Feed live

The CMS vulnerability ledger.

Every published CVE that touches a CMS, plugin, theme, or page builder — indexed, scored, and cross-referenced against the components running on your sites.

Total CVEs tracked
338,519
All time
Critical · Active
10,779
CVSS ≥ 9.0
New · 14 days
2,522
Newly disclosed
Feed last synced
1 hr ago
Data freshness

What we track

Every CMS CVE. One place.

A CVE is a public record for a known security vulnerability. Each one gets a unique ID, a plain-language description of the problem, and a CVSS score that shows how serious it is. CVE numbers are assigned by MITRE and synced with NIST's National Vulnerability Database (NVD), so they appear consistently across security tools, advisories, and patch notes.

This database covers every CVE that affects a content management system: WordPress, Joomla, Drupal, Magento, TYPO3, WooCommerce, Elementor, Divi, and the thousands of plugins, themes, and extensions built on top of them. It is not a general-purpose vulnerability database. It covers the software layer that runs websites, so site owners, developers, and security teams can quickly check whether something on their sites has a known vulnerability.

The feed pulls from official CVE sources and is updated continuously. The "Feed last synced" counter above shows how old the newest record in the database is. When it says "3 hrs ago", every CVE published in the past three hours is already searchable here. New CVEs usually show up within minutes of NVD publication.

Understanding severity

What the CVSS score means

Every CVE gets a CVSS 3.x score from 0 to 10. The score is calculated from six factors: whether the attack works over the network or needs physical access, how complex the exploit is, whether the attacker needs an existing account, whether a victim has to take some action, and the potential impact on confidentiality, integrity, and availability.

Critical 9.0–10.0 Remote, no auth, max impact
High 7.0–8.9 Serious, remotely exploitable
Medium 4.0–6.9 Often requires auth or conditions
Low 0.1–3.9 Limited exploitability or impact

Some CVEs are published without a CVSS score and updated by NVD analysts days or weeks later. Entries without a score show a dash until scoring is complete.

How this differs from NVD and Wordfence

The NVD covers everything: server operating systems, networking hardware, enterprise applications, IoT firmware. That makes it slow and noisy when you only care about CMS vulnerabilities. Wordfence Intelligence is thorough for WordPress but does not cover Joomla, Drupal, or other CMS platforms. This database covers CMS software only, updated to the hour.

Showing 1–30 CVEs
Sorted by Published · Newest first
CVE ID Severity CVSS Title Published
CVE-2026-61985 medium 5.3/10 Jul 13, 2026 today
CVE-2026-61983 medium 5.3/10 Jul 13, 2026 today
CVE-2026-61977 medium 5.3/10 Jul 13, 2026 today
CVE-2026-61976 medium 5.3/10 Jul 13, 2026 today
CVE-2026-61975 medium 5.3/10 Jul 13, 2026 today
CVE-2026-61971 low 2.7/10 Jul 13, 2026 today
CVE-2026-61970 medium 4.9/10 Jul 13, 2026 today
CVE-2026-61968 medium 5.4/10 Jul 13, 2026 today
CVE-2026-61958 medium 5.4/10 Jul 13, 2026 today
CVE-2026-61956 high 7.1/10 Jul 13, 2026 today
CVE-2026-61955 high 7.6/10 Jul 13, 2026 today
CVE-2026-61952 medium 4.9/10 Jul 13, 2026 today
CVE-2026-59523 medium 6.5/10 Jul 13, 2026 today
CVE-2026-59521 high 7.2/10 Jul 13, 2026 today
CVE-2026-59518 critical 9.8/10 Jul 13, 2026 today
CVE-2026-59516 high 7.1/10 Jul 13, 2026 today
CVE-2026-59515 critical 9.3/10 Jul 13, 2026 today
CVE-2026-57816 high 7.1/10 Jul 13, 2026 today
CVE-2026-57815 high 7.5/10 Jul 13, 2026 today
CVE-2026-57814 high 7.1/10 Jul 13, 2026 today
CVE-2026-57813 critical 9.8/10 Jul 13, 2026 today
CVE-2026-57812 medium 6.5/10 Jul 13, 2026 today
CVE-2026-57811 critical 10.0/10 Jul 13, 2026 today
CVE-2026-57810 high 8.5/10 Jul 13, 2026 today
CVE-2026-57805 high 7.5/10 Jul 13, 2026 today
CVE-2026-57804 high 7.5/10 Jul 13, 2026 today
CVE-2026-57803 high 7.5/10 Jul 13, 2026 today
CVE-2026-57802 high 7.5/10 Jul 13, 2026 today
CVE-2026-57801 high 7.5/10 Jul 13, 2026 today
CVE-2026-57800 high 7.5/10 Jul 13, 2026 today
Page 1
Prev 1 2