Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,838
Quick preset (or use dates below)
Clear Filters
Showing 13,241 - 13,260 of 14,728 CVEs
CVE-2025-68072 MEDIUM - 6.5

Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.17.

Vendor: Merv Barrett
Product: Easy Property Listings
Published: Jan 22, 2026
Source: NVD
CVE-2025-68046 MEDIUM - 6.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through <= 2.0...

Vendor: ThemeHunk
Product: Contact Form & Lead Form Elementor Builder
Published: Jan 22, 2026
Source: NVD
CVE-2025-68039 MEDIUM - 6.5

Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.0.0.

Vendor: Chris Simmons
Product: WP BackItUp
Published: Jan 22, 2026
Source: NVD
CVE-2025-68020 MEDIUM - 6.5

Missing Authorization vulnerability in WANotifier WANotifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WANotifier: from n/a through <= 2.7.12.

Vendor: WANotifier
Product: WANotifier
Published: Jan 22, 2026
Source: NVD
CVE-2025-68019 MEDIUM - 6.5

Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8.

Vendor: cleverplugins
Product: SEO Booster
Published: Jan 22, 2026
Source: NVD
CVE-2025-68016 MEDIUM - 6.5

Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a through <= 1.1.2.

Vendor: Onepay Sri Lanka
Product: onepay Payment Gateway For WooCommerce
Published: Jan 22, 2026
Source: NVD
CVE-2025-68013 MEDIUM - 6.5

Missing Authorization vulnerability in cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Authorize.Net CIM for WooCommerce: from n/a through <= 2.1.2.

Vendor: cardpaysolutions
Product: Payment Gateway Authorize.Net CIM for WooCommerce
Published: Jan 22, 2026
Source: NVD
CVE-2025-68009 MEDIUM - 6.5

Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through <= 1.0.3.

Vendor: Codeless
Product: Slider Templates
Published: Jan 22, 2026
Source: NVD
CVE-2025-68007 MEDIUM - 6.5

Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through <= 5.0.37.decaf.

Vendor: Event Espresso
Product: Event Espresso 4 Decaf
Published: Jan 22, 2026
Source: NVD
CVE-2025-68006 MEDIUM - 6.5

Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through <= 1.1.23.

Vendor: Deetronix
Product: Booking Ultra Pro
Published: Jan 22, 2026
Source: NVD
CVE-2025-68003 MEDIUM - 6.5

Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through <= 1.2.10.

Vendor: renatoatshown
Product: Shown Connector
Published: Jan 22, 2026
Source: NVD
CVE-2025-67961 MEDIUM - 6.4

Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows Server Side Request Forgery.This issue affects WPO365: from n/a through <= 40.0.

Vendor: Marco van Wieren
Product: WPO365
Published: Jan 22, 2026
Source: NVD
CVE-2025-67958 MEDIUM - 6.5

Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through <= 8.3.8.

Vendor: Taxcloud
Product: TaxCloud for WooCommerce
Published: Jan 22, 2026
Source: NVD
CVE-2025-67954 MEDIUM - 6.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through <= 10.30.3.

Vendor: Dimitri Grassi
Product: Salon booking system
Published: Jan 22, 2026
Source: NVD
CVE-2025-67942 MEDIUM - 6.5

Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 3.3.6.

Vendor: peachpayments
Product: Peach Payments Gateway
Published: Jan 22, 2026
Source: NVD
CVE-2025-67939 MEDIUM - 6.5

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.2.

Vendor: Tickera
Product: Tickera
Published: Jan 22, 2026
Source: NVD
CVE-2025-67626 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1.

Vendor: Angel Costa
Product: WP SEO Search
Published: Jan 22, 2026
Source: NVD
CVE-2025-66143 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10.

Vendor: merkulove
Product: Crumber
Published: Jan 22, 2026
Source: NVD
CVE-2025-66142 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimager for Elementor: from n/a through <= 1.0.1.

Vendor: merkulove
Product: Comparimager for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-66141 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2.

Vendor: merkulove
Product: Scroller
Published: Jan 22, 2026
Source: NVD