Total CVEs

143,126

Critical Severity

4,045

High Severity

14,563

Last 7 Days

1,267
Quick preset (or use dates below)
Clear Filters
Showing 14,701 - 14,720 of 15,004 CVEs
CVE-2025-62888 MEDIUM - 5.4

Missing Authorization vulnerability in Marco Milesi WP Attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through 5.2.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62147 MEDIUM - 5.3

Missing Authorization vulnerability in Nik Melnik Realbig allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through 1.1.3.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62145 MEDIUM - 5.3

Missing Authorization vulnerability in NewClarity DMCA Protection Badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through 2.2.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62141 MEDIUM - 5.3

Missing Authorization vulnerability in 101gen Wawp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through 4.0.5.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62139 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in Vladimir Statsenko Terms descriptions allows Retrieve Embedded Sensitive Data.This issue affects Terms descriptions: from n/a through 3.4.9.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62108 MEDIUM - 5.4

Missing Authorization vulnerability in SaifuMak Add Custom Codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Custom Codes: from n/a through 4.80.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62098 MEDIUM - 5.4

Missing Authorization vulnerability in Totalsoft Portfolio Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery: from n/a through 1.4.8.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62091 MEDIUM - 5.4

Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce Support: from n/a through 2.8.2.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62081 MEDIUM - 5.3

Missing Authorization vulnerability in Channelize.Io Team Live Shopping & Shoppable Videos For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through 2.2.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-49349 MEDIUM - 5.3

Missing Authorization vulnerability in Reuters News Agency Reuters Direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through 3.0.0.

Published: Dec 31, 2025
Source: NVD
CVE-2025-63020 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wayne Allen Postie postie allows Stored XSS.This issue affects Postie: from n/a through 1.9.73.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62750 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filipe Seabra WooCommerce Parcelas allows DOM-Based XSS.This issue affects WooCommerce Parcelas: from n/a through 1.3.5.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62149 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SaifuMak Add Custom Codes allows Stored XSS.This issue affects Add Custom Codes: from n/a through 4.80.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62144 MEDIUM - 5.4

Missing Authorization vulnerability in Mohammed Kaludi Core Web Vitals & PageSpeed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.27.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62142 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicashmu Cincopa video and media plugin allows Stored XSS.This issue affects Cincopa video and media plug-in: from n/a through 1.163.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62140 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.65.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62138 MEDIUM - 5.3

Missing Authorization vulnerability in CedCommerce WP Advanced PDF allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Advanced PDF: from n/a through 1.1.7.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62134 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.5.1.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62124 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soli WP Post Signature allows Stored XSS.This issue affects WP Post Signature: from n/a through 0.4.1.

Published: Dec 31, 2025
Source: NVD
CVE-2025-62121 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu Logo Slider , Logo Carousel , Logo showcase , Client Logo allows Stored XSS.This issue affects Logo Slider , Logo Carousel , Logo showcase , Client Logo: from n/a through 1.8.1.

Published: Dec 31, 2025
Source: NVD