Total CVEs

143,746

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,549
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,701 - 14,720 of 14,877 CVEs
CVE-2025-69360 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements allows DOM-Based XSS.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.11.0.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69359 MEDIUM - 5.3

Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Creator LMS: from n/a through <= 1.1.12.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69357 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows Stored XSS.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.0.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69355 MEDIUM - 4.3

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.4.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69354 MEDIUM - 5.4

Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69353 MEDIUM - 5.4

Missing Authorization vulnerability in Proxy &amp; VPN Blocker Proxy &amp; VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Proxy &amp; VPN Blocker: from n/a through <= 3.5.3.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69352 MEDIUM - 5.4

Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.15.12.2.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69351 MEDIUM - 6.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from n/a through <= 5.2.4.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69350 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion accordions-wp allows Stored XSS.This issue affects Accordion: from n/a through <= 3.0.3.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69349 MEDIUM - 5.4

Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through <= 3.0.2.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69348 MEDIUM - 5.4

Missing Authorization vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar Countdown Addon: from n/a through <= 1.4.15.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69346 MEDIUM - 5.4

Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AffiliateX: from n/a through <= 1.3.9.3.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69345 MEDIUM - 5.4

Missing Authorization vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.9.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69341 MEDIUM - 5.4

Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.3.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69336 MEDIUM - 4.3

Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.9.4.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69335 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Team Showcase team-showcase allows Stored XSS.This issue affects Team Showcase: from n/a through <= 2.9.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69334 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through <= 3.3.0.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69331 MEDIUM - 4.3

Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.19.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69327 MEDIUM - 4.3

Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through <= 1.0.9.

Published: Jan 06, 2026
Source: NVD
CVE-2024-31088 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPShop.Ru AdsPlace'r โ€“ Ad Manager, Inserter, AdSense Ads allows DOM-Based XSS.This issue affects AdsPlace'r โ€“ Ad Manager, Inserter, AdSense Ads: from n/a through 1.1.5.

Published: Jan 06, 2026
Source: NVD