Skip to main content
CVE-2025-68013 MEDIUM This Month

cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo is affected by missing authorization (CVSS 6.5).

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-67939 MEDIUM This Month

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.2. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24355 MEDIUM This Month

favethemes Houzez Theme - Functionality houzez-theme-functionality is affected by cross-site scripting (xss) (CVSS 5.4).

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22349 MEDIUM This Month

The Menu In Post plugin for Linux through version 1.4.1 contains a DOM-based cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into web pages viewed by other users. An attacker with user-level access can exploit this to steal session tokens, deface content, or perform actions on behalf of victims. No patch is currently available for this vulnerability.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-63026 MEDIUM This Month

ThemeGoods Grand Restaurant Theme Elements for Elementor grandrestaurant-elementor is affected by cross-site scripting (xss) (CVSS 5.4).

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50005 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2. [CVSS 6.1 MEDIUM]

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68911 MEDIUM This Month

Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through <= 2.1.16. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68900 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows DOM-Based XSS.This issue affects Enfold: from n/a through <= 7.1.3. [CVSS 6.5 MEDIUM]

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20800 MEDIUM PATCH This Month

Gitea's notification API fails to re-validate repository access permissions when retrieving notification details, allowing users with revoked access to private repositories to continue viewing issue and pull request titles through cached notifications. An authenticated attacker can exploit this to maintain visibility into sensitive repository content after their access has been removed. A patch is available.

Information Disclosure Gitea Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20904 MEDIUM PATCH This Month

Gitea's OpenID URI visibility controls lack proper ownership validation, allowing authenticated users to modify the visibility settings of other users' OpenID identities. This integrity bypass affects any Gitea instance where multiple users manage OpenID configurations, enabling account enumeration or information disclosure through unauthorized visibility changes. A patch is available to remediate this medium-severity vulnerability.

Authentication Bypass Gitea Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20883 MEDIUM PATCH This Month

Gitea's stopwatch API fails to re-validate repository access permissions, allowing revoked users to access sensitive information through active stopwatch sessions. An authenticated attacker with prior access to a private repository can enumerate issue titles and repository names even after their permissions have been removed. A patch is available to enforce proper access control validation.

Authentication Bypass Gitea Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13335 MEDIUM This Month

Gitlab versions up to 18.6.4 is affected by loop with unreachable exit condition (infinite loop) (CVSS 6.5).

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-32057 MEDIUM This Month

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 - 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. [CVSS 6.5 MEDIUM]

TLS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-67961 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows Server Side Request Forgery.This issue affects WPO365: from n/a through <= 40.0. [CVSS 6.4 MEDIUM]

SSRF
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-25051 MEDIUM This Month

An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks. [CVSS 6.1 MEDIUM]

Information Disclosure
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-67683 MEDIUM This Month

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. [CVSS 6.1 MEDIUM]

XSS Quick.Cart
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-67652 MEDIUM This Month

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. [CVSS 6.1 MEDIUM]

Authentication Bypass
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23976 MEDIUM This Month

WP Chill Modula Image Gallery modula-best-grid-gallery is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-49336 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through <= 1.1.8.4. [CVSS 5.4 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-47500 MEDIUM This Month

Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks is affected by cross-site scripting (xss) (CVSS 5.4).

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-23991 MEDIUM PATCH This Month

go-tuf is a Go implementation of The Update Framework (TUF). [CVSS 5.9 MEDIUM]

Golang Denial Of Service Go Tuf Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-22388 MEDIUM This Month

Stored XSS in Owl Carousel WP through version 2.2.2 allows authenticated users with high privileges to inject malicious scripts that persist in web pages and execute in visitors' browsers. An attacker with administrative access could exploit improper input sanitization to compromise site visitor sessions or steal sensitive data. A patch is not currently available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-62077 MEDIUM This Month

SEOSEON EUROPE S.L Affiliate Link Tracker affiliate-link-tracker is affected by cross-site scripting (xss) (CVSS 5.9).

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-23992 MEDIUM PATCH This Month

Signature threshold validation bypass in go-tuf versions 2.0.0 through 2.3.0 allows a compromised or misconfigured TUF repository to disable signature verification by setting thresholds to zero, enabling attackers to tamper with metadata files without detection. This affects systems relying on go-tuf for secure software update verification, potentially allowing unauthorized modifications to trusted metadata both at rest and in transit. A patch is available in version 2.3.1.

Golang Go Tuf Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-68898 MEDIUM This Month

cjjparadoxmax Synergy Project Manager synergy-project-manager is affected by cross-site scripting (xss) (CVSS 5.8).

XSS
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-4763 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026. [CVSS 5.5 MEDIUM]

XSS Hotel Guest Hotspot
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-66138 MEDIUM This Month

merkulove Motionger for Elementor motionger-elementor is affected by missing authorization (CVSS 8.8).

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-66137 MEDIUM This Month

Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-66136 MEDIUM This Month

Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-66135 MEDIUM This Month

Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through <= 2.0.4. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-62106 MEDIUM This Month

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-49375 MEDIUM This Month

Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-66143 MEDIUM This Month

Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10. [CVSS 5.4 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66142 MEDIUM This Month

merkulove Comparimager for Elementor comparimager-elementor is affected by missing authorization (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66141 MEDIUM This Month

Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2. [CVSS 5.4 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66139 MEDIUM This Month

Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through <= 1.0.9. [CVSS 5.4 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-62741 MEDIUM This Month

Pool Services WordPress plugin has a Server-Side Request Forgery vulnerability allowing attackers to make the server perform arbitrary HTTP requests to internal and external targets.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-22358 MEDIUM This Month

SmartDataSoft Electrician - Electrical Service WordPress electrician is affected by server-side request forgery (ssrf) (CVSS 5.4).

WordPress SSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-22430 MEDIUM This Month

Mikado-Themes Verdure verdure is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-22426 MEDIUM This Month

Elated-Themes Sweet Jane sweetjane is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-22400 MEDIUM This Month

Mikado-Themes Holmes holmes is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-22398 MEDIUM This Month

Mikado-Themes Fleur fleur is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-22396 MEDIUM This Month

Mikado-Themes Fiorello fiorello is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-22393 MEDIUM This Month

Mikado-Themes Curly curly is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-22391 MEDIUM This Month

Mikado-Themes Cocco cocco is affected by authorization bypass through user-controlled key (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-69300 MEDIUM This Month

Leap13 Premium Addons for Elementor premium-addons-for-elementor is affected by missing authorization (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66140 MEDIUM This Month

Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5. [CVSS 5.4 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-24381 MEDIUM This Month

ThemeGoods PhotoMe versions below 5.7.2 contain a server-side request forgery vulnerability that allows unauthenticated attackers to perform arbitrary HTTP requests on behalf of the affected server. The vulnerability requires user interaction to exploit and can lead to information disclosure or unintended modifications on the target system. No patch is currently available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-22382 MEDIUM This Month

Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends is affected by cross-site request forgery (csrf) (CVSS 5.4).

WordPress CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-24384 MEDIUM This Month

The Merge + Minify + Refresh WordPress plugin through version 2.14 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated users. An attacker can craft malicious requests to trick site administrators into executing unintended operations, potentially compromising website functionality or configuration. No patch is currently available for this vulnerability.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy