WordPress Plugin CVE Trends 2026

Name: WordPress Plugin CVE Trends 2026
Creator: GuardLabs
Published: 2026-05-03
License: https://creativecommons.org/licenses/by/4.0/

Open dataset of high-severity vulnerabilities (CVSS ≥ 7.0) in popular WordPress plugins. Sourced from NIST NVD, refreshed every 30 minutes.

CVEs tracked

unique plugins

8.74

avg CVSS

9.8

max CVSS

CRITICAL

HIGH

Download

📊 CSV (0.9 KB) 📦 JSON

License: CC-BY-4.0 · Last updated: 2026-05-03 08:23 UTC · Citation: GuardLabs (2026). WordPress Plugin CVE Trends 2026. https://guardlabs.online/datasets/cve-trends-2026/

Schema

Field	Type	Description
`cve_id`	string	CVE identifier, e.g. `CVE-2026-2892`
`plugin`	string	Affected WordPress plugin name
`cvss`	float	CVSS v3 base score (0.0–10.0)
`severity`	string	`HIGH` or `CRITICAL`
`published`	ISO 8601	Date CVE published in NVD
`modified`	ISO 8601	Date CVE record last modified
`report_url`	URL	Plain-language analysis on guardlabs.online (en/ru/es)

Sample (top 10 by CVSS)

CVE	Plugin	CVSS	Severity	Report
`CVE-2026-7567`	Temporary Login	9.8	CRITICAL	en · ru · es
`CVE-2026-3772`	WP Editor	8.8	HIGH	en · ru · es
`CVE-2026-6741`	Calendar Booking Plugin for Appointments and Events	8.8	HIGH	en · ru · es
`CVE-2026-7106`	Highland Software Custom Role Manager	8.8	HIGH	en · ru · es
`CVE-2026-2892`	Otter Blocks	7.5	HIGH	en · ru · es

For the full 5 records, download the CSV/JSON above.

Source & Methodology

Source: NIST National Vulnerability Database (NVD JSON 2.0 API), keyword wordpress.
Filter: CVSS v3 base score ≥ 7.0; affected product extracted via plugin-name regex.
Refresh: Every 30 minutes via cve-watcher.service systemd loop.
Coverage: 2026-01-01 onwards. Historical CVEs not included.
Plain-language reports: Each entry links to a long-form analysis (TL;DR + technical analysis + who's at risk + mitigation + FAQ + timeline) generated by GuardLabs in English, Russian, and Spanish.

Use Cases

📰 Journalists tracking WP-ecosystem security trends.
🔬 Researchers correlating plugin popularity with vulnerability rate.
🛡️ Security teams building internal dashboards.
🤖 ML training corpus (CVE class labels paired with plain-language descriptions).

Need automated patching for these CVEs on your WordPress site?
GuardLabs Website Care · Annual applies patches the same day they drop. $240/year. Free audit first →