Total
269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67948 | 2 Sendpulse, Wordpress | 2 Sendpulse Email Marketing Newsletter, Wordpress | 2025-12-16 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Retrieve Embedded Sensitive Data.This issue affects SendPulse Email Marketing Newsletter: from n/a through <= 2.2.1. | ||||
| CVE-2025-14712 | 1 Jhenggao | 1 Student Learning Assessment And Support System | 2025-12-15 | 7.5 High |
| Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain test accounts and password. | ||||
| CVE-2025-58015 | 2 Ays-pro, Wordpress | 2 Quiz Maker, Wordpress | 2025-12-12 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker allows Retrieve Embedded Sensitive Data. This issue affects Quiz Maker: from n/a through 6.7.0.61. | ||||
| CVE-2025-67717 | 1 Zitadel | 1 Zitadel | 2025-12-12 | N/A |
| ZITADEL is an open-source identity infrastructure tool. Versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1 disclose the total number of instance users to authenticated users, regardless of their specific permissions. While this does not leak individual user data or PII, disclosing the total user count via the totalResult field constitutes an information disclosure vulnerability that may be sensitive in certain contexts. This issue is fixed in versions 3.4.5 and 4.7.2. | ||||
| CVE-2025-67470 | 2 Essentialplugin, Wordpress | 2 Portfolio And Projects, Wordpress | 2025-12-10 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Essential Plugin Portfolio and Projects portfolio-and-projects allows Retrieve Embedded Sensitive Data.This issue affects Portfolio and Projects: from n/a through <= 1.5.5. | ||||
| CVE-2025-62737 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in opicron Image Cleanup image-cleanup allows Retrieve Embedded Sensitive Data.This issue affects Image Cleanup: from n/a through <= 1.9.2. | ||||
| CVE-2025-62735 | 2 Joelhardi, Wordpress | 2 User Spam Remover, Wordpress | 2025-12-10 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Joel User Spam Remover user-spam-remover allows Retrieve Embedded Sensitive Data.This issue affects User Spam Remover: from n/a through <= 1.1. | ||||
| CVE-2025-67564 | 2 Alekv, Wordpress | 2 Pixel Manager For Woocommerce, Wordpress | 2025-12-10 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a through <= 1.51.1. | ||||
| CVE-2025-67565 | 2 Sizam Design, Wordpress | 2 Rehub, Wordpress | 2025-12-10 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a through <= 19.9.9.1. | ||||
| CVE-2025-67567 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in uixthemes Sober sober allows Retrieve Embedded Sensitive Data.This issue affects Sober: from n/a through <= 3.5.11. | ||||
| CVE-2025-63009 | 2 Wordpress, Yuvalo | 2 Wordpress, Wp Google Analytics Events | 2025-12-10 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics Events: from n/a through <= 2.8.2. | ||||
| CVE-2025-63013 | 2 Thimpress, Wordpress | 2 Wp Hotel Booking, Wordpress | 2025-12-10 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through <= 2.2.7. | ||||
| CVE-2025-63070 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2025-12-10 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve Embedded Sensitive Data.This issue affects Download Manager: from n/a through <= 3.3.32. | ||||
| CVE-2025-63058 | 2 Hiroaki Miyashita, Wordpress | 2 Custom Field Template, Wordpress | 2025-12-10 | 4.4 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Retrieve Embedded Sensitive Data.This issue affects Custom Field Template: from n/a through <= 2.7.4. | ||||
| CVE-2025-66059 | 3 Castos, Craig Hewitt, Wordpress | 3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress | 2025-12-04 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0. | ||||
| CVE-2025-36112 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-12-01 | 5.3 Medium |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user. | ||||
| CVE-2025-64061 | 1 Primakon | 2 Pi Portal, Project Contract Management | 2025-12-01 | 4.3 Medium |
| Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level (including standard or low-privileged users), can make a GET request to this endpoint and retrieve a complete, unfiltered list of all registered application users. Crucially, the API response body for this endpoint includes password hashes. | ||||
| CVE-2025-66056 | 2 Uncannyowl, Wordpress | 2 Uncanny Automator, Wordpress | 2025-11-24 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0. | ||||
| CVE-2025-36160 | 1 Ibm | 1 Concert | 2025-11-21 | 5.3 Medium |
| IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system. | ||||
| CVE-2025-53862 | 1 Redhat | 1 Ansible Automation Platform | 2025-11-21 | 3.5 Low |
| A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information. | ||||