Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9677 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-31373	2 E2pdf, Wordpress	2 E2pdf, Wordpress	2026-01-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue affects e2pdf: from n/a through 1.20.27.
CVE-2024-34828	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.32.
CVE-2023-25701	2 Watchtowerhq, Wordpress	2 Watchtower, Wordpress	2026-01-21	9.8 Critical
Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.
CVE-2024-31281	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	6.3 Medium
Missing Authorization vulnerability in Andy Moyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.1.6.
CVE-2024-30493	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7.
CVE-2024-30505	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	5.4 Medium
Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18.
CVE-2024-32090	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
CVE-2024-30193	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17.
CVE-2024-30197	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26.
CVE-2024-30244	2 Church Admin Project, Wordpress	2 Church Admin, Wordpress	2026-01-21	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
CVE-2025-62068	2 E2pdf, Wordpress	2 E2pdf, Wordpress	2026-01-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.28.09.
CVE-2025-28953	2 Axiomthemes, Wordpress	2 Smartseo, Wordpress	2026-01-21	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through <= 4.0.
CVE-2025-58945	2 Axiomthemes, Wordpress	2 Ecogrow, Wordpress	2026-01-21	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes EcoGrow ecogrow allows PHP Local File Inclusion.This issue affects EcoGrow: from n/a through <= 1.7.
CVE-2025-58946	2 Axiomthemes, Wordpress	2 Vocal, Wordpress	2026-01-21	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Vocal vocal allows PHP Local File Inclusion.This issue affects Vocal: from n/a through <= 1.12.
CVE-2025-58947	2 Axiomthemes, Wordpress	2 Athos, Wordpress	2026-01-21	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Athos: from n/a through <= 1.9.
CVE-2025-60049	2 Axiomthemes, Wordpress	2 Soleil, Wordpress	2026-01-21	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleil soleil allows PHP Local File Inclusion.This issue affects Soleil: from n/a through <= 1.17.
CVE-2025-60050	2 Axiomthemes, Wordpress	2 Panda, Wordpress	2026-01-21	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Panda panda allows PHP Local File Inclusion.This issue affects Panda: from n/a through <= 1.21.
CVE-2025-60051	1 Wordpress	1 Wordpress	2026-01-21	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Rare Radio rareradio allows PHP Local File Inclusion.This issue affects Rare Radio: from n/a through <= 1.0.15.1.
CVE-2025-60052	1 Wordpress	1 Wordpress	2026-01-21	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes W&D wd allows PHP Local File Inclusion.This issue affects W&D: from n/a through <= 1.0.
CVE-2025-60053	1 Wordpress	1 Wordpress	2026-01-21	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes MaxCube maxcube allows PHP Local File Inclusion.This issue affects MaxCube: from n/a through <= 1.3.1.

« first previous Page 41 of 484. next last »