CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-47609 Cross-Site Request Forgery (CSRF) vulnerability in easymebiz EasyMe Connect easyme-connect allows Cross Site Request Forgery.This issue affects EasyMe Connect: from n/a through <= 3.0.3. | N/A | NONE | — | 0 |
| CVE-2025-47612 Missing Authorization vulnerability in ClickWhale ClickWhale clickwhale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ClickWhale: from n/a through <= 2.4.6... | 8.8 | HIGH | — | 0 |
| CVE-2025-47620 Cross-Site Request Forgery (CSRF) vulnerability in bundgaard Martins Free Monetized Ad Exchange Network martins-free-and-easy-ad-network-get-more-visitors allows Reflected XSS.This issue affects Marti... | N/A | NONE | — | 0 |
| CVE-2025-47621 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Flexible Shortcodes meks-flexible-shortcodes allows Stored XSS.This issue affects Meks F... | N/A | NONE | — | 0 |
| CVE-2025-47622 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados Email Notification on Login email-notification-on-login allows Stored XSS.This issue a... | N/A | NONE | — | 0 |
| CVE-2025-47623 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Easy PayPal Buy Now Button wp-ecommerce-paypal allows Stored XSS.This issue affects... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-47624 Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Cross Site Request Forgery.This issue affects DoFollow Case by Case: from n/a through ... | 8.8 | HIGH | — | 0 |
| CVE-2025-47625 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados DoFollow Case by Case dofollow-case-by-case allows Stored XSS.This issue affects DoFol... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-47626 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados Submission DOM tracking for Contact Form 7 cf7-submission-dom-tracking allows Stored X... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-47628 Missing Authorization vulnerability in quomodosoft QS Dark Mode qs-dark-mode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QS Dark Mode: from n/a through <... | 8.8 | HIGH | — | 0 |
| CVE-2025-47629 Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Object Injection.This issue affects WP-CRM System: from n/a through <= 3.4.5. | 7.2 | HIGH | — | 0 |
| CVE-2025-47655 Cross-Site Request Forgery (CSRF) vulnerability in themarketer2023 theMarketer themarketer allows Stored XSS.This issue affects theMarketer: from n/a through <= 1.4.7. | N/A | NONE | — | 0 |
| CVE-2025-47630 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney Ajax Load More ajax-load-more allows Stored XSS.This issue affects Ajax Load More: f... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-47632 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raihanul Islam Awesome Gallery awesome-gallery allows Stored XSS.This issue affects Awesome Galler... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-47633 Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin – Advertiser Tracking for WooCommerce awin-advertiser-tracking allows Cross Site Request Forgery.This issue affects Awin – Advertiser Track... | 8.8 | HIGH | — | 0 |
| CVE-2025-47635 Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Server Side Request Forgery.This issue affects WebinarPress: from n/a through <= 1.33.28. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-47636 Path Traversal: '.../...//' vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through <= 0.91.0. | N/A | NONE | — | 0 |
| CVE-2025-47638 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sarvesh M Rao WP Discord Invite wp-discord-invite allows Stored XSS.This issue affects WP Discord ... | N/A | NONE | — | 0 |
| CVE-2025-47639 Cross-Site Request Forgery (CSRF) vulnerability in Supertext Supertext Translation and Proofreading polylang-supertext allows Stored XSS.This issue affects Supertext Translation and Proofreading: from... | N/A | NONE | — | 0 |
| CVE-2025-47644 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in formsintegrations Integrations of Zoho CRM with Elementor form integrations-of-zoho-crm-with-elementor-form allows Phishing.This is... | N/A | NONE | — | 0 |
| CVE-2025-47647 Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light sidebar-manager-light allows Cross Site Request Forgery.This issue affects Sidebar Manager Light: from n/a through <=... | N/A | NONE | — | 0 |
| CVE-2025-47648 Cross-Site Request Forgery (CSRF) vulnerability in axima Pays – WooCommerce Payment Gateway axima-payment-gateway allows Stored XSS.This issue affects Pays – WooCommerce Payment Gateway: from n/a thro... | N/A | NONE | — | 0 |
| CVE-2025-47649 Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through <= 4.... | N/A | NONE | — | 0 |
| CVE-2025-47656 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiracle Themes Spiraclethemes Site Library spiraclethemes-site-library allows Stored XSS.This iss... | N/A | NONE | — | 0 |
| CVE-2025-47657 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Productive Minds Productive Commerce productive-commerce allows SQL Injection.This issue affects P... | N/A | NONE | — | 0 |
| CVE-2025-47659 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows Stored XSS.Thi... | N/A | NONE | — | 0 |
| CVE-2025-47661 Cross-Site Request Forgery (CSRF) vulnerability in codemstory 워드프레스 결제 심플페이 pgall-for-woocommerce allows Cross Site Request Forgery.This issue affects 워드프레스 결제 심플페이: from n/a through <= 5.2.11. | N/A | NONE | — | 0 |
| CVE-2025-47662 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woobox Woobox woobox allows Stored XSS.This issue affects Woobox: from n/a through <= 1.6. | N/A | NONE | — | 0 |
| CVE-2025-47665 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bistromatic N360 | Splash Screen n360-splash-screen allows Stored XSS.This issue affects N360 | Sp... | N/A | NONE | — | 0 |
| CVE-2025-47667 Cross-Site Request Forgery (CSRF) vulnerability in qusupport LiveAgent liveagent allows Cross Site Request Forgery.This issue affects LiveAgent: from n/a through <= 4.4.7. | N/A | NONE | — | 0 |
| CVE-2025-47668 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cookiecode CookieCode cookiecode allows Stored XSS.This issue affects CookieCode: from n/a through... | N/A | NONE | — | 0 |
| CVE-2025-47669 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sabuj Kundu CBX Map for Google Map & OpenStreetMap cbxgooglemap allows DOM-Based XSS.This issue af... | N/A | NONE | — | 0 |
| CVE-2025-47674 Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial Credova_Financial credova-financial allows Cross Site Request Forgery.This issue affects Credova_Financial: from n/a through <= 2.5... | N/A | NONE | — | 0 |
| CVE-2025-47675 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woobox Woobox woobox allows DOM-Based XSS.This issue affects Woobox: from n/a through <= 1.6. | N/A | NONE | — | 0 |
| CVE-2025-47676 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faiyaz Alam User Login History user-login-history allows Stored XSS.This issue affects User Login ... | N/A | NONE | — | 0 |
| CVE-2025-47677 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery gt3-photo-video-gallery allows Stored XSS.This issue affects Photo Gallery... | N/A | NONE | — | 0 |
| CVE-2025-47688 Missing Authorization vulnerability in Saad Iqbal Advanced File Manager file-manager-advanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced File M... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-47691 Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member ultimate-member allows Code Injection.This issue affects Ultimate Member: from n/a through <=... | N/A | NONE | — | 0 |
| CVE-2025-47692 Missing Authorization vulnerability in contentstudio Contentstudio contentstudio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contentstudio: from n/a thro... | N/A | NONE | — | 0 |
| CVE-2025-47578 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Edward Caissie BNS Twitter Follow Button bns-twitter-follow-button allows DOM-Based XSS.This issue... | N/A | NONE | — | 0 |
| CVE-2025-47682 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Al... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-47445 Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-47580 Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-51666 Missing Authorization vulnerability in Tosin Oguntuyi Tours tours.This issue affects Tours: from n/a through <= 1.0.0. | N/A | NONE | — | 0 |
| CVE-2025-32922 Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Stored XSS.This issue affects WP2LEADS: from n/a through <= 3.5.0. | N/A | NONE | — | 0 |
| CVE-2025-31062 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist wishlist allows Retrieve Embedded Sensitive Data.This issue affects Wishlist: from n/a thr... | N/A | NONE | — | 0 |
| CVE-2025-31063 Missing Authorization vulnerability in redqteam Wishlist wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wishlist: from n/a through <= 2.1.0. | N/A | NONE | — | 0 |
| CVE-2025-31066 Missing Authorization vulnerability in themeton Acerola acerola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acerola: from n/a through <= 1.6.5. | N/A | NONE | — | 0 |
| CVE-2025-31640 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic-carousel allows SQL Injection.Th... | N/A | NONE | — | 0 |
| CVE-2026-4679 Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.