Skip to main content
CVE-2025-41363 MEDIUM PATCH This Month

A remote code execution vulnerability in IDF (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-5733 MEDIUM This Month

A security vulnerability in for WordPress is vulnerable to Full Path Disclosure in all (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49294 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Retrieve Embedded Sensitive Data. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-23969 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences allows Retrieve Embedded Sensitive Data. This issue affects KI Live Video Conferences: from n/a through 5.5.15.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49441 MEDIUM This Month

Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Interactive Regional Map of Florida: from n/a through 1.0.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49324 MEDIUM This Month

Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49320 MEDIUM This Month

A remote code execution vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49270 MEDIUM This Month

Missing Authorization vulnerability in Mario Peshev WP-CRM System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-CRM System: from n/a through 3.4.2.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49268 MEDIUM This Month

Missing Authorization vulnerability in Soft8Soft LLC Verge3D allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Verge3D: from n/a through 4.9.4.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49241 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in bobbingwide oik (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49236 MEDIUM This Month

A security vulnerability in raychat Raychat allows Accessing Functionality Not Properly Constrained by ACLs (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-31000 MEDIUM This Month

Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payment QR WooCommerce: from n/a through 1.1.6.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-30945 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in taskbuilder Taskbuilder (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-30934 MEDIUM This Month

Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects 診断ジェネレータ作成プラグイン: from n/a through 1.4.16.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-29006 MEDIUM This Month

A remote code execution vulnerability (CVSS 5.3) that allows accessing functionality not properly constrained. Remediation should follow standard vulnerability management procedures.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-28997 MEDIUM This Month

Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-28995 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in viralloops Viral Loops WP Integration (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-24763 MEDIUM This Month

Missing Authorization vulnerability in Pascal Casier bbPress API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects bbPress API: from n/a through 1.0.14.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-23971 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in whassan KI Live Video Conferences (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-48337 MEDIUM This Month

Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-41364 MEDIUM PATCH This Month

Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-41365 MEDIUM PATCH This Month

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed only with permissions higher than the view permission.

RCE Code Injection
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-41366 MEDIUM PATCH This Month

A remote code execution vulnerability in IDF (CVSS 5.1). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-5719 MEDIUM This Month

The wallet has an authentication bypass vulnerability that allows access to specific pages.

Authentication Bypass
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-49289 MEDIUM This Month

A security vulnerability in add-ons (CVSS 5.0). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2025-0620 MEDIUM PATCH This Month

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

Information Disclosure Path Traversal Samba
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-5760 MEDIUM This Month

The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password‐related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third‐party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password.

WordPress Information Disclosure PHP
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-4964 MEDIUM This Month

The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘table_name’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

WordPress SQLi Wp Online Users Stats PHP
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-30976 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in wpdive Nexa Blocks allows Server Side Request Forgery. This issue affects Nexa Blocks: from n/a through 1.1.0.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-29008 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark allows Server Side Request Forgery. This issue affects SocialMark: from n/a through 2.0.7.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-41367 MEDIUM PATCH This Month

Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.

XSS
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-46941 MEDIUM This Month

A security vulnerability in SystemUI (CVSS 4.8) that allows access. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-49325 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Automattic Newspack Newsletters allows Phishing. This issue affects Newspack Newsletters: from n/a through 3.13.0.

Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-30954 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin allows Phishing. This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through 1.1.0.

Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-30953 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Salesforce allows Phishing. This issue affects WP Gravity Forms Salesforce: from n/a through 1.4.7.

Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-48904 MEDIUM This Month

CVE-2025-48904 is a security vulnerability (CVSS 4.4). Remediation should follow standard vulnerability management procedures.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-5715 LOW POC Monitor

A security vulnerability in A vulnerability (CVSS 3.8). Risk factors: public PoC available.

Information Disclosure Google
NVD VulDB
CVSS 4.0
0.3
EPSS
0.1%
CVE-2025-30978 MEDIUM This Month

Missing Authorization vulnerability in Dor Zuberi Slack Notifications by dorzki allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slack Notifications by dorzki: from n/a through 2.0.7.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49292 MEDIUM This Month

A security vulnerability in Cozmoslabs Profile Builder allows Phishing (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-56343 MEDIUM This Month

IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.

Denial Of Service IBM Verify Identity Access Digital Credentials
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1778 MEDIUM This Month

A security vulnerability in all (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-30974 MEDIUM This Month

Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Grid Master: from n/a through 3.4.13.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49250 MEDIUM PATCH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in cmoreira Team Showcase allows Code Injection. This issue affects Team Showcase: from n/a through n/a.

RCE Code Injection
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49293 MEDIUM This Month

Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49287 MEDIUM This Month

Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Feed for WooCommerce: from n/a through 2.2.8.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49272 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in sergiotrinity Trinity Audio (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49248 MEDIUM PATCH This Month

A security vulnerability in Missing Authorization vulnerability in cmoreira Team Showcase (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49246 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in cmoreira Testimonials Showcase (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-30624 MEDIUM This Month

Missing Authorization vulnerability in WordLift WordLift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordLift: from n/a through 3.54.4.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-29010 MEDIUM This Month

A security vulnerability in Missing Authorization vulnerability in eleopard Behance Portfolio Manager (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 6 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy