Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,838
Quick preset (or use dates below)
Clear Filters
Showing 13,261 - 13,280 of 14,728 CVEs
CVE-2025-66140 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.

Vendor: merkulove
Product: Uper for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-66139 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through <= 1.0.9.

Vendor: merkulove
Product: Audier For Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-63026 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant Theme Elements for Elementor grandrestaurant-elementor allows Stored XSS.This issue affects Grand Restaurant Theme Elements for Elementor: from n/a through <...

Vendor: ThemeGoods
Product: Grand Restaurant Theme Elements for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-62077 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SEOSEON EUROPE S.L Affiliate Link Tracker affiliate-link-tracker allows Stored XSS.This issue affects Affiliate Link Tracker: from n/a through <= 0.2.

Vendor: SEOSEON EUROPE S.L
Product: Affiliate Link Tracker
Published: Jan 22, 2026
Source: NVD
CVE-2025-53240 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through <= 1.1.0.

Vendor: adamlabs
Product: WordPress Photo Gallery
Published: Jan 22, 2026
Source: NVD
CVE-2025-52762 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio flexo-posts-manager flexo-posts-manager allows Reflected XSS.This issue affects flexo-posts-manager: from n/a through <= 1.0001.

Vendor: flexostudio
Product: flexo-posts-manager
Published: Jan 22, 2026
Source: NVD
CVE-2025-52746 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ayecode Restaurante restaurante allows Reflected XSS.This issue affects Restaurante: from n/a through <= 3.0.7.

Vendor: ayecode
Product: Restaurante
Published: Jan 22, 2026
Source: NVD
CVE-2025-50006 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes xSmart xsmart allows Reflected XSS.This issue affects xSmart: from n/a through <= 1.2.9.4.

Vendor: Jthemes
Product: xSmart
Published: Jan 22, 2026
Source: NVD
CVE-2025-50005 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2.

Vendor: tagDiv
Product: tagDiv Composer
Published: Jan 22, 2026
Source: NVD
CVE-2025-49336 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through <= 1.1.8.4.

Vendor: pondol
Product: Pondol BBS
Published: Jan 22, 2026
Source: NVD
CVE-2025-49249 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Drone drone allows Reflected XSS.This issue affects Drone: from n/a through <= 1.40.

Vendor: ApusTheme
Product: Drone
Published: Jan 22, 2026
Source: NVD
CVE-2025-49066 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Reflected XSS.This issue affects Accordion Slider PRO: from n/a through <= 1.2.

Vendor: LambertGroup
Product: Accordion Slider PRO
Published: Jan 22, 2026
Source: NVD
CVE-2025-49046 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup xPromoter top_bar_promoter allows Reflected XSS.This issue affects xPromoter: from n/a through <= 1.3.4.

Vendor: LambertGroup
Product: xPromoter
Published: Jan 22, 2026
Source: NVD
CVE-2025-49045 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Interactive Maps super-interactive-maps allows Reflected XSS.This issue affects Super Interactive Maps: from n/a through <= 2.3.

Vendor: highwarden
Product: Super Interactive Maps
Published: Jan 22, 2026
Source: NVD
CVE-2025-49043 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic_carousel allows Reflected XSS.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through <= 1....

Vendor: LambertGroup
Product: Magic Responsive Slider and Carousel WordPress
Published: Jan 22, 2026
Source: NVD
CVE-2025-48094 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Slider magic_slider allows Reflected XSS.This issue affects Magic Slider: from n/a through <= 2.2.

Vendor: LambertGroup
Product: Magic Slider
Published: Jan 22, 2026
Source: NVD
CVE-2025-47666 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Image&Video FullScreen Background lbg_fullscreen_fullwidth_slider allows Reflected XSS.This issue affects Image&Video FullScreen Background: from n/a through <= 1.6...

Vendor: LambertGroup
Product: Image&Video FullScreen Background
Published: Jan 22, 2026
Source: NVD
CVE-2025-47600 MEDIUM - 6.1

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through <= 8.3.7.

Vendor: xtemos
Product: WoodMart
Published: Jan 22, 2026
Source: NVD
CVE-2025-47500 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks allows Stored XSS.This issue affects Stackable: from n/a through <= 3.19.5.

Vendor: Benjamin Intal
Product: Stackable
Published: Jan 22, 2026
Source: NVD
CVE-2025-32123 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player with Playlist & Multiple Skins lbg-vp2-html5-rightside allows Reflected XSS.This issue affects HTML5 Video Player with Playlist & Multiple Skins: fr...

Vendor: LambertGroup
Product: HTML5 Video Player with Playlist & Multiple Skins
Published: Jan 22, 2026
Source: NVD