The CMS vulnerability ledger.
Every published CVE that touches a CMS, plugin, theme, or page builder — indexed, scored, and cross-referenced against the components running on your sites.
What we track
Every CMS CVE. One place.
A CVE is a public record for a known security vulnerability. Each one gets a unique ID, a plain-language description of the problem, and a CVSS score that shows how serious it is. CVE numbers are assigned by MITRE and synced with NIST's National Vulnerability Database (NVD), so they appear consistently across security tools, advisories, and patch notes.
This database covers every CVE that affects a content management system: WordPress, Joomla, Drupal, Magento, TYPO3, WooCommerce, Elementor, Divi, and the thousands of plugins, themes, and extensions built on top of them. It is not a general-purpose vulnerability database. It covers the software layer that runs websites, so site owners, developers, and security teams can quickly check whether something on their sites has a known vulnerability.
The feed pulls from official CVE sources and is updated continuously. The "Feed last synced" counter above shows how old the newest record in the database is. When it says "3 hrs ago", every CVE published in the past three hours is already searchable here. New CVEs usually show up within minutes of NVD publication.
Understanding severity
What the CVSS score means
Every CVE gets a CVSS 3.x score from 0 to 10. The score is calculated from six factors: whether the attack works over the network or needs physical access, how complex the exploit is, whether the attacker needs an existing account, whether a victim has to take some action, and the potential impact on confidentiality, integrity, and availability.
Some CVEs are published without a CVSS score and updated by NVD analysts days or weeks later. Entries without a score show a dash until scoring is complete.
How this differs from NVD and Wordfence
The NVD covers everything: server operating systems, networking hardware, enterprise applications, IoT firmware. That makes it slow and noisy when you only care about CMS vulnerabilities. Wordfence Intelligence is thorough for WordPress but does not cover Joomla, Drupal, or other CMS platforms. This database covers CMS software only, updated to the hour.
| CVE ID | Severity | CVSS | Title | Published |
|---|---|---|---|---|
| CVE-2026-61985 | medium | 5.3/10 | Jul 13, 2026 today | |
| CVE-2026-61983 | medium | 5.3/10 | Jul 13, 2026 today | |
| CVE-2026-61977 | medium | 5.3/10 | Jul 13, 2026 today | |
| CVE-2026-61976 | medium | 5.3/10 | Jul 13, 2026 today | |
| CVE-2026-61975 | medium | 5.3/10 | Jul 13, 2026 today | |
| CVE-2026-61971 | low | 2.7/10 | Jul 13, 2026 today | |
| CVE-2026-61970 | medium | 4.9/10 | Jul 13, 2026 today | |
| CVE-2026-61968 | medium | 5.4/10 | Jul 13, 2026 today | |
| CVE-2026-61958 | medium | 5.4/10 | Jul 13, 2026 today | |
| CVE-2026-61956 | high | 7.1/10 | Jul 13, 2026 today | |
| CVE-2026-61955 | high | 7.6/10 | Jul 13, 2026 today | |
| CVE-2026-61952 | medium | 4.9/10 | Jul 13, 2026 today | |
| CVE-2026-59523 | medium | 6.5/10 | Jul 13, 2026 today | |
| CVE-2026-59521 | high | 7.2/10 | Jul 13, 2026 today | |
| CVE-2026-59518 | critical | 9.8/10 | Jul 13, 2026 today | |
| CVE-2026-59516 | high | 7.1/10 | Jul 13, 2026 today | |
| CVE-2026-59515 | critical | 9.3/10 | Jul 13, 2026 today | |
| CVE-2026-57816 | high | 7.1/10 | Jul 13, 2026 today | |
| CVE-2026-57815 | high | 7.5/10 | Jul 13, 2026 today | |
| CVE-2026-57814 | high | 7.1/10 | Jul 13, 2026 today | |
| CVE-2026-57813 | critical | 9.8/10 | Jul 13, 2026 today | |
| CVE-2026-57812 | medium | 6.5/10 | Jul 13, 2026 today | |
| CVE-2026-57811 | critical | 10.0/10 | Jul 13, 2026 today | |
| CVE-2026-57810 | high | 8.5/10 | Jul 13, 2026 today | |
| CVE-2026-57805 | high | 7.5/10 | Jul 13, 2026 today | |
| CVE-2026-57804 | high | 7.5/10 | Jul 13, 2026 today | |
| CVE-2026-57803 | high | 7.5/10 | Jul 13, 2026 today | |
| CVE-2026-57802 | high | 7.5/10 | Jul 13, 2026 today | |
| CVE-2026-57801 | high | 7.5/10 | Jul 13, 2026 today | |
| CVE-2026-57800 | high | 7.5/10 | Jul 13, 2026 today |