CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-23693 Cross-Site Request Forgery (CSRF) vulnerability in uosiu Secure CAPTCHA secure-captcha allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through <= 1.2. | N/A | NONE | — | 0 |
| CVE-2025-23694 Cross-Site Request Forgery (CSRF) vulnerability in shabboscommerce Shabbos and Yom Tov shabbos-and-yom-tov allows Stored XSS.This issue affects Shabbos and Yom Tov: from n/a through <= 1.9. | N/A | NONE | — | 0 |
| CVE-2025-23698 Cross-Site Request Forgery (CSRF) vulnerability in ivanra10 WP Custom Google Search wp-custom-google-search allows Stored XSS.This issue affects WP Custom Google Search: from n/a through <= 1.0. | N/A | NONE | — | 0 |
| CVE-2025-23699 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in techmix Event Countdown Timer Plugin by TechMix event-countdown-timer allows Reflected XSS.This is... | N/A | NONE | — | 0 |
| CVE-2025-23702 Cross-Site Request Forgery (CSRF) vulnerability in Schalk Burger Anonymize Links anonymize-links allows Stored XSS.This issue affects Anonymize Links: from n/a through <= 1.1. | N/A | NONE | — | 0 |
| CVE-2025-15484 The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write acces... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-2696 The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit number. These files are stored i... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-47369 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweb Social Auto Poster social-auto-poster allows Reflected XSS.This issue affects Social Auto Po... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-5255 A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delstaffinfo.php of the component Parameter Handler. The manipulation of the argument... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5256 A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument ... | 7.3 | HIGH | — | 0 |
| CVE-2025-23703 Cross-Site Request Forgery (CSRF) vulnerability in cstoltenkamp Free MailClient FMC mailclient allows Stored XSS.This issue affects Free MailClient FMC: from n/a through <= 1.0. | N/A | NONE | — | 0 |
| CVE-2025-23708 Cross-Site Request Forgery (CSRF) vulnerability in Dominic Fallows DF Draggable df-draggable allows Stored XSS.This issue affects DF Draggable: from n/a through <= 1.13.2. | N/A | NONE | — | 0 |
| CVE-2025-23710 Cross-Site Request Forgery (CSRF) vulnerability in Mayur Sojitra Flying Twitter Birds flying-twitter-birds allows Stored XSS.This issue affects Flying Twitter Birds: from n/a through <= 1.8. | N/A | NONE | — | 0 |
| CVE-2025-23712 Cross-Site Request Forgery (CSRF) vulnerability in kapostintegrations Kapost kapost-byline allows Stored XSS.This issue affects Kapost: from n/a through <= 2.2.9. | N/A | NONE | — | 0 |
| CVE-2025-23713 Cross-Site Request Forgery (CSRF) vulnerability in artanik Hack me if you can hack-me-if-you-can allows Stored XSS.This issue affects Hack me if you can: from n/a through <= 1.2. | N/A | NONE | — | 0 |
| CVE-2025-23715 Cross-Site Request Forgery (CSRF) vulnerability in RaymondDesign Post & Page Notes post-page-notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through <= 0.1.1. | N/A | NONE | — | 0 |
| CVE-2025-23717 Cross-Site Request Forgery (CSRF) vulnerability in itmooti Theme My Ontraport Smartform theme-my-ontraport-smartform allows Stored XSS.This issue affects Theme My Ontraport Smartform: from n/a through... | N/A | NONE | — | 0 |
| CVE-2025-23720 Cross-Site Request Forgery (CSRF) vulnerability in Marco Castelluccio Web Push web-push allows Stored XSS.This issue affects Web Push: from n/a through <= 1.4.0. | N/A | NONE | — | 0 |
| CVE-2025-23743 Cross-Site Request Forgery (CSRF) vulnerability in MartijnScheijbeler Social Analytics social-analytics allows Stored XSS.This issue affects Social Analytics: from n/a through <= 0.2. | N/A | NONE | — | 0 |
| CVE-2025-23745 Cross-Site Request Forgery (CSRF) vulnerability in Tussendoor B.V. Call me Now call-me-now allows Stored XSS.This issue affects Call me Now: from n/a through <= 1.0.5. | N/A | NONE | — | 0 |
| CVE-2025-23749 Cross-Site Request Forgery (CSRF) vulnerability in progpars.net mybb Last Topics mybb-last-topics allows Stored XSS.This issue affects mybb Last Topics: from n/a through <= 1.0. | N/A | NONE | — | 0 |
| CVE-2025-23767 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revoxis Marmoset Viewer marmoset-viewer allows Stored XSS.This issue affects Marmoset Viewer: from... | N/A | NONE | — | 0 |
| CVE-2025-23783 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in carrotbits Greek Namedays Widget From Eortologio.Net greek-namedays-widget allows Stored XSS.This ... | N/A | NONE | — | 0 |
| CVE-2025-23764 Missing Authorization vulnerability in ujjavaljani Copy Move Posts copy-move-posts.This issue affects Copy Move Posts: from n/a through <= 1.6. | N/A | NONE | — | 0 |
| CVE-2026-1797 The Appointment Booking and Scheduler Plugin – Truebooker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 through views php files. This... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-5182 A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation o... | 7.3 | HIGH | — | 0 |
| CVE-2026-24550 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.19. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-24553 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget:... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-24560 Missing Authorization vulnerability in Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-24563 Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.2.1. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24564 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through <=... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24565 Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through <= 2.0.2. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24568 Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.1.0. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24572 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Con... | 8.8 | HIGH | — | 0 |
| CVE-2026-24577 Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a thr... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24595 Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-24750 Missing Authorization vulnerability in Syed Balkhi ExactMetrics google-analytics-dashboard-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ExactMetric... | N/A | NONE | — | 0 |
| CVE-2026-24596 Cross-Site Request Forgery (CSRF) vulnerability in marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails allows Cross Site Request Forgery.This issue affects Related Posts T... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-24606 Missing Authorization vulnerability in Web Impian Bayarcash WooCommerce bayarcash-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bayarcash WooCommerce: f... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24613 Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24614 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Fl... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-24616 Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.5... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24620 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page ... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-24630 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows Stored XSS.This issue affects Stylis... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-70029 An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP... | 7.5 | HIGH | — | 0 |
| CVE-2026-23548 Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a t... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25392 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls al... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-25418 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2... | 7.6 | HIGH | — | 0 |
| CVE-2019-25580 ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET ... | 8.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.