Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,388
Quick preset (or use dates below)
Clear Filters
Showing 14,481 - 14,500 of 14,826 CVEs
CVE-2025-62099 MEDIUM - 4.3

Missing Authorization vulnerability in Approveme Signature Add-On for Gravity Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Gravity Forms: from n/a through 1.8.6.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62088 MEDIUM - 5.4

Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through 1.0.7.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62083 MEDIUM - 4.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah BoomDevs WordPress Coming Soon Plugin allows Retrieve Embedded Sensitive Data.This issue affects BoomDevs WordPress Coming Soon Plugin: from n/a through 1.0.4.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62078 MEDIUM - 4.3

Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files During Checkout: from n/a through 3.0.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-59138 MEDIUM - 4.9

Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request Forgery.This issue affects Genemy: from n/a through 1.6.6.

Published: Dec 31, 2025
Source: NVD
CVE-2025-49352 MEDIUM - 4.3

Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through 1.1.10.

Published: Dec 31, 2025
Source: NVD
CVE-2025-49340 MEDIUM - 4.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through 1.3.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-49339 MEDIUM - 4.3

Missing Authorization vulnerability in Digages Direct Payments WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through 1.3.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-63040 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11.

Published: Dec 31, 2025
Source: NVD
CVE-2025-63014 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Serhii Pasyuk Gmedia Photo Gallery allows Cross Site Request Forgery.This issue affects Gmedia Photo Gallery: from n/a through 1.24.1.

Published: Dec 31, 2025
Source: NVD
CVE-2025-63004 MEDIUM - 4.3

Missing Authorization vulnerability in Skynet Technologies USA LLC All in One Accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All in One Accessibility: from n/a through 1.14.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62755 MEDIUM - 5.3

Unauthenticated Broken Access Control in GS Portfolio for Envato <= 1.4.2 versions.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62747 MEDIUM - 5.3

Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through 1.3.3.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62154 MEDIUM - 4.3

Missing Authorization vulnerability in Recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in O...

Published: Dec 31, 2025
Source: NVD
CVE-2025-62150 MEDIUM - 4.3

Missing Authorization vulnerability in Themesawesome History Timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects History Timeline: from n/a through 1.0.6.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62148 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.Txt rewrite allows Cross Site Request Forgery.This issue affects Robots.Txt rewrite: from n/a through 1.6.1.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62143 MEDIUM - 4.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through 1.163.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62133 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Manidoraisamy FormFacade allows Cross Site Request Forgery.This issue affects FormFacade: from n/a through 1.4.1.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62132 MEDIUM - 4.3

Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through 1.1.5.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62131 MEDIUM - 4.3

Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through 1.1.5.

Published: Dec 31, 2025
Source: NVD