Total
6399 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36902 | 1 Medivision | 3 Digital Signage, Medivision Digital Signage, Medivision Digital Signage Firmware | 2025-12-30 | 9.8 Critical |
| UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication. | ||||
| CVE-2025-6205 | 1 3ds | 1 Delmia Apriso | 2025-12-30 | 9.1 Critical |
| A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application. | ||||
| CVE-2025-68505 | 2 H5p, Wordpress | 2 H5p, Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through <= 1.16.1. | ||||
| CVE-2025-68508 | 2 Brave, Wordpress | 2 Brave Popup Builder, Wordpress | 2025-12-29 | 9.1 Critical |
| Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through <= 0.8.3. | ||||
| CVE-2025-68591 | 2 Mitchell Bennis, Wordpress | 2 Simple File List, Wordpress | 2025-12-29 | 8.1 High |
| Missing Authorization vulnerability in Mitchell Bennis Simple File List simple-file-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple File List: from n/a through <= 6.1.15. | ||||
| CVE-2025-68595 | 2 Trustindex, Wordpress | 2 Widgets For Social Photo Feed, Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in Trustindex Widgets for Social Photo Feed social-photo-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widgets for Social Photo Feed: from n/a through <= 1.7.7. | ||||
| CVE-2025-68588 | 2 Total-soft, Wordpress | 2 Ts Poll, Wordpress | 2025-12-29 | 8.1 High |
| Missing Authorization vulnerability in totalsoft TS Poll poll-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Poll: from n/a through <= 2.5.3. | ||||
| CVE-2025-68586 | 2 Goratech, Wordpress | 2 Cooked, Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through <= 1.11.2. | ||||
| CVE-2025-68511 | 2 Jegstudio, Wordpress | 2 Gutenverse, Wordpress | 2025-12-29 | 9.1 Critical |
| Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.3.1. | ||||
| CVE-2025-68582 | 2 Funnelforms, Wordpress | 3 Funnelforms, Funnelforms Free, Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through <= 3.8. | ||||
| CVE-2025-68517 | 2 Essekia, Wordpress | 2 Tablesome Table, Wordpress | 2025-12-29 | 8.1 High |
| Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.1. | ||||
| CVE-2025-68568 | 2 Popup Builder, Wordpress | 2 Popup Builder, Wordpress | 2025-12-29 | 7.5 High |
| Missing Authorization vulnerability in integrationclaspo Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture & Lead Generation forms maker claspo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture & Lead Generation forms maker: from n/a through <= 1.0.5. | ||||
| CVE-2025-68596 | 2 Bitapps, Wordpress | 2 Bit Assist, Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11. | ||||
| CVE-2025-14913 | 2 Wordpress, Wpshuffle | 2 Wordpress, Frontend Post Submission Manager | 2025-12-29 | 5.3 Medium |
| The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'media_delete_action' function in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to delete arbitrary attachments. | ||||
| CVE-2025-68565 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 9.8 Critical |
| Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through <= 2.1.3. | ||||
| CVE-2023-28619 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 4.3 Medium |
| Missing Authorization vulnerability in bnayawpguy Resoto allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Resoto: from n/a through 1.0.8. | ||||
| CVE-2025-68535 | 2 Sunshinephotocart, Wordpress | 2 Sunshine Photo Cart, Wordpress | 2025-12-29 | 9.1 Critical |
| Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.1. | ||||
| CVE-2025-68579 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 8.1 High |
| Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through <= 1.9.6. | ||||
| CVE-2025-68523 | 2 Spiffyplugins, Wordpress | 2 Spiffy Calendar, Wordpress | 2025-12-29 | 8.1 High |
| Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through <= 5.0.7. | ||||
| CVE-2023-40679 | 2 Jeweltheme, Wordpress | 2 Master Addons For Elementor, Wordpress | 2025-12-29 | 6.5 Medium |
| Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3. | ||||