Filtered by vendor Wordpress
Subscriptions
Filtered by product Wordpress
Subscriptions
Total
11955 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31643 | 2 Dasinfomedia, Wordpress | 2 Wpchurch Church Management System, Wordpress | 2026-04-28 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. | ||||
| CVE-2025-31642 | 2 Dasinfomedia, Wordpress | 2 Wpchurch Church Management System, Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This issue affects WPCHURCH: from n/a through 2.7.0. | ||||
| CVE-2025-31639 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7. | ||||
| CVE-2025-31632 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom allows PHP Local File Inclusion. This issue affects La Boom: from n/a through 2.7. | ||||
| CVE-2025-31630 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1. | ||||
| CVE-2025-31593 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OpenMenu OpenMenu allows Stored XSS. This issue affects OpenMenu: from n/a through 3.5. | ||||
| CVE-2025-31430 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection. This issue affects The Business: from n/a through 1.6.1. | ||||
| CVE-2025-31418 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noonnoo Gravel allows Reflected XSS.This issue affects Gravel: from n/a through 1.6. | ||||
| CVE-2025-31409 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a. | ||||
| CVE-2025-31398 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. This issue affects PIMP - Creative MultiPurpose: from n/a through 1.7. | ||||
| CVE-2025-31101 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact Form 7: from n/a through 1.0. | ||||
| CVE-2025-31100 | 2 Mojoomla, Wordpress | 2 School Management, Wordpress | 2026-04-28 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02-07-2025). | ||||
| CVE-2025-31069 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Object Injection. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4. | ||||
| CVE-2025-31068 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4. | ||||
| CVE-2025-31067 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Seven Stars allows Stored XSS. This issue affects Seven Stars: from n/a through 1.4.4. | ||||
| CVE-2025-31065 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4. | ||||
| CVE-2025-31054 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8. | ||||
| CVE-2025-31051 | 2 Engotheme, Wordpress | 2 Plant, Wordpress | 2026-04-28 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0. | ||||
| CVE-2025-31048 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4. | ||||
| CVE-2025-31047 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Themify Themify Edmin allows Object Injection.This issue affects Themify Edmin: from n/a through 2.0.0. | ||||