CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-64284 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclus... | 7.5 | HIGH | β | 0 |
| CVE-2025-64289 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue a... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-53286 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhainey Milevis Dropify wc-dropi-integration allows Reflected XSS.This issue affects Dropify: from... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-60187 Unrestricted Upload of File with Dangerous Type vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Using Malicious Files.This issue affects Atarim: from n/a through <= 4.2.1. | 4.8 | MEDIUM | β | 0 |
| CVE-2025-60188 Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= ... | 7.5 | HIGH | β | 0 |
| CVE-2025-60195 Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through <= 4.2.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-60200 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local Fi... | 7.5 | HIGH | β | 0 |
| CVE-2025-60201 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusi... | 7.5 | HIGH | β | 0 |
| CVE-2025-60235 Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Support Ticket System for WooCommerce (Premium) support-ticket-system-for-woocommerce allows Using Malicious Files.This issue a... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-60244 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RealMag777 TableOn posts-table-filterable allows Code Injection.This issue affects TableOn: from n/a thro... | 7.1 | HIGH | β | 0 |
| CVE-2025-60248 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Loc... | 7.5 | HIGH | β | 0 |
| CVE-2025-62016 Unrestricted Upload of File with Dangerous Type vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0. | 9.9 | CRITICAL | β | 0 |
| CVE-2025-62017 Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-62018 Missing Authorization vulnerability in hogash KALLYAS kallyas.This issue affects KALLYAS: from n/a through <= 4.22.0. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-66067 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Bui... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-66109 Missing Authorization vulnerability in Octolize Shipping Plugins Cart Weight for WooCommerce woo-cart-weight allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-66110 Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through <= 1.... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-62082 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Uddin Generic Elements generic-elements-for-elementor allows Stored XSS.This issue affects G... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-62085 Missing Authorization vulnerability in Bertha AI – Andrew Palmer BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: fr... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-62086 Missing Authorization vulnerability in akazanstev Π―Π½Π΄Π΅ΠΊΡ ΠΠΎΡΡΠ°Π²ΠΊΠ° (Boxberry) boxberry allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Π―Π½Π΄Π΅ΠΊΡ ΠΠΎΡΡΠ°Π²ΠΊΠ° (Boxber... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-62152 Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a throug... | 8.8 | HIGH | β | 0 |
| CVE-2025-62734 Cross-Site Request Forgery (CSRF) vulnerability in M.Code Media Library Downloader media-library-downloader allows Cross Site Request Forgery.This issue affects Media Library Downloader: from n/a thro... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-62740 Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a throu... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-62867 Missing Authorization vulnerability in ergonet Ergonet Cache ergonet-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ergonet Cache: from n/a th... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-62870 Missing Authorization vulnerability in Eupago Eupago Gateway For Woocommerce eupago-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects E... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-62993 Missing Authorization vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notific... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-62999 Missing Authorization vulnerability in themezaa Litho Addons litho-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Litho Addons: from n/a through <= 3... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-63011 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booki... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-63012 Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.2.8. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-63015 Missing Authorization vulnerability in paysera WooCommerce Payment Gateway - Paysera woo-payment-gateway-paysera allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-63023 Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-63025 Missing Authorization vulnerability in Xagio SEO Xagio SEO xagio-seo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xagio SEO: from n/a through <= 7.1.0.35. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-63030 Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.3. | 7.1 | HIGH | β | 0 |
| CVE-2025-63033 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Riyadh Ahmed Make Section & Column Clickable For Elementor make-section-column-clickable-eleme... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-5186 A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-10551 A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows a... | 8.7 | HIGH | β | 0 |
| CVE-2025-23793 Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Turcu Auto FTP auto-ftp allows Stored XSS.This issue affects Auto FTP: from n/a through <= 1.0.1. | N/A | NONE | β | 0 |
| CVE-2025-23794 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _rccoder_ wp_amaps wp-amaps allows Stored XSS.This issue affects wp_amaps: from n/a through <= 1.7... | N/A | NONE | β | 0 |
| CVE-2025-23795 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ghuger Easy FAQs easy-faqs allows Stored XSS.This issue affects Easy FAQs: from n/a through <= 3.2... | N/A | NONE | β | 0 |
| CVE-2025-23796 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tushar Patel Easy Portfolio easy-portfolio allows Stored XSS.This issue affects Easy Portfolio: fr... | N/A | NONE | β | 0 |
| CVE-2025-23797 Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor wp-options-editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through <= 1.1. | N/A | NONE | β | 0 |
| CVE-2025-23800 Cross-Site Request Forgery (CSRF) vulnerability in nova706 OrangeBox orangebox allows Cross Site Request Forgery.This issue affects OrangeBox: from n/a through <= 3.0.0. | N/A | NONE | β | 0 |
| CVE-2025-23801 Cross-Site Request Forgery (CSRF) vulnerability in FuzzGuard Style Admin style-admin allows Stored XSS.This issue affects Style Admin: from n/a through <= 1.4.3. | N/A | NONE | β | 0 |
| CVE-2025-23802 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SteveSoehl WP-Revive Adserver wp-revive-adserver allows Stored XSS.This issue affects WP-Revive Ad... | N/A | NONE | β | 0 |
| CVE-2025-23804 Cross-Site Request Forgery (CSRF) vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net wp-service-payment-form-with-authorizenet allows Reflected XSS.This issue affects WP S... | N/A | NONE | β | 0 |
| CVE-2025-23805 Cross-Site Request Forgery (CSRF) vulnerability in itamarg SEOReseller Partner sr-partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through <= 1.3.15. | N/A | NONE | β | 0 |
| CVE-2025-23807 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jim2212001 Spiderpowa Embed PDF spiderpowa-embed-pdf allows Stored XSS.This issue affects Spiderpo... | N/A | NONE | β | 0 |
| CVE-2025-23808 Cross-Site Request Forgery (CSRF) vulnerability in Dutch van Andel Custom List Table Example custom-list-table-example allows Reflected XSS.This issue affects Custom List Table Example: from n/a throu... | N/A | NONE | β | 0 |
| CVE-2025-23810 Cross-Site Request Forgery (CSRF) vulnerability in Igor Sazonov Len Slider len-slider allows Reflected XSS.This issue affects Len Slider: from n/a through <= 2.0.11. | N/A | NONE | β | 0 |
| CVE-2025-58680 Missing Authorization vulnerability in gutentor Gutentor gutentor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutentor: from n/a through <= 3.5.2. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.