Skip to main content
CVE-2025-69298 HIGH This Week

Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4. [CVSS 7.5 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68048 HIGH This Week

XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite is affected by missing authorization (CVSS 7.5).

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-67994 HIGH This Week

Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= 3.3. [CVSS 7.5 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68051 HIGH This Week

Shiprocket Shiprocket shiprocket is affected by authorization bypass through user-controlled key (CVSS 7.4).

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69394 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cnvrse: from n/a through <= 026.02.10.20. [CVSS 7.5 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69393 HIGH This Week

Missing Authorization vulnerability in Jthemes Exzo exzo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Exzo: from n/a through <= 1.2.4. [CVSS 7.5 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-69297 HIGH This Week

Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19. [CVSS 7.5 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-67974 HIGH This Week

Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4. [CVSS 7.5 HIGH]

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-26048 HIGH This Week

Wi-Fi routers lacking management frame protection are susceptible to forged deauthentication and disassociation attacks, enabling unauthenticated remote attackers to disconnect legitimate users and disrupt network availability. This vulnerability allows attackers to broadcast spoofed wireless management frames without credentials, creating denial-of-service conditions affecting all connected devices. No patch is currently available for this high-severity issue.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22383 HIGH This Week

Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends is affected by authorization bypass through user-controlled key (CVSS 5.4).

WordPress Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24455 HIGH This Week

HTTP Basic Authentication over unencrypted connections in the device's embedded web interface allows attackers on the same network to passively intercept and capture user credentials. This cleartext transmission of authentication data exposes administrative access to network-based eavesdropping attacks. The lack of HTTPS/TLS support creates a significant credential compromise risk for affected devices with no available patch.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-68834 HIGH This Week

Missing Authorization vulnerability in Saiful Islam Sync Master Sheet &#8211; Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet &#8211; Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3.

WordPress Authentication Bypass Google
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2045 HIGH PATCH This Week

Out-of-bounds write in GIMP 3.0.6's XWD (X Window Dump) image file parser allows remote attackers to execute arbitrary code in the context of the user running GIMP, provided the victim is lured into opening a malicious XWD file or visiting a page that delivers one. The CVSS 3.1 vector (AV:L/UI:R) shows this is not a remote-network attack but a user-interaction-driven file-parsing flaw, scored 7.3 (High). There is no public exploit identified at time of analysis, and EPSS is very low (0.08%, 23rd percentile), consistent with an attack that depends on social engineering rather than mass automation.

RCE Gimp Buffer Overflow Memory Corruption
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-68022 HIGH This Week

soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce is affected by missing authorization (CVSS 6.3).

WordPress Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-2040 HIGH This Week

PDF-XChange Editor's TrackerUpdate process loads libraries from an unsecured location, enabling local attackers with low-privileged code execution to escalate privileges and run arbitrary code with elevated permissions. This high-severity vulnerability (CVSS 7.3) affects systems where an attacker has already gained initial code execution access. No patch is currently available.

Privilege Escalation
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2025-69378 HIGH This Week

XforWooCommerce Product Filter for WooCommerce prdctfltr contains a security vulnerability (CVSS 7.3).

WordPress Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-69299 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8. [CVSS 7.2 HIGH]

SSRF
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-69381 HIGH This Week

vanquish WooCommerce Bulk Product Editor woocommerce-quick-product-editor is affected by missing authorization (CVSS 7.1).

WordPress PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-27072 HIGH This Week

PixelYourSite plugin versions up to 11.2.0.1 contain a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into web pages without authentication. An attacker can exploit this to execute arbitrary JavaScript in the browsers of site visitors, potentially stealing session data or performing unauthorized actions on behalf of users. No patch is currently available for this vulnerability.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-24955 HIGH This Week

Reflected cross-site scripting in fox-themes Whizz Plugins version 1.9 and earlier allows unauthenticated remote attackers to inject malicious scripts into web pages viewed by victims, potentially leading to session hijacking, credential theft, or malware distribution. The vulnerability requires user interaction to trigger and can affect all visitors to a compromised site due to its cross-site impact. No patch is currently available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-24949 HIGH This Week

DOM-based cross-site scripting in ThemeGoods PhotoMe through version 5.7.1 enables attackers to inject malicious scripts that execute in users' browsers without authentication. An attacker can exploit this vulnerability to steal sensitive data, hijack user sessions, or perform unauthorized actions on behalf of affected users. No patch is currently available, and exploitation requires user interaction to trigger the payload.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-24948 HIGH This Week

Reflected XSS in fox-themes Reflector plugin versions up to 1.2.2 enables attackers to inject malicious scripts into web pages viewed by victims, potentially allowing theft of session cookies, credentials, or sensitive data through user interaction. The vulnerability requires no authentication and can spread across security boundaries, affecting all users who click malicious links. No patch is currently available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-24943 HIGH This Week

Reflected cross-site scripting in ThemeGoods Grand Conference up to version 5.3.4 enables attackers to inject malicious scripts into web pages viewed by users, potentially stealing session data or performing actions on their behalf. The vulnerability requires user interaction to trigger but can be exploited remotely without authentication. No patch is currently available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-22357 HIGH This Week

Reflected cross-site scripting in Link Whisper Free through version 0.9.0 allows unauthenticated attackers to inject malicious scripts into web pages viewed by other users. Exploitation requires user interaction (clicking a malicious link) but can lead to session hijacking, credential theft, and unauthorized actions performed on behalf of victims. No patch is currently available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-22352 HIGH This Week

PersianScript Persian Woocommerce SMS persian-woocommerce-sms is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69392 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itex iMoney imoney allows Reflected XSS.This issue affects iMoney: from n/a through <= 0.36. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69391 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Diamond diamond allows Reflected XSS.This issue affects Diamond: from n/a through <= 2.4.8. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69390 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Business Template Blocks for WPBakery (Visual Composer) Page Builder templates-and-addons-for-wpbakery-page-builder allows Reflected XSS.This issue affects Business Template Blocks for WPBakery (Visual Composer) Page Builder: from n/a through <= 1.3.2. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69389 HIGH This Week

Hugh Mungus Visitor Maps Extended Referer Field visitor-maps-extended-referer-field is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69386 HIGH This Week

realvirtualmx RVCFDI para Woocommerce rvcfdi-para-woocommerce is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69384 HIGH This Week

wpdiscover Timeline Event History timeline-event-history is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69368 HIGH This Week

GT3themes SOHO - Photography WordPress Theme soho is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69367 HIGH This Week

GT3themes Oyster - Photography WordPress Theme oyster is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69330 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes Prestige prestige allows Reflected XSS.This issue affects Prestige: from n/a through < 1.4.1. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69326 HIGH This Week

Basix NEX-Forms nex-forms-express-wp-form-builder is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69324 HIGH This Week

Basix NEX-Forms nex-forms-express-wp-form-builder is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69323 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through <= 5.3.2. [CVSS 7.1 HIGH]

WordPress Industrial XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69302 HIGH This Week

designthemes DesignThemes Core Features designthemes-core-features is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-69296 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhostPool Aardvark aardvark allows Reflected XSS.This issue affects Aardvark: from n/a through <= 4.6.3. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68880 HIGH This Week

peterwsterling Simple Archive Generator simple-archive-generator is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68863 HIGH This Week

Zack Katz iContact for Gravity Forms gravity-forms-icontact is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68856 HIGH This Week

keeswolters Mopinion Feedback Form mopinion-feedback-form is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68854 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through <= 2.1.2. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68852 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.9. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68848 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anmari amr cron manager amr-cron-manager allows Reflected XSS.This issue affects amr cron manager: from n/a through <= 2.3. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68847 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itex iSape isape allows Reflected XSS.This issue affects iSape: from n/a through <= 0.72. [CVSS 7.1 HIGH]

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68846 HIGH This Week

Paris Holley Asynchronous Javascript asynchronous-javascript is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68845 HIGH This Week

aThemeArt Translations eDS Responsive Menu eds-responsive-menu is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68844 HIGH This Week

DaleAB Membee Login membees-member-login-widget is affected by cross-site scripting (xss) (CVSS 7.1).

XSS
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-68843 HIGH This Week

Bas Schuiling FeedWordPress Advanced Filters faf is affected by cross-site scripting (xss) (CVSS 7.1).

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.0%
Prev Page 5 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy