Total
6399 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68523 | 2 Spiffyplugins, Wordpress | 2 Spiffy Calendar, Wordpress | 2025-12-29 | 8.1 High |
| Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through <= 5.0.7. | ||||
| CVE-2023-40679 | 2 Jeweltheme, Wordpress | 2 Master Addons For Elementor, Wordpress | 2025-12-29 | 6.5 Medium |
| Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3. | ||||
| CVE-2025-68571 | 2 Salesmanago, Wordpress | 2 Salesmanago, Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago: from n/a through <= 3.9.0. | ||||
| CVE-2025-68581 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 8.1 High |
| Missing Authorization vulnerability in YITHEMES YITH Slider for page builders yith-slider-for-page-builders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH Slider for page builders: from n/a through <= 1.0.11. | ||||
| CVE-2025-68522 | 2 Wordpress, Wpstream | 2 Wordpress, Wpstream | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5. | ||||
| CVE-2025-68578 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 8.1 High |
| Missing Authorization vulnerability in Addonify Addonify addonify-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify: from n/a through <= 2.0.4. | ||||
| CVE-2025-68569 | 2 Codepeople, Wordpress | 2 Wp Time Slots Booking Form, Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.38. | ||||
| CVE-2025-68572 | 2 Spider-themes, Wordpress | 2 Bbp Core, Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in Spider Themes BBP Core bbp-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BBP Core: from n/a through <= 1.4.1. | ||||
| CVE-2025-68608 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9. | ||||
| CVE-2025-68521 | 2 Wordpress, Wpstream | 2 Wordpress, Wpstream | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5. | ||||
| CVE-2025-68575 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in Wappointment team Wappointment wappointment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wappointment: from n/a through <=2.7.2. | ||||
| CVE-2025-68577 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in Virusdie Virusdie virusdie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virusdie: from n/a through <= 1.1.6. | ||||
| CVE-2025-68589 | 2 Wordpress, Wpsocio | 2 Wordpress, Wp Telegram Widget And Join Link | 2025-12-29 | 8.1 High |
| Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through <= 2.2.11. | ||||
| CVE-2025-68593 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1. | ||||
| CVE-2025-68587 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 8.1 High |
| Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5. | ||||
| CVE-2025-68585 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in Ben Balter WP Document Revisions wp-document-revisions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Document Revisions: from n/a through <= 3.7.2. | ||||
| CVE-2025-68592 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 8.8 High |
| Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1. | ||||
| CVE-2025-68594 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 8.1 High |
| Missing Authorization vulnerability in Assaf Parag Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through <= 19.12.1. | ||||
| CVE-2025-15066 | 2025-12-29 | 6.2 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing Authorization vulnerability in Innorix WP allows Path Traversal.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed (ex: innorix/exam) | ||||
| CVE-2025-68920 | 2025-12-29 | 8.9 High | ||
| C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system. | ||||