabilities
Recently disclosed CVEs affecting the WordPress ecosystem.
vulnerability-feed — live
| CVE ID | Type | Severity |
|---|---|---|
| CVE-2026-4160 | Authorization Bypass Through User-Controlled Key | medium |
| CVE-2026-3369 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | medium |
| CVE-2026-3155 | Missing Authorization | low |
| CVE-2026-3489 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | high |
| CVE-2026-0718 | Missing Authorization | medium |
| CVE-2025-14868 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | high |
| CVE-2026-3876 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | high |
| CVE-2026-3875 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | medium |
Most Popular
Top Plugins by Installs
The most widely deployed WordPress plugins — security-scored and monitored daily.
Elementor Website Builder – more than just a page builder
elementor
A
88
The Elementor Website Builder has it all: drag and drop page builder, Atomic Editor, pixel perfect design, global and reusable style systems, mobile r …
10.0M 49 CVEs
Yoast SEO – Advanced SEO with real-time guidance and built-in AI
wordpress-seo
A
89
Improve your SEO with real-time feedback, schema, and clear guidance. Upgrade for AI tools, Google Docs integration, and 24/7 support, no hidden fees.
10.0M 18 CVEs
Contact Form 7
contact-form-7
A
92
Just another contact form plugin. Simple but flexible.
10.0M 8 CVEs
Classic Editor
classic-editor
A
100
Enables the previous "classic" editor and the old-style Edit Post screen with TinyMCE, Meta Boxes, etc. Supports all plugins that extend this screen.
9.0M No CVEs
LiteSpeed Cache
litespeed-cache
B
82
All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...
7.0M 18 CVEs
WooCommerce
woocommerce
A
87
Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.
7.0M 43 CVEs
Research & Insights
Latest from the Blog
Research, deep dives, and insights on WordPress security.
WordPress Plugin
See security scores
inside your admin.
Install the free WP-Safety plugin and get color-coded security scores, CVE badges, and unpatched vulnerability warnings for every plugin — right in your WordPress dashboard. No registration required.
Plugins
Yoast SEO
WooCommerce
Elementor
LiteSpeed Cache
Starter Templates
Get Started
See it on a real plugin.
Pick anything from the directory. Every plugin gets the full treatment — vulnerabilities, code analysis, real-world exposure, and a transparent score breakdown.