Skip to main content
CVE-2026-21524 HIGH PATCH This Week

Azure Data Explorer exposes sensitive information to unauthenticated remote attackers through a network-accessible vulnerability requiring only user interaction. An attacker can retrieve confidential data without authorization, potentially compromising customer information stored in affected Azure deployments. No patch is currently available for this high-severity vulnerability.

Azure Azure Data Explorer
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-21521 HIGH PATCH This Week

Information disclosure in Microsoft 365 Word Copilot enables unauthenticated attackers to extract sensitive data through improper handling of escape and control sequences in network communications. The vulnerability requires user interaction to trigger and affects the Copilot AI/ML service with a CVSS score of 7.4. No patch is currently available.

Information Disclosure AI / ML 365 Word Copilot
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-0723 HIGH This Week

GitLab CE/EE versions 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 are vulnerable to two-factor authentication bypass when an attacker has knowledge of a victim's credential ID and can forge device responses. This allows an unauthenticated attacker to circumvent 2FA protections and gain unauthorized access to accounts. No patch is currently available.

Gitlab
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-67684 HIGH This Week

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. [CVSS 7.2 HIGH]

PHP RCE LFI Path Traversal Quick.Cart
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-69193 HIGH This Week

Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4. [CVSS 7.3 HIGH]

WordPress PHP
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-69192 HIGH This Week

Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5. [CVSS 7.3 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-69191 HIGH This Week

Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through <= 1.2.7. [CVSS 7.3 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-69190 HIGH This Week

Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through <= 1.0.6. [CVSS 7.3 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-69188 HIGH This Week

Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through <= 1.7.1. [CVSS 7.3 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-69187 HIGH This Week

Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5. [CVSS 7.3 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-69186 HIGH This Week

e-plugins Hospital Doctor Directory hospital-doctor-directory is affected by missing authorization (CVSS 7.3).

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-69185 HIGH This Week

Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2. [CVSS 7.3 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-69184 HIGH This Week

e-plugins Institutions Directory institutions-directory is affected by missing authorization (CVSS 7.3).

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-69181 HIGH This Week

Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.4. [CVSS 7.3 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-68027 HIGH This Week

Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through <= 1.1.32. [CVSS 7.3 HIGH]

Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-55705 HIGH This Week

This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. [CVSS 7.3 HIGH]

Authentication Bypass Evmapa
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-23699 HIGH This Week

Unauthenticated attackers can execute arbitrary OS commands on AP180 series devices running firmware versions before AP_RGOS 11.9(4)B1P8 through a command injection vulnerability. This allows complete system compromise including data theft, modification, and availability disruption. No patch is currently available.

Command Injection
NVD
CVSS 3.0
7.2
EPSS
0.3%
CVE-2025-68030 HIGH This Week

WP Messiah Frontis Blocks frontis-blocks is affected by server-side request forgery (ssrf) (CVSS 7.2).

SSRF
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-69320 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Magazine grandmagazine allows Reflected XSS.This issue affects Grand Magazine: from n/a through <= 3.5.7. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69318 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hossni Mubarak JobWP jobwp allows Stored XSS.This issue affects JobWP: from n/a through <= 2.4.5. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69102 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boopathi Rajan WP Test Email wp-test-email allows Reflected XSS.This issue affects WP Test Email: from n/a through <= 1.1.7. [CVSS 7.1 HIGH]

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69056 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Hotel Listing hotel-listing allows Reflected XSS.This issue affects Hotel Listing: from n/a through <= 1.4.0. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69054 HIGH This Week

highwarden Super Logos Showcase superlogoshowcase-wp is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69053 HIGH This Week

LambertGroup Universal Video Player universal-video-player is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69051 HIGH This Week

CridioStudio ListingPro Reviews listingpro-reviews is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69048 HIGH This Week

LambertGroup Universal Video Player universal-video-player is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69003 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through <= 2.2.0. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68906 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a through <= 11.0.2. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68904 HIGH This Week

jegtheme JNews - Frontend Submit jnews-frontend-submit is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68894 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a through <= 4.0.2. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68884 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Redirect: from n/a through <= 1.1. [CVSS 7.1 HIGH]

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68883 HIGH This Week

extremeidea bidorbuy Store Integrator bidorbuystoreintegrator is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68871 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through <= 2.3.0. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68866 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through <= 1.18. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68864 HIGH This Week

Stored cross-site scripting in Infility Global WordPress plugin through version 2.14.50 allows remote attackers to inject malicious scripts that execute in victim browsers. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) indicates unauthenticated attackers can exploit this remotely with low complexity, requiring only victim interaction. EPSS score of 0.04% (12th percentile) suggests low probability of mass exploitation. Patchstack vulnerability database confirms this as a stored XSS vulnerability, meaning injected scripts persist and affect multiple users who view the compromised content.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68859 HIGH This Week

agmorpheus Syntax Highlighter Compress syntax-highlighter-compress is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68858 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson wpCAS wpcas allows Reflected XSS.This issue affects wpCAS: from n/a through <= 1.07. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68849 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank Corso Quote Master quote-master allows Reflected XSS.This issue affects Quote Master: from n/a through <= 7.1.1. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68839 HIGH This Week

Remi Corson Easy Theme Options easy-theme-options is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68838 HIGH This Week

expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68835 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.33. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68538 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through <= 2.3.6. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68520 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods DotLife dotlife allows Reflected XSS.This issue affects DotLife: from n/a through < 4.9.5. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68518 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Hoteller hoteller allows Reflected XSS.This issue affects Hoteller: from n/a through < 6.8.9. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68041 HIGH This Week

codisto Omnichannel for WooCommerce codistoconnect is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68012 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/a through <= 0.10.1. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68011 HIGH This Week

GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68010 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netgsm Netgsm netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through <= 2.9.63. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68008 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= 1.3. [CVSS 7.1 HIGH]

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68004 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through <= 1.2.1.1. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
Prev Page 5 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy