Filtered by vendor Wordpress Subscriptions
Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)
Total 11793 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-32090 2 Church Admin Project, Wordpress 2 Church Admin, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.27.
CVE-2024-31373 2 E2pdf, Wordpress 2 E2pdf, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf e2pdf e2pdf.This issue affects e2pdf: from n/a through <= 1.20.27.
CVE-2024-31281 2 Church Admin Project, Wordpress 2 Church Admin, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.6.
CVE-2024-30505 2 Church Admin Project, Wordpress 2 Church Admin, Wordpress 2026-04-01 N/A
Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.18.
CVE-2024-30493 2 Church Admin Project, Wordpress 2 Church Admin, Wordpress 2026-04-01 N/A
Cross-Site Request Forgery (CSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.7.
CVE-2024-30244 2 Church Admin Project, Wordpress 2 Church Admin, Wordpress 2026-04-01 8.8 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.27.
CVE-2024-30229 2 Givewp, Wordpress 2 Givewp, Wordpress 2026-04-01 7.2 High
Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.4.2.
CVE-2024-30197 2 Church Admin Project, Wordpress 2 Church Admin, Wordpress 2026-04-01 5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.26.
CVE-2024-30193 2 Church Admin Project, Wordpress 2 Church Admin, Wordpress 2026-04-01 5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.17.
CVE-2024-27987 2 Givewp, Wordpress 3 Give, Givewp, Wordpress 2026-04-01 6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.3.1.
CVE-2024-25599 2 Castos, Wordpress 2 Seriously Simple Podcasting, Wordpress 2026-04-01 6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting.This issue affects Seriously Simple Podcasting: from n/a through <= 3.0.2.
CVE-2026-28133 2 Wordpress, Wp Chill 2 Wordpress, Filr 2026-04-01 8.1 High
Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.14.
CVE-2025-67583 2 Themeatelier, Wordpress 2 Idonate, Wordpress 2026-04-01 5.3 Medium
Missing Authorization vulnerability in Foysal Imran IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through <= 2.1.15.
CVE-2025-64634 2 Theme-fusion, Wordpress 2 Avada, Wordpress 2026-04-01 8.8 High
Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through <= 7.13.2.
CVE-2025-62969 2 Wordpress, Xlplugins 2 Wordpress, Nextmove 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Stored XSS.This issue affects NextMove Lite: from n/a through <= 2.23.0.
CVE-2025-62902 2 Themehunk, Wordpress 2 Wp Popup Builder, Wordpress 2026-04-01 7.5 High
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.8.
CVE-2025-52735 2 Wordpress, Xlplugins 2 Wordpress, Nextmove 2026-04-01 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through <= 2.24.0.
CVE-2025-14430 2 Thememove, Wordpress 2 Brook, Wordpress 2026-04-01 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through <= 2.9.0.
CVE-2026-4146 2 Timwhitlock, Wordpress 2 Loco Translate, Wordpress 2026-04-01 6.1 Medium
The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘update_href’ parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2026-1877 2 Johnh10, Wordpress 2 Auto Post Scheduler, Wordpress 2026-04-01 6.1 Medium
The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'aps_options_page' function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.