Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
9079 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58710 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.6 High |
| Incorrect Privilege Assignment vulnerability in e-plugins Hotel Listing hotel-listing allows Privilege Escalation.This issue affects Hotel Listing: from n/a through <= 1.4.0. | ||||
| CVE-2025-58709 | 2 Axiomthemes, Wordpress | 2 Legacy, Wordpress | 2026-01-20 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Legacy legacy allows PHP Local File Inclusion.This issue affects Legacy: from n/a through <= 1.9. | ||||
| CVE-2025-58708 | 2 Axiomthemes, Wordpress | 2 777, Wordpress | 2026-01-20 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes 777 triple-seven allows PHP Local File Inclusion.This issue affects 777: from n/a through <= 1.3. | ||||
| CVE-2025-58706 | 2 Axiomthemes, Wordpress | 2 Woo Hoo, Wordpress | 2026-01-20 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Woo Hoo woohoo allows PHP Local File Inclusion.This issue affects Woo Hoo: from n/a through <= 1.25. | ||||
| CVE-2025-58638 | 2 E-plugins, Wordpress | 2 Institutions Directory, Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Institutions Directory institutions-directory allows Reflected XSS.This issue affects Institutions Directory: from n/a through <= 1.3.3. | ||||
| CVE-2025-58636 | 2 Crm Perks, Wordpress | 2 Wp Gravity Forms Keap/infusionsoft, Wordpress | 2026-01-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Object Injection.This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through <= 1.2.3. | ||||
| CVE-2025-58629 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.5 High |
| Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.0.9. | ||||
| CVE-2025-58627 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous Core Plugin: from n/a through < 2.0.9. | ||||
| CVE-2025-58619 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows Object Injection.This issue affects Falang multilanguage: from n/a through <= 1.3.65. | ||||
| CVE-2025-58595 | 2 Saad Iqbal, Wordpress | 2 All In One Login, Wordpress | 2026-01-20 | 9.1 Critical |
| Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through <= 2.0.8. | ||||
| CVE-2025-58592 | 2 Cozmoslabs, Wordpress | 2 Translatepress, Wordpress | 2026-01-20 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2. | ||||
| CVE-2025-58243 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 5.3 Medium |
| Missing Authorization vulnerability in Jthemes imEvent imevent allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects imEvent: from n/a through <= 3.4.0. | ||||
| CVE-2025-58225 | 2 Axiomthemes, Wordpress | 2 Paragon, Wordpress | 2026-01-20 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Paragon paragon allows PHP Local File Inclusion.This issue affects Paragon: from n/a through <= 1.1. | ||||
| CVE-2025-58207 | 2 Wordpress, Wpmessiah | 2 Wordpress, Ai Image Alt Text Generator For Wp | 2026-01-20 | 8.2 High |
| Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.5. | ||||
| CVE-2025-57931 | 3 Ays-pro, Ays Pro, Wordpress | 3 Popup Box, Popup Box, Wordpress | 2026-01-20 | 5.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through 5.5.4. | ||||
| CVE-2025-57897 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in venusweb Logtik logtik allows Reflected XSS.This issue affects Logtik: from n/a through <= 2.3. | ||||
| CVE-2025-55707 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-01-20 | 7.2 High |
| Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35. | ||||
| CVE-2025-54751 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-01-20 | 7.1 High |
| Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36. | ||||
| CVE-2025-54748 | 2 Mapsvg, Wordpress | 2 Mapsvg, Wordpress | 2026-01-20 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RomanCode MapSVG mapsvg allows Path Traversal.This issue affects MapSVG: from n/a through < 8.6.12. | ||||
| CVE-2025-54745 | 2 Miniorange, Wordpress | 2 Google Authenticator, Wordpress | 2026-01-20 | 6.5 Medium |
| Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through <= 6.1.1. | ||||