Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,906
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,281 - 13,300 of 14,373 CVEs
CVE-2025-67958 MEDIUM - 6.5

Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through <= 8.3.8.

Vendor: Taxcloud
Product: TaxCloud for WooCommerce
Published: Jan 22, 2026
Source: NVD
CVE-2025-67954 MEDIUM - 6.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through <= 10.30.3.

Vendor: Dimitri Grassi
Product: Salon booking system
Published: Jan 22, 2026
Source: NVD
CVE-2025-67942 MEDIUM - 6.5

Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 3.3.6.

Vendor: peachpayments
Product: Peach Payments Gateway
Published: Jan 22, 2026
Source: NVD
CVE-2025-67939 MEDIUM - 6.5

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.2.

Vendor: Tickera
Product: Tickera
Published: Jan 22, 2026
Source: NVD
CVE-2025-67626 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1.

Vendor: Angel Costa
Product: WP SEO Search
Published: Jan 22, 2026
Source: NVD
CVE-2025-66143 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.10.

Vendor: merkulove
Product: Crumber
Published: Jan 22, 2026
Source: NVD
CVE-2025-66142 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimager for Elementor: from n/a through <= 1.0.1.

Vendor: merkulove
Product: Comparimager for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-66141 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2.

Vendor: merkulove
Product: Scroller
Published: Jan 22, 2026
Source: NVD
CVE-2025-66140 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.

Vendor: merkulove
Product: Uper for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-66139 MEDIUM - 5.4

Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: from n/a through <= 1.0.9.

Vendor: merkulove
Product: Audier For Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-63026 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant Theme Elements for Elementor grandrestaurant-elementor allows Stored XSS.This issue affects Grand Restaurant Theme Elements for Elementor: from n/a through <...

Vendor: ThemeGoods
Product: Grand Restaurant Theme Elements for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-62077 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SEOSEON EUROPE S.L Affiliate Link Tracker affiliate-link-tracker allows Stored XSS.This issue affects Affiliate Link Tracker: from n/a through <= 0.2.

Vendor: SEOSEON EUROPE S.L
Product: Affiliate Link Tracker
Published: Jan 22, 2026
Source: NVD
CVE-2025-53240 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through <= 1.1.0.

Vendor: adamlabs
Product: WordPress Photo Gallery
Published: Jan 22, 2026
Source: NVD
CVE-2025-52762 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flexostudio flexo-posts-manager flexo-posts-manager allows Reflected XSS.This issue affects flexo-posts-manager: from n/a through <= 1.0001.

Vendor: flexostudio
Product: flexo-posts-manager
Published: Jan 22, 2026
Source: NVD
CVE-2025-52746 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ayecode Restaurante restaurante allows Reflected XSS.This issue affects Restaurante: from n/a through <= 3.0.7.

Vendor: ayecode
Product: Restaurante
Published: Jan 22, 2026
Source: NVD
CVE-2025-50006 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes xSmart xsmart allows Reflected XSS.This issue affects xSmart: from n/a through <= 1.2.9.4.

Vendor: Jthemes
Product: xSmart
Published: Jan 22, 2026
Source: NVD
CVE-2025-50005 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2.

Vendor: tagDiv
Product: tagDiv Composer
Published: Jan 22, 2026
Source: NVD
CVE-2025-49336 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pondol Pondol BBS pondol-bbs allows Stored XSS.This issue affects Pondol BBS: from n/a through <= 1.1.8.4.

Vendor: pondol
Product: Pondol BBS
Published: Jan 22, 2026
Source: NVD
CVE-2025-49249 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Drone drone allows Reflected XSS.This issue affects Drone: from n/a through <= 1.40.

Vendor: ApusTheme
Product: Drone
Published: Jan 22, 2026
Source: NVD
CVE-2025-49066 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Reflected XSS.This issue affects Accordion Slider PRO: from n/a through <= 1.2.

Vendor: LambertGroup
Product: Accordion Slider PRO
Published: Jan 22, 2026
Source: NVD