Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9660 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-39309	2 Avada, Wordpress	2 Fusion Builder, Wordpress	2026-01-21	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
CVE-2024-37418	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6.
CVE-2024-37440	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	4.3 Medium
Missing Authorization vulnerability in Andy Moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.4.4.
CVE-2024-31373	2 E2pdf, Wordpress	2 E2pdf, Wordpress	2026-01-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue affects e2pdf: from n/a through 1.20.27.
CVE-2024-34828	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.32.
CVE-2023-25701	2 Watchtowerhq, Wordpress	2 Watchtower, Wordpress	2026-01-21	9.8 Critical
Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.
CVE-2024-31281	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	6.3 Medium
Missing Authorization vulnerability in Andy Moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.1.6.
CVE-2024-30493	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7.
CVE-2024-30505	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	5.4 Medium
Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18.
CVE-2024-32090	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
CVE-2024-30193	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17.
CVE-2024-30197	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26.
CVE-2024-30244	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
CVE-2025-62068	2 E2pdf, Wordpress	2 E2pdf, Wordpress	2026-01-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.28.09.
CVE-2025-28953	2 Axiomthemes, Wordpress	2 Smartseo, Wordpress	2026-01-21	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through <= 4.0.
CVE-2025-58945	2 Axiomthemes, Wordpress	2 Ecogrow, Wordpress	2026-01-21	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes EcoGrow ecogrow allows PHP Local File Inclusion.This issue affects EcoGrow: from n/a through <= 1.7.
CVE-2025-58946	2 Axiomthemes, Wordpress	2 Vocal, Wordpress	2026-01-21	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Vocal vocal allows PHP Local File Inclusion.This issue affects Vocal: from n/a through <= 1.12.
CVE-2025-58947	2 Axiomthemes, Wordpress	2 Athos, Wordpress	2026-01-21	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Athos: from n/a through <= 1.9.
CVE-2025-60049	2 Axiomthemes, Wordpress	2 Soleil, Wordpress	2026-01-21	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleil soleil allows PHP Local File Inclusion.This issue affects Soleil: from n/a through <= 1.17.
CVE-2025-60050	2 Axiomthemes, Wordpress	2 Panda, Wordpress	2026-01-21	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Panda panda allows PHP Local File Inclusion.This issue affects Panda: from n/a through <= 1.21.

« first previous Page 40 of 483. next last »