Skip to main content
CVE-2025-67954 MEDIUM This Month

Dimitri Grassi Salon booking system salon-booking-system contains a security vulnerability (CVSS 6.5).

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69315 MEDIUM This Month

NSquared Simply Schedule Appointments simply-schedule-appointments is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-69095 MEDIUM This Month

designthemes Reservation Plugin dt-reservation-plugin is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68507 MEDIUM This Month

Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through <= 3.1.35. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68072 MEDIUM This Month

Merv Barrett Easy Property Listings easy-property-listings is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68039 MEDIUM This Month

Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.0.0. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68020 MEDIUM This Month

Missing Authorization vulnerability in WANotifier WANotifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WANotifier: from n/a through <= 2.7.12. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68016 MEDIUM This Month

Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce is affected by missing authorization (CVSS 6.5).

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68009 MEDIUM This Month

Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through <= 1.0.3. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68007 MEDIUM This Month

Event Espresso Event Espresso 4 Decaf event-espresso-decaf is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68003 MEDIUM This Month

Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through <= 1.2.10. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-67942 MEDIUM This Month

peachpayments Peach Payments Gateway wc-peach-payments-gateway is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23964 MEDIUM This Month

Mastodon is a free, open-source social network server based on ActivityPub. [CVSS 6.5 MEDIUM]

Authentication Bypass Mastodon
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68073 MEDIUM This Month

Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance is affected by missing authorization (CVSS 6.5).

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68013 MEDIUM This Month

cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo is affected by missing authorization (CVSS 6.5).

WordPress Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-67939 MEDIUM This Month

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.2. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24355 MEDIUM This Month

favethemes Houzez Theme - Functionality houzez-theme-functionality is affected by cross-site scripting (xss) (CVSS 5.4).

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22349 MEDIUM This Month

The Menu In Post plugin for Linux through version 1.4.1 contains a DOM-based cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into web pages viewed by other users. An attacker with user-level access can exploit this to steal session tokens, deface content, or perform actions on behalf of victims. No patch is currently available for this vulnerability.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-63026 MEDIUM This Month

ThemeGoods Grand Restaurant Theme Elements for Elementor grandrestaurant-elementor is affected by cross-site scripting (xss) (CVSS 5.4).

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-50005 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2. [CVSS 6.1 MEDIUM]

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68911 MEDIUM This Month

Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through <= 2.1.16. [CVSS 6.5 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-68900 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows DOM-Based XSS.This issue affects Enfold: from n/a through <= 7.1.3. [CVSS 6.5 MEDIUM]

XSS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20800 MEDIUM PATCH This Month

Gitea's notification API fails to re-validate repository access permissions when retrieving notification details, allowing users with revoked access to private repositories to continue viewing issue and pull request titles through cached notifications. An authenticated attacker can exploit this to maintain visibility into sensitive repository content after their access has been removed. A patch is available.

Information Disclosure Gitea Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20904 MEDIUM PATCH This Month

Gitea's OpenID URI visibility controls lack proper ownership validation, allowing authenticated users to modify the visibility settings of other users' OpenID identities. This integrity bypass affects any Gitea instance where multiple users manage OpenID configurations, enabling account enumeration or information disclosure through unauthorized visibility changes. A patch is available to remediate this medium-severity vulnerability.

Authentication Bypass Gitea Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20883 MEDIUM PATCH This Month

Gitea's stopwatch API fails to re-validate repository access permissions, allowing revoked users to access sensitive information through active stopwatch sessions. An authenticated attacker with prior access to a private repository can enumerate issue titles and repository names even after their permissions have been removed. A patch is available to enforce proper access control validation.

Authentication Bypass Gitea Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13335 MEDIUM This Month

Gitlab versions up to 18.6.4 is affected by loop with unreachable exit condition (infinite loop) (CVSS 6.5).

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-32057 MEDIUM This Month

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 - 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. [CVSS 6.5 MEDIUM]

TLS
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-67961 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows Server Side Request Forgery.This issue affects WPO365: from n/a through <= 40.0. [CVSS 6.4 MEDIUM]

SSRF
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-1327 LOW POC Monitor

Totolik NR1800X firmware versions up to 9.1.0u.6279_B20210910 contain a command injection vulnerability in the setTracerouteCfg function that allows authenticated remote attackers to execute arbitrary commands via malicious POST requests. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this to achieve remote code execution on affected network devices.

Command Injection Nr1800x Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
0.7%
CVE-2025-25051 MEDIUM This Month

An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks. [CVSS 6.1 MEDIUM]

Information Disclosure
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-67683 MEDIUM This Month

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. [CVSS 6.1 MEDIUM]

XSS Quick.Cart
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-67652 MEDIUM This Month

An attacker with access to the project file could use the exposed credentials to impersonate users, escalate privileges, or gain unauthorized access to systems and services. [CVSS 6.1 MEDIUM]

Authentication Bypass
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23976 MEDIUM This Month

WP Chill Modula Image Gallery modula-best-grid-gallery is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-49336 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through <= 1.1.8.4. [CVSS 5.4 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-47500 MEDIUM This Month

Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks is affected by cross-site scripting (xss) (CVSS 5.4).

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-23991 MEDIUM PATCH This Month

go-tuf is a Go implementation of The Update Framework (TUF). [CVSS 5.9 MEDIUM]

Golang Denial Of Service Go Tuf Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-22388 MEDIUM This Month

Stored XSS in Owl Carousel WP through version 2.2.2 allows authenticated users with high privileges to inject malicious scripts that persist in web pages and execute in visitors' browsers. An attacker with administrative access could exploit improper input sanitization to compromise site visitor sessions or steal sensitive data. A patch is not currently available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-62077 MEDIUM This Month

SEOSEON EUROPE S.L Affiliate Link Tracker affiliate-link-tracker is affected by cross-site scripting (xss) (CVSS 5.9).

XSS
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-23992 MEDIUM PATCH This Month

Signature threshold validation bypass in go-tuf versions 2.0.0 through 2.3.0 allows a compromised or misconfigured TUF repository to disable signature verification by setting thresholds to zero, enabling attackers to tamper with metadata files without detection. This affects systems relying on go-tuf for secure software update verification, potentially allowing unauthorized modifications to trusted metadata both at rest and in transit. A patch is available in version 2.3.1.

Golang Go Tuf Red Hat Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-68898 MEDIUM This Month

cjjparadoxmax Synergy Project Manager synergy-project-manager is affected by cross-site scripting (xss) (CVSS 5.8).

XSS
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-4763 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026. [CVSS 5.5 MEDIUM]

XSS Hotel Guest Hotspot
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-66138 MEDIUM This Month

merkulove Motionger for Elementor motionger-elementor is affected by missing authorization (CVSS 8.8).

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-66137 MEDIUM This Month

Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Elementor: from n/a through <= 1.0.3. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-66136 MEDIUM This Month

Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-66135 MEDIUM This Month

Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through <= 2.0.4. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-62106 MEDIUM This Month

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-49375 MEDIUM This Month

Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1. [CVSS 8.8 HIGH]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-66143 MEDIUM This Month

Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10. [CVSS 5.4 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66142 MEDIUM This Month

merkulove Comparimager for Elementor comparimager-elementor is affected by missing authorization (CVSS 5.4).

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66141 MEDIUM This Month

Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2. [CVSS 5.4 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
Prev Page 7 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy