CVE Vulnerabilities

CVE vulnerability database enriched with CISA KEV and NVD data

Total: 16,505 CVEs

CVE ID	CVSS	Severity	KEV	Published
CVE-2025-66137 Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Eleme...	8.8	HIGH	—	1/22/2026
CVE-2025-66138 Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for El...	8.8	HIGH	—	1/22/2026
CVE-2025-66139 Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: ...	5.4	MEDIUM	—	1/22/2026
CVE-2025-66140 Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n...	5.4	MEDIUM	—	1/22/2026
CVE-2025-66141 Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2.	5.4	MEDIUM	—	1/22/2026
CVE-2025-66142 Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimag...	5.4	MEDIUM	—	1/22/2026
CVE-2025-66143 Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.1...	5.4	MEDIUM	—	1/22/2026
CVE-2025-67221 The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.	7.5	HIGH	—	1/22/2026
CVE-2025-67614 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through <= 1.5...	7.1	HIGH	—	1/22/2026
CVE-2025-67615 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Myour myour allows PHP Local File Inclusion.This issue affects Myour:...	8.1	HIGH	—	1/22/2026
CVE-2025-67616 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: ...	8.1	HIGH	—	1/22/2026
CVE-2025-67617 Deserialization of Untrusted Data vulnerability in themeton Consult Aid consultaid allows Object Injection.This issue affects Consult Aid: from n/a through <= 1.4.3.	9.8	CRITICAL	—	1/22/2026
CVE-2025-67619 Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through <= 3.2.	8.8	HIGH	—	1/22/2026
CVE-2025-67620 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CleverSoft Anon anon2x allows Reflected XSS.This issue affects Anon: from n/a through <= 2.2.10.	7.1	HIGH	—	1/22/2026
CVE-2025-67942 Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach P...	6.5	MEDIUM	—	1/22/2026
CVE-2025-67943 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affec...	7.1	HIGH	—	1/22/2026
CVE-2025-67944 Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through ...	9.1	CRITICAL	—	1/22/2026
CVE-2025-67945 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue aff...	9.3	CRITICAL	—	1/22/2026
CVE-2025-67946 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affe...	8.1	HIGH	—	1/22/2026
CVE-2025-67947 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdFore...	7.1	HIGH	—	1/22/2026
CVE-2025-67949 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through <...	7.1	HIGH	—	1/22/2026
CVE-2025-67952 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a throu...	7.1	HIGH	—	1/22/2026
CVE-2025-67953 Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through <= 1.1...	8.1	HIGH	—	1/22/2026
CVE-2025-67954 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue ...	6.5	MEDIUM	—	1/22/2026
CVE-2025-67955 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP MyHome Core myhome-core allows PHP Local File Inclusion.This issue a...	7.5	HIGH	—	1/22/2026
CVE-2025-67957 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP Listivo Core listivo-core allows PHP Local File Inclusion.This issue...	8.1	HIGH	—	1/22/2026
CVE-2025-67958 Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCom...	6.5	MEDIUM	—	1/22/2026
CVE-2025-67959 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout workscout allows Reflected XSS.This issue affects WorkScout: from n/a through...	7.1	HIGH	—	1/22/2026
CVE-2025-67960 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: f...	7.1	HIGH	—	1/22/2026
CVE-2025-67961 Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows Server Side Request Forgery.This issue affects WPO365: from n/a through <= 40.0.	6.4	MEDIUM	—	1/22/2026
CVE-2025-67963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ovatheme Movie Booking movie-booking allows Path Traversal.This issue affects Movie Booking: from n/a th...	8.6	HIGH	—	1/22/2026
CVE-2025-67964 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a thro...	7.1	HIGH	—	1/22/2026
CVE-2025-67966 Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through <= 1.3.3.	8.8	HIGH	—	1/22/2026
CVE-2025-67967 Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a...	7.6	HIGH	—	1/22/2026
CVE-2025-67968 Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM realhomes-crm allows Using Malicious Files.This issue affects Real Homes CRM: from n/a through <= 1.0.0.	9.9	CRITICAL	—	1/22/2026
CVE-2025-68001 Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through <=...	9.8	CRITICAL	—	1/22/2026
CVE-2025-68003 Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/...	6.5	MEDIUM	—	1/22/2026
CVE-2025-68004 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: fr...	7.1	HIGH	—	1/22/2026
CVE-2025-68006 Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a ...	6.5	MEDIUM	—	1/22/2026
CVE-2025-68007 Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espre...	6.5	MEDIUM	—	1/22/2026
CVE-2025-68008 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= ...	7.1	HIGH	—	1/22/2026
CVE-2025-68009 Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through ...	6.5	MEDIUM	—	1/22/2026
CVE-2025-68010 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netgsm Netgsm netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through <= 2.9.63.	7.1	HIGH	—	1/22/2026
CVE-2025-68011 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affe...	7.1	HIGH	—	1/22/2026
CVE-2025-68012 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/...	7.1	HIGH	—	1/22/2026
CVE-2025-68013 Missing Authorization vulnerability in cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.Th...	6.5	MEDIUM	—	1/22/2026
CVE-2025-68016 Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security L...	6.5	MEDIUM	—	1/22/2026
CVE-2025-68017 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affe...	7.5	HIGH	—	1/22/2026
CVE-2025-68019 Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through <=...	6.5	MEDIUM	—	1/22/2026
CVE-2025-68027 Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through <= 1.1.32.	7.3	HIGH	—	1/22/2026

Page 45 of 331

Previous Next

This product uses data from the NVD API but is not endorsed or certified by the NVD.