Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,355
Quick preset (or use dates below)
Clear Filters
Showing 14,621 - 14,640 of 14,834 CVEs
CVE-2025-69030 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through <= 2.10.3.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69029 MEDIUM - 5.4

Authorization Bypass Through User-Controlled Key vulnerability in Select-Themes Struktur struktur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Struktur: from n/a through <= 2.5.1.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69028 MEDIUM - 5.3

Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through <= 1.6.25.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69027 MEDIUM - 5.4

Missing Authorization vulnerability in tychesoftwares Product Delivery Date for WooCommerce โ€“ Lite product-delivery-date-for-woocommerce-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Delivery Date for WooCommerce โ€“ Lite: from n/a through <...

Published: Dec 30, 2025
Source: NVD
CVE-2025-69026 MEDIUM - 4.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through <= 2.1.5.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69025 MEDIUM - 4.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins &amp; WooCommerce Sales poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: ...

Published: Dec 30, 2025
Source: NVD
CVE-2025-69024 MEDIUM - 6.5

Missing Authorization vulnerability in bizswoop BizPrint print-google-cloud-print-gcp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizPrint: from n/a through <= 4.6.7.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69023 MEDIUM - 4.3

Missing Authorization vulnerability in Marketing Fire Discussion Board wp-discussion-board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Discussion Board: from n/a through <= 2.5.7.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69022 MEDIUM - 5.4

Missing Authorization vulnerability in Weblizar - WordPress Themes &amp; Plugin HR Management Lite hr-management-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HR Management Lite: from n/a through <= 3.5.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69021 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69020 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through <= 4.12.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69019 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlippingBook FlippingBook flippingbook allows DOM-Based XSS.This issue affects FlippingBook: from n/a through <= 2.0.1.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69018 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows DOM-Based XSS.This issue affects Web Directory Free: from n/a through <= 1.7.12.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69017 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Stored XSS.This issue affects RestroPress: from n/a through <= 3.2.4.2.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69016 MEDIUM - 4.3

Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through <= 2.17.12.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69014 MEDIUM - 4.9

Server-Side Request Forgery (SSRF) vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through <= 1.3.5.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69013 MEDIUM - 4.3

Missing Authorization vulnerability in jetmonsters Stratum stratum allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stratum: from n/a through <= 1.6.1.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69012 MEDIUM - 4.3

Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through <= 3.12.8.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69010 MEDIUM - 5.3

Missing Authorization vulnerability in themebeez Themebeez Toolkit themebeez-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Themebeez Toolkit: from n/a through <= 1.3.5.

Published: Dec 30, 2025
Source: NVD
CVE-2025-69009 MEDIUM - 5.3

Missing Authorization vulnerability in kamleshyadav Medicalequipment medicalequipment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Medicalequipment: from n/a through <= 1.0.9.

Published: Dec 30, 2025
Source: NVD