Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,821
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,361 - 12,380 of 13,433 CVEs
CVE-2025-69292 HIGH - 8.8

Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.

Vendor: e-plugins
Product: WP Membership
Published: Jan 22, 2026
Source: NVD
CVE-2025-69193 HIGH - 7.3

Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4.

Vendor: e-plugins
Product: WP Membership
Published: Jan 22, 2026
Source: NVD
CVE-2025-69192 HIGH - 7.3

Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5.

Vendor: e-plugins
Product: Real Estate Pro
Published: Jan 22, 2026
Source: NVD
CVE-2025-69191 HIGH - 7.3

Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through <= 1.2.7.

Vendor: e-plugins
Product: ListingHub
Published: Jan 22, 2026
Source: NVD
CVE-2025-69190 HIGH - 7.3

Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through <= 1.0.6.

Vendor: e-plugins
Product: Listihub
Published: Jan 22, 2026
Source: NVD
CVE-2025-69188 HIGH - 7.3

Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through <= 1.7.1.

Vendor: e-plugins
Product: fitness-trainer
Published: Jan 22, 2026
Source: NVD
CVE-2025-69187 HIGH - 7.3

Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5.

Vendor: e-plugins
Product: Final User
Published: Jan 22, 2026
Source: NVD
CVE-2025-69186 HIGH - 7.3

Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.

Vendor: e-plugins
Product: Hospital Doctor Directory
Published: Jan 22, 2026
Source: NVD
CVE-2025-69185 HIGH - 7.3

Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.

Vendor: e-plugins
Product: Hotel Listing
Published: Jan 22, 2026
Source: NVD
CVE-2025-69184 HIGH - 7.3

Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3.4.

Vendor: e-plugins
Product: Institutions Directory
Published: Jan 22, 2026
Source: NVD
CVE-2025-69183 HIGH - 8.8

Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.

Vendor: e-plugins
Product: Hospital Doctor Directory
Published: Jan 22, 2026
Source: NVD
CVE-2025-69182 HIGH - 8.8

Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4.

Vendor: e-plugins
Product: Institutions Directory
Published: Jan 22, 2026
Source: NVD
CVE-2025-69181 HIGH - 7.3

Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.4.

Vendor: e-plugins
Product: Lawyer Directory
Published: Jan 22, 2026
Source: NVD
CVE-2025-69180 HIGH - 8.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra Portfolio: from n/a through <= 6.7.

Vendor: themepassion
Product: Ultra Portfolio
Published: Jan 22, 2026
Source: NVD
CVE-2025-69102 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boopathi Rajan WP Test Email wp-test-email allows Reflected XSS.This issue affects WP Test Email: from n/a through <= 1.1.7.

Vendor: Boopathi Rajan
Product: WP Test Email
Published: Jan 22, 2026
Source: NVD
CVE-2025-69100 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North north-wp allows PHP Local File Inclusion.This issue affects North: from n/a through <= 5.7.5.

Vendor: fuelthemes
Product: North
Published: Jan 22, 2026
Source: NVD
CVE-2025-69099 HIGH - 8.6

Deserialization of Untrusted Data vulnerability in fuelthemes North north-wp allows Object Injection.This issue affects North: from n/a through <= 5.7.5.

Vendor: fuelthemes
Product: North
Published: Jan 22, 2026
Source: NVD
CVE-2025-69097 HIGH - 8.6

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9.5.4.

Vendor: VibeThemes
Product: WPLMS
Published: Jan 22, 2026
Source: NVD
CVE-2025-69077 HIGH - 8.2

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hobo hobo allows PHP Local File Inclusion.This issue affects Hobo: from n/a through <= 1.0.10.

Vendor: AncoraThemes
Product: Hobo
Published: Jan 22, 2026
Source: NVD
CVE-2025-69076 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Modern Housewife modernhousewife allows PHP Local File Inclusion.This issue affects Modern Housewife: from n/a through <= 1.0.12.

Vendor: AncoraThemes
Product: Modern Housewife
Published: Jan 22, 2026
Source: NVD