Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,906
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,261 - 13,280 of 14,373 CVEs
CVE-2025-69001 MEDIUM - 5.3

Improper Control of Generation of Code ('Code Injection') vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through <= 6.1.11.

Vendor: Shahjahan Jewel
Product: FluentForm
Published: Jan 22, 2026
Source: NVD
CVE-2025-68911 MEDIUM - 6.5

Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through <= 2.1.16.

Vendor: solacewp
Product: Solace
Published: Jan 22, 2026
Source: NVD
CVE-2025-68900 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows DOM-Based XSS.This issue affects Enfold: from n/a through <= 7.1.3.

Vendor: Kriesi
Product: Enfold
Published: Jan 22, 2026
Source: NVD
CVE-2025-68898 MEDIUM - 5.8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through <= 1.5.

Vendor: cjjparadoxmax
Product: Synergy Project Manager
Published: Jan 22, 2026
Source: NVD
CVE-2025-68896 MEDIUM - 6.5

Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4.

Vendor: vrpr
Product: WDV One Page Docs
Published: Jan 22, 2026
Source: NVD
CVE-2025-68558 MEDIUM - 6.5

Missing Authorization vulnerability in averta Depicter Slider depicter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through <= 4.0.4.

Vendor: averta
Product: Depicter Slider
Published: Jan 22, 2026
Source: NVD
CVE-2025-68507 MEDIUM - 6.5

Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through <= 3.1.35.

Vendor: Icegram
Product: Icegram
Published: Jan 22, 2026
Source: NVD
CVE-2025-68073 MEDIUM - 6.5

Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.4.

Vendor: Ninja Team
Product: GDPR CCPA Compliance Support
Published: Jan 22, 2026
Source: NVD
CVE-2025-68072 MEDIUM - 6.5

Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.17.

Vendor: Merv Barrett
Product: Easy Property Listings
Published: Jan 22, 2026
Source: NVD
CVE-2025-68046 MEDIUM - 6.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elementor Builder: from n/a through <= 2.0...

Vendor: ThemeHunk
Product: Contact Form & Lead Form Elementor Builder
Published: Jan 22, 2026
Source: NVD
CVE-2025-68039 MEDIUM - 6.5

Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.0.0.

Vendor: Chris Simmons
Product: WP BackItUp
Published: Jan 22, 2026
Source: NVD
CVE-2025-68020 MEDIUM - 6.5

Missing Authorization vulnerability in WANotifier WANotifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WANotifier: from n/a through <= 2.7.12.

Vendor: WANotifier
Product: WANotifier
Published: Jan 22, 2026
Source: NVD
CVE-2025-68019 MEDIUM - 6.5

Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <= 6.1.8.

Vendor: cleverplugins
Product: SEO Booster
Published: Jan 22, 2026
Source: NVD
CVE-2025-68016 MEDIUM - 6.5

Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a through <= 1.1.2.

Vendor: Onepay Sri Lanka
Product: onepay Payment Gateway For WooCommerce
Published: Jan 22, 2026
Source: NVD
CVE-2025-68013 MEDIUM - 6.5

Missing Authorization vulnerability in cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Authorize.Net CIM for WooCommerce: from n/a through <= 2.1.2.

Vendor: cardpaysolutions
Product: Payment Gateway Authorize.Net CIM for WooCommerce
Published: Jan 22, 2026
Source: NVD
CVE-2025-68009 MEDIUM - 6.5

Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through <= 1.0.3.

Vendor: Codeless
Product: Slider Templates
Published: Jan 22, 2026
Source: NVD
CVE-2025-68007 MEDIUM - 6.5

Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through <= 5.0.37.decaf.

Vendor: Event Espresso
Product: Event Espresso 4 Decaf
Published: Jan 22, 2026
Source: NVD
CVE-2025-68006 MEDIUM - 6.5

Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through <= 1.1.23.

Vendor: Deetronix
Product: Booking Ultra Pro
Published: Jan 22, 2026
Source: NVD
CVE-2025-68003 MEDIUM - 6.5

Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through <= 1.2.10.

Vendor: renatoatshown
Product: Shown Connector
Published: Jan 22, 2026
Source: NVD
CVE-2025-67961 MEDIUM - 6.4

Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows Server Side Request Forgery.This issue affects WPO365: from n/a through <= 40.0.

Vendor: Marco van Wieren
Product: WPO365
Published: Jan 22, 2026
Source: NVD