Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 9079 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58921	1 Wordpress	1 Wordpress	2026-01-20	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Tactical Popup wp-tactical-popup allows Reflected XSS.This issue affects WP Tactical Popup: from n/a through <= 1.1.
CVE-2025-58918	2 Waituk, Wordpress	2 Entrada, Wordpress	2026-01-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Waituk Entrada theme allows Cross Site Request Forgery.This issue affects Entrada: from n/a through 5.7.7.
CVE-2025-58916	1 Wordpress	1 Wordpress	2026-01-20	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Munzir Author: Munzir myshouts-shoutbox allows Reflected XSS.This issue affects Author: Munzir: from n/a through <= 0.9.
CVE-2025-58901	2 Ancorathemes, Wordpress	2 Takeout, Wordpress	2026-01-20	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Takeout takeout allows PHP Local File Inclusion.This issue affects Takeout: from n/a through <= 1.3.0.
CVE-2025-58900	2 Ancorathemes, Wordpress	2 Unitravel, Wordpress	2026-01-20	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UniTravel unitravel allows PHP Local File Inclusion.This issue affects UniTravel: from n/a through <= 1.4.2.
CVE-2025-58899	2 Ancorathemes, Wordpress	2 Frame, Wordpress	2026-01-20	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Frame frame allows PHP Local File Inclusion.This issue affects Frame: from n/a through <= 2.4.0.
CVE-2025-58898	2 Ancorathemes, Wordpress	2 Healthhub, Wordpress	2026-01-20	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes HealthHub healthhub allows PHP Local File Inclusion.This issue affects HealthHub: from n/a through <= 1.3.0.
CVE-2025-58896	2 Ancorathemes, Wordpress	2 Otaku, Wordpress	2026-01-20	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Otaku otaku allows PHP Local File Inclusion.This issue affects Otaku: from n/a through <= 1.8.0.
CVE-2025-58895	2 Ancorathemes, Wordpress	2 Integro, Wordpress	2026-01-20	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Integro integro allows PHP Local File Inclusion.This issue affects Integro: from n/a through <= 1.8.0.
CVE-2025-58894	2 Axiomthemes, Wordpress	2 Good Mood, Wordpress	2026-01-20	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Good Mood good-mood allows PHP Local File Inclusion.This issue affects Good Mood: from n/a through <= 1.16.
CVE-2025-58893	2 Axiomthemes, Wordpress	2 Alright, Wordpress	2026-01-20	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Alright alright allows PHP Local File Inclusion.This issue affects Alright: from n/a through <= 1.6.1.
CVE-2025-58892	2 Ancorathemes, Wordpress	2 Tourimo, Wordpress	2026-01-20	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tourimo tourimo allows PHP Local File Inclusion.This issue affects Tourimo: from n/a through <= 1.2.3.
CVE-2025-58891	2 Ancorathemes, Wordpress	2 Sanger, Wordpress	2026-01-20	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Sanger sanger allows PHP Local File Inclusion.This issue affects Sanger: from n/a through <= 1.24.0.
CVE-2025-58890	2 Ancorathemes, Wordpress	2 Playful, Wordpress	2026-01-20	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Playful playful allows PHP Local File Inclusion.This issue affects Playful: from n/a through <= 1.19.0.
CVE-2025-58889	2 Axiomthemes, Wordpress	2 Towny, Wordpress	2026-01-20	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Towny towny allows PHP Local File Inclusion.This issue affects Towny: from n/a through <= 1.16.
CVE-2025-58888	2 Ancorathemes, Wordpress	2 Theflash, Wordpress	2026-01-20	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes The Flash theflash allows PHP Local File Inclusion.This issue affects The Flash: from n/a through <= 1.15.
CVE-2025-58885	2 Ancorathemes, Wordpress	2 Pathfinder, Wordpress	2026-01-20	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pathfinder pathfinder allows PHP Local File Inclusion.This issue affects Pathfinder: from n/a through <= 1.16.
CVE-2025-58879	2 Ancorathemes, Wordpress	2 Festy, Wordpress	2026-01-20	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Festy festy allows PHP Local File Inclusion.This issue affects Festy: from n/a through <= 1.13.0.
CVE-2025-58877	2 Javothemes, Wordpress	2 Javo Core, Wordpress	2026-01-20	7.5 High
Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529.
CVE-2025-58803	2 Axiomthemes, Wordpress	2 Algenix, Wordpress	2026-01-20	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Algenix algenix allows PHP Local File Inclusion.This issue affects Algenix: from n/a through <= 1.0.

« first previous Page 62 of 454. next last »