Wp-crm CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-14854	2 Wordpress, Wp-crm	2 Wordpress, Wp-crm System	2026-01-14	5.4 Medium
The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrm_get_email_recipients and wpcrm_system_ajax_task_change_status AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with subscriber level access and above, to enumerate CRM contact email addresses (PII disclosure) and modify CRM task statuses.
CVE-2024-55991	2 Wordpress, Wp-crm	2 Wordpress, Wp-crm System	2025-07-13	6.5 Medium
Missing Authorization vulnerability in WP-CRM WP-CRM System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through 3.2.9.1.
CVE-2024-30434	2 Wordpress, Wp-crm	2 Wordpress, Wp-crm System	2025-07-12	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-CRM System allows Stored XSS.This issue affects WP-CRM System: from n/a through 3.2.9.
CVE-2025-47629	1 Wp-crm	1 Wp-crm System	2025-05-12	7.2 High
Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object Injection. This issue affects WP-CRM System: from n/a through 3.4.1.

Page 1 of 1.