CVEs and Security Vulnerabilities

Search

Switch to Advanced Search (Beta)

Total 321612 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62871	1 Wordpress	1 Wordpress	2025-12-10	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / JustCoded Just TinyMCE Custom Styles just-tinymce-styles allows Cross Site Request Forgery.This issue affects Just TinyMCE Custom Styles: from n/a through <= 1.2.1.
CVE-2025-67584	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in rtCamp GoDAM godam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDAM: from n/a through <= 1.4.6.
CVE-2025-63052	2 Gallerycreator, Wordpress	2 Simply Gallery, Wordpress	2025-12-10	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Stored XSS.This issue affects SimpLy Gallery: from n/a through <= 3.2.8.
CVE-2025-67589	2 Wordpress, Wpovernight	2 Wordpress, Woocommerce Pdf Invoices\& Packing Slips	2025-12-10	4.3 Medium
Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through <= 4.9.1.
CVE-2025-62102	2 Apasionados, Wordpress	2 Dofollow Case By Case, Wordpress	2025-12-10	N/A
Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through <= 3.5.1.
CVE-2025-62873	2 Flashyapp, Wordpress	2 Wp Flashy Marketing Automation, Wordpress	2025-12-10	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Flashyapp WP Flashy Marketing Automation wp-flashy-marketing-automation allows Cross Site Request Forgery.This issue affects WP Flashy Marketing Automation: from n/a through <= 2.0.8.
CVE-2025-67577	1 Wordpress	1 Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.8.20.
CVE-2025-63011	2 Thimpress, Wordpress	2 Wp Hotel Booking, Wordpress	2025-12-10	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through <= 2.2.7.
CVE-2025-67594	3 Elementor, Thimpress, Wordpress	3 Elementor, Thim Elementor Kit, Wordpress	2025-12-10	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.3.3.
CVE-2025-62151	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2025-12-10	N/A
Missing Authorization vulnerability in Virtuaria Virtuaria PagBank / PagSeguro para Woocommerce virtuaria-pagseguro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virtuaria PagBank / PagSeguro para Woocommerce: from n/a through <= 3.6.3.
CVE-2025-63049	2 Cridio, Wordpress	2 Listingpro Lead Form, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in CridioStudio ListingPro Lead Form listingpro-lead-form allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ListingPro Lead Form: from n/a through <= 1.0.2.
CVE-2025-63007	2 Metagauss, Wordpress	2 Eventprime, Wordpress	2025-12-10	N/A
Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.4.1.
CVE-2025-63006	2 Metagauss, Wordpress	2 Eventprime, Wordpress	2025-12-10	N/A
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.4.1.
CVE-2025-67596	2 Strategy11, Wordpress	2 Business Directory Plugin, Wordpress	2025-12-10	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through <= 6.4.19.
CVE-2025-62736	1 Wordpress	1 Wordpress	2025-12-10	N/A
Missing Authorization vulnerability in opicron Image Cleanup image-cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Cleanup: from n/a through <= 1.9.2.
CVE-2025-67590	2 Rustaurius, Wordpress	2 Ultimate Faq, Wordpress	2025-12-10	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through <= 2.4.3.
CVE-2025-63015	3 Paysera, Woocommerce, Wordpress	3 Woocommerce Payment Gateway, Woocommerce, Wordpress	2025-12-10	N/A
Missing Authorization vulnerability in paysera WooCommerce Payment Gateway – Paysera woo-payment-gateway-paysera allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Payment Gateway – Paysera: from n/a through <= 3.9.0.
CVE-2025-62995	2 Multiparcels, Wordpress	2 Multiparcels Shipping For Woocommerce, Wordpress	2025-12-10	N/A
Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiParcels Shipping For WooCommerce: from n/a through <= 1.30.12.
CVE-2025-62082	1 Wordpress	1 Wordpress	2025-12-10	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows Stored XSS.This issue affects Generic Elements: from n/a through <= 1.2.8.
CVE-2025-67581	2 Themetechmount, Wordpress	2 Truebooker, Wordpress	2025-12-10	5.3 Medium
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.0.

« first previous Page 21 of 16081. next last »