CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Total 9669 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58710	1 Wordpress	1 Wordpress	2026-01-29	8.6 High
Incorrect Privilege Assignment vulnerability in e-plugins Hotel Listing hotel-listing allows Privilege Escalation.This issue affects Hotel Listing: from n/a through <= 1.4.0.
CVE-2025-58803	2 Axiomthemes, Wordpress	2 Algenix, Wordpress	2026-01-29	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Algenix algenix allows PHP Local File Inclusion.This issue affects Algenix: from n/a through <= 1.0.
CVE-2025-58877	2 Javothemes, Wordpress	2 Javo Core, Wordpress	2026-01-29	7.5 High
Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529.
CVE-2025-58879	2 Ancorathemes, Wordpress	2 Festy, Wordpress	2026-01-29	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Festy festy allows PHP Local File Inclusion.This issue affects Festy: from n/a through <= 1.13.0.
CVE-2025-58885	2 Ancorathemes, Wordpress	2 Pathfinder, Wordpress	2026-01-29	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pathfinder pathfinder allows PHP Local File Inclusion.This issue affects Pathfinder: from n/a through <= 1.16.
CVE-2025-58888	2 Ancorathemes, Wordpress	2 Theflash, Wordpress	2026-01-29	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes The Flash theflash allows PHP Local File Inclusion.This issue affects The Flash: from n/a through <= 1.15.
CVE-2025-58889	2 Axiomthemes, Wordpress	2 Towny, Wordpress	2026-01-29	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Towny towny allows PHP Local File Inclusion.This issue affects Towny: from n/a through <= 1.16.
CVE-2025-58890	2 Ancorathemes, Wordpress	2 Playful, Wordpress	2026-01-29	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Playful playful allows PHP Local File Inclusion.This issue affects Playful: from n/a through <= 1.19.0.
CVE-2025-58891	2 Ancorathemes, Wordpress	2 Sanger, Wordpress	2026-01-29	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Sanger sanger allows PHP Local File Inclusion.This issue affects Sanger: from n/a through <= 1.24.0.
CVE-2025-58892	2 Ancorathemes, Wordpress	2 Tourimo, Wordpress	2026-01-29	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tourimo tourimo allows PHP Local File Inclusion.This issue affects Tourimo: from n/a through <= 1.2.3.
CVE-2025-58893	2 Axiomthemes, Wordpress	2 Alright, Wordpress	2026-01-29	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Alright alright allows PHP Local File Inclusion.This issue affects Alright: from n/a through <= 1.6.1.
CVE-2025-58894	2 Axiomthemes, Wordpress	2 Good Mood, Wordpress	2026-01-29	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Good Mood good-mood allows PHP Local File Inclusion.This issue affects Good Mood: from n/a through <= 1.16.
CVE-2025-58895	2 Ancorathemes, Wordpress	2 Integro, Wordpress	2026-01-29	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Integro integro allows PHP Local File Inclusion.This issue affects Integro: from n/a through <= 1.8.0.
CVE-2025-58896	2 Ancorathemes, Wordpress	2 Otaku, Wordpress	2026-01-29	8.2 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Otaku otaku allows PHP Local File Inclusion.This issue affects Otaku: from n/a through <= 1.8.0.
CVE-2025-64352	2 Wordpress, Wpdeveloper	2 Wordpress, Essential Addons For Elementor	2026-01-29	2.7 Low
Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.2.4.
CVE-2025-64368	2 Qodeinteractive, Wordpress	2 Bard, Wordpress	2026-01-29	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 1.6.
CVE-2025-39466	3 Mikado-themes, Qodeinteractive, Wordpress	3 Dor, Dor, Wordpress	2026-01-29	9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4.
CVE-2025-68913	1 Wordpress	1 Wordpress	2026-01-29	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion: from n/a through <= 1.2.7.
CVE-2025-39467	3 Mikado-themes, Qodeinteractive, Wordpress	3 Wanderland, Wanderland, Wordpress	2026-01-29	9.8 Critical
Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1.
CVE-2025-64224	2 Themegoods, Wordpress	2 Grand Conference, Wordpress	2026-01-29	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4.

« first previous Page 8 of 484. next last »