Total
6163 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14074 | 1 Wordpress | 1 Wordpress | 2025-12-14 | 5.3 Medium |
| The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumber_duplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to duplicate arbitrary posts, including password protected or private ones. | ||||
| CVE-2025-10583 | 2 Emrevona, Wordpress | 2 Wp Fastest Cache, Wordpress | 2025-12-14 | 3.5 Low |
| The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get_server_time_ajax_request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2025-49925 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 7.3 High |
| Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7. | ||||
| CVE-2024-56048 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 8.8 High |
| Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9. | ||||
| CVE-2025-58668 | 2 Vibethemes, Wordpress | 2 Wordpress Learning Management System, Wordpress | 2025-12-12 | 4.3 Medium |
| Missing Authorization vulnerability in VibeThemes WPLMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPLMS : from n/a through 4.970. | ||||
| CVE-2025-13334 | 1 Wordpress | 1 Wordpress | 2025-12-12 | 8.1 High |
| The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blaze_demo_importer_install_demo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with subscriber level access and above, to reset the database by truncating all tables (except options, usermeta, and users), delete all sidebar widgets, theme modifications, and content of the uploads folder. | ||||
| CVE-2025-13314 | 3 Markutos987, Woocommerce, Wordpress | 3 Product Filtering For Woocommerce, Woocommerce, Wordpress | 2025-12-12 | 5.3 Medium |
| The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.5 due to a missing capability check on the 'filter_save_settings' and 'add_filter_options' AJAX actions. This makes it possible for unauthenticated attackers to modify the plugin's settings and create arbitrary filter options. | ||||
| CVE-2025-25953 | 1 Serosoft | 1 Academia Student Information System | 2025-12-12 | 6.5 Medium |
| Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information. | ||||
| CVE-2025-67583 | 2 Themeatelier, Wordpress | 2 Idonate, Wordpress | 2025-12-12 | 5.3 Medium |
| Missing Authorization vulnerability in ThemeAtelier IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through <= 2.1.15. | ||||
| CVE-2020-36902 | 1 Medivision | 1 Digital Signage | 2025-12-12 | N/A |
| UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication. | ||||
| CVE-2025-14117 | 1 Fit2cloud | 1 Halo | 2025-12-12 | 4.3 Medium |
| A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is an unknown function. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-67559 | 2 Vcita, Wordpress | 3 Online Booking & Scheduling Calendar For Wordpress By Vcita, Online Booking \& Scheduling Calendar, Wordpress | 2025-12-12 | 5.4 Medium |
| Missing Authorization vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.5.5. | ||||
| CVE-2025-13643 | 1 Mongodb | 1 Mongodb | 2025-12-11 | 3.1 Low |
| A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully completing. This issue affects MongoDB Server v7.0 versions prior to 7.0.26 and MongoDB Server v8.0 versions prior to 8.0.14 | ||||
| CVE-2025-11726 | 3 Fastlinemedia, Wordpress, Wpbeaverbuilder | 3 Beaver Builder, Wordpress, Beaver Builder | 2025-12-11 | 4.3 Medium |
| The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.9.4. This is due to insufficient capability checks in the REST API endpoints under the 'fl-controls/v1' namespace that control site-wide Global Presets. This makes it possible for authenticated attackers with contributor-level access and above to add, modify, or delete global color and background presets that affect all Beaver Builder content site-wide. | ||||
| CVE-2025-67466 | 2 Sergiotrinity, Wordpress | 2 Trinity Audio, Wordpress | 2025-12-11 | 8.1 High |
| Missing Authorization vulnerability in sergiotrinity Trinity Audio trinity-audio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trinity Audio: from n/a through <= 5.23.3. | ||||
| CVE-2025-66534 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 8.8 High |
| Missing Authorization vulnerability in Elated-Themes The Aisle theaisle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Aisle: from n/a through <= 2.9. | ||||
| CVE-2025-66532 | 2 Mikado-themes, Wordpress | 2 Powerlift, Wordpress | 2025-12-11 | 8.8 High |
| Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through < 3.2.1. | ||||
| CVE-2025-66530 | 2 Webba-booking, Wordpress | 2 Webba Booking, Wordpress | 2025-12-11 | 8.8 High |
| Missing Authorization vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webba Booking: from n/a through <= 6.2.1. | ||||
| CVE-2025-66528 | 2 Villatheme, Wordpress | 2 Thank You Page Customizer For Woocommerce, Wordpress | 2025-12-11 | 8.1 High |
| Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer for WooCommerce: from n/a through <= 1.1.8. | ||||
| CVE-2025-64255 | 2 Bowo, Wordpress | 2 Admin And Site Enhancements Ase, Wordpress | 2025-12-11 | 7.2 High |
| Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.0.8. | ||||