Skip to main content
CVE-2025-68508 MEDIUM This Month

Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through <= 0.8.3.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-68594 MEDIUM This Month

Broken access control in Opinion Stage Poll, Survey & Quiz Maker Plugin for WordPress versions through 19.12.0 allows authenticated attackers with low-level privileges to bypass authorization checks and access or modify high-sensitivity data. The vulnerability (CWE-862: Missing Authorization) enables privilege escalation through improperly configured access control mechanisms. EPSS probability is low at 0.04% (13th percentile), and no public exploit identified at time of analysis, though authentication bypass tags indicate established attack patterns exist for this vulnerability class.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-68589 MEDIUM This Month

Broken access control in WP Telegram Widget and Join Link plugin versions up to 2.2.12 allows authenticated users with low privileges to bypass authorization checks and access high-sensitivity configuration or data. The vulnerability enables unauthorized read and write operations (CVSS C:H/I:H) without requiring user interaction. EPSS score of 0.04% suggests low observed exploitation probability, and no public exploit code or active exploitation (CISA KEV) has been identified at time of analysis.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-68579 MEDIUM This Month

Missing Authorization vulnerability in FolioVision FV Simpler SEO fv-all-in-one-seo-pack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FV Simpler SEO: from n/a through <= 1.9.6.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-68578 MEDIUM This Month

Missing Authorization vulnerability in Addonify Addonify addonify-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify: from n/a through <= 2.0.4.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-68568 MEDIUM This Month

Missing authorization in Claspo WordPress plugin through version 1.0.7 allows unauthenticated remote attackers to modify data via incorrectly configured access controls. With CVSS 7.5 (High integrity impact) but only 0.04% EPSS probability, this represents elevated exposure in vulnerable installations despite low observed exploitation likelihood. No public exploit identified at time of analysis, though the authentication bypass tag indicates potential for unauthorized actions without credentials.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-68516 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1.

Information Disclosure
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-68600 MEDIUM This Month

Server-Side Request Forgery in WordPress Link Library plugin versions up to 7.8.7 allows unauthenticated remote attackers to make arbitrary HTTP requests from the server, potentially accessing internal resources, cloud metadata endpoints, or conducting reconnaissance of internal network infrastructure. CVSS score of 9.1 indicates high severity, though EPSS of 0.04% (14th percentile) suggests limited observed exploitation attempts. No active exploitation confirmed (not in CISA KEV) and no public exploit identified at time of analysis.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-68500 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider - Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider - Addons For Elementor: from n/a through <= 4.0.10.

SSRF
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-68592 MEDIUM This Month

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-68577 MEDIUM This Month

Missing Authorization vulnerability in Virusdie Virusdie virusdie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virusdie: from n/a through <= 1.1.6.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-68522 MEDIUM This Month

Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-68576 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through <= 1.1.6.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-67621 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a through <= 1.2.5.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-68535 MEDIUM This Month

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.1.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-68588 MEDIUM This Month

Access control bypass in TS Poll WordPress plugin (versions ≤2.5.5) allows low-privileged authenticated users to escalate privileges and gain unauthorized read/write access to poll data. Attackers with basic subscriber accounts can exploit misconfigured authorization checks to access or modify content beyond their intended permission level. EPSS exploitation probability is low (0.04%, 13th percentile), with no public exploit identified at time of analysis, suggesting limited immediate risk despite the 8.1 CVSS score.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-68587 MEDIUM This Month

Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-68523 MEDIUM This Month

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spiffy Calendar: from n/a through <= 5.0.7.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2023-28619 MEDIUM This Month

Missing Authorization vulnerability in bnayawpguy Resoto resoto allows Exploiting Incorrectly Configured Access Control Security Levels.0.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-68584 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Constantin Boiangiu Vimeotheque codeflavors-vimeo-video-post-lite allows Cross Site Request Forgery.This issue affects Vimeotheque: from n/a through <= 2.3.5.2.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-68583 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Tikweb Management Fast User Switching fast-user-switching allows Cross Site Request Forgery.This issue affects Fast User Switching: from n/a through <= 1.4.10.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-68580 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in pluginsware Advanced Classifieds & Directory Pro advanced-classifieds-and-directory-pro allows Cross Site Request Forgery.This issue affects Advanced Classifieds & Directory Pro: from n/a through <= 3.2.9.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-68529 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Cross Site Request Forgery.This issue affects WP Email Capture: from n/a through <= 3.12.5.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-67625 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in tmtraderunner Trade Runner traderunner allows Cross Site Request Forgery.This issue affects Trade Runner: from n/a through <= 3.14.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy