Total CVEs

142,696

Critical Severity

4,021

High Severity

14,390

Last 7 Days

1,406
Quick preset (or use dates below)
Clear Filters
Showing 14,281 - 14,300 of 14,816 CVEs
CVE-2020-36906 MEDIUM - 4.3

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticate...

Published: Jan 06, 2026
Source: NVD
CVE-2026-21493 MEDIUM - 6.6

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 06, 2026
Source: NVD
CVE-2025-46696 MEDIUM - 6.4

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Published: Jan 06, 2026
Source: NVD
CVE-2025-9637 MEDIUM - 6.5

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticate...

Vendor: expresstech
Product: quiz_and_survey_master
Published: Jan 06, 2026
Source: NVD
CVE-2025-9318 MEDIUM - 6.5

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the β€˜is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

Vendor: expresstech
Product: quiz_and_survey_master
Published: Jan 06, 2026
Source: NVD
CVE-2025-14552 MEDIUM - 6.4

The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated a...

Published: Jan 06, 2026
Source: NVD
CVE-2025-9294 MEDIUM - 4.3

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsm_dashboard_delete_result function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers...

Vendor: expresstech
Product: quiz_and_survey_master
Published: Jan 06, 2026
Source: NVD
CVE-2025-5919 MEDIUM - 6.5

The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and register_routes functions in all versions up to, and including, 1.0.36. This makes it possible f...

Published: Jan 06, 2026
Source: NVD
CVE-2025-13964 MEDIUM - 5.3

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by...

Published: Jan 06, 2026
Source: NVD
CVE-2025-13766 MEDIUM - 5.4

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multiple REST API endpoints in all versions up to, and including, 3.7.6. This makes it possible for authe...

Published: Jan 06, 2026
Source: NVD
CVE-2025-14371 MEDIUM - 4.3

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the taxopress_ai_add_post_term function in all versions up to, and including, 3.41.0. This makes it possible for authentica...

Published: Jan 06, 2026
Source: NVD
CVE-2025-13812 MEDIUM - 4.3

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipress_ajax_get_posts and gamipress_ajax_get_users functions in all versions up to, and in...

Published: Jan 06, 2026
Source: NVD
CVE-2025-12067 MEDIUM - 6.4

The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author...

Published: Jan 06, 2026
Source: NVD
CVE-2025-4776 MEDIUM - 6.4

The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption` HTML attribute in all versions up to, and including, 2.17.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access ...

Published: Jan 06, 2026
Source: NVD
CVE-2025-13215 MEDIUM - 5.3

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers ...

Published: Jan 06, 2026
Source: NVD
CVE-2025-14441 MEDIUM - 5.3

The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE `/subscribers` REST API endpoint in all versions up to, and including, 2.2.0. This is due to the `permission_callback` only validating wp_rest nonce without checking user ...

Published: Jan 06, 2026
Source: NVD
CVE-2025-14438 MEDIUM - 6.4

The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web r...

Published: Jan 06, 2026
Source: NVD
CVE-2025-14120 MEDIUM - 6.4

The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files. This makes it possible for authenticated attackers, with Author-level access and above, to inject a...

Published: Jan 06, 2026
Source: NVD
CVE-2026-0604 MEDIUM - 6.5

The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.7 via the 'dir_path' parameter in the 'njt-fastdup/v1/template/directory-tree' REST API endpoint. This makes it possible for aut...

Published: Jan 06, 2026
Source: NVD
CVE-2025-14153 MEDIUM - 6.5

The Page Expire Popup/Redirection for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' shortcode attribute in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ex...

Published: Jan 06, 2026
Source: NVD