Filtered by vendor Wordpress
Subscriptions
Total
9794 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58945 | 2 Axiomthemes, Wordpress | 2 Ecogrow, Wordpress | 2026-01-21 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes EcoGrow ecogrow allows PHP Local File Inclusion.This issue affects EcoGrow: from n/a through <= 1.7. | ||||
| CVE-2025-58946 | 2 Axiomthemes, Wordpress | 2 Vocal, Wordpress | 2026-01-21 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Vocal vocal allows PHP Local File Inclusion.This issue affects Vocal: from n/a through <= 1.12. | ||||
| CVE-2025-58947 | 2 Axiomthemes, Wordpress | 2 Athos, Wordpress | 2026-01-21 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Athos athos allows PHP Local File Inclusion.This issue affects Athos: from n/a through <= 1.9. | ||||
| CVE-2025-60049 | 2 Axiomthemes, Wordpress | 2 Soleil, Wordpress | 2026-01-21 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleil soleil allows PHP Local File Inclusion.This issue affects Soleil: from n/a through <= 1.17. | ||||
| CVE-2025-60050 | 2 Axiomthemes, Wordpress | 2 Panda, Wordpress | 2026-01-21 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Panda panda allows PHP Local File Inclusion.This issue affects Panda: from n/a through <= 1.21. | ||||
| CVE-2025-60051 | 1 Wordpress | 1 Wordpress | 2026-01-21 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Rare Radio rareradio allows PHP Local File Inclusion.This issue affects Rare Radio: from n/a through <= 1.0.15.1. | ||||
| CVE-2025-60052 | 1 Wordpress | 1 Wordpress | 2026-01-21 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes W&D wd allows PHP Local File Inclusion.This issue affects W&D: from n/a through <= 1.0. | ||||
| CVE-2025-60053 | 1 Wordpress | 1 Wordpress | 2026-01-21 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes MaxCube maxcube allows PHP Local File Inclusion.This issue affects MaxCube: from n/a through <= 1.3.1. | ||||
| CVE-2025-60054 | 1 Wordpress | 1 Wordpress | 2026-01-21 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes OnLeash onleash allows PHP Local File Inclusion.This issue affects OnLeash: from n/a through <= 1.5.2. | ||||
| CVE-2025-60055 | 1 Wordpress | 1 Wordpress | 2026-01-21 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Fabrica fabrica allows PHP Local File Inclusion.This issue affects Fabrica: from n/a through <= 1.8.1. | ||||
| CVE-2025-60062 | 1 Wordpress | 1 Wordpress | 2026-01-21 | 9.4 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mmetrodw tPlayer tplayer-html5-audio-player-with-playlist allows SQL Injection.This issue affects tPlayer: from n/a through <= 1.2.1.6. | ||||
| CVE-2025-60063 | 2 Axiomthemes, Wordpress | 2 Rosalinda, Wordpress | 2026-01-21 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rosalinda rosalinda allows PHP Local File Inclusion.This issue affects Rosalinda: from n/a through <= 1.2.3. | ||||
| CVE-2025-60072 | 1 Wordpress | 1 Wordpress | 2026-01-21 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Anchor smooth scroll anchor-smooth-scroll allows PHP Local File Inclusion.This issue affects Anchor smooth scroll: from n/a through <= 1.0.2. | ||||
| CVE-2025-60076 | 2 Jbhovik, Wordpress | 2 Ray Enterprise Translation, Wordpress | 2026-01-21 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jbhovik Ray Enterprise Translation lingotek-translation allows PHP Local File Inclusion.This issue affects Ray Enterprise Translation: from n/a through <= 1.7.1. | ||||
| CVE-2025-60084 | 3 Add-ons.org, Elementor, Wordpress | 3 Pdf-for-elementor-forms, Elementor, Wordpress | 2026-01-21 | 8.6 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Object Injection.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through <= 6.3.1. | ||||
| CVE-2025-64203 | 2 Mailster, Wordpress | 2 Mailster, Wordpress | 2026-01-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress Mailster mailster allows Reflected XSS.This issue affects Mailster: from n/a through < 4.1.14. | ||||
| CVE-2025-30899 | 2 Wordpress, Wpeverest | 3 Wordpress, User Registration, User Registration \& Membership | 2026-01-20 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Stored XSS. This issue affects User Registration: from n/a through 4.0.3. | ||||
| CVE-2025-64205 | 2 Tielabs, Wordpress | 2 Jannah, Wordpress | 2026-01-20 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.0. | ||||
| CVE-2025-64225 | 1 Wordpress | 1 Wordpress | 2026-01-20 | 6.1 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through <= 1.2.11. | ||||
| CVE-2025-64227 | 2 Boldgrid, Wordpress | 2 Client Invoicing By Sprout Invoices, Wordpress | 2026-01-20 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7. | ||||