Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-25014 Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25012 Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bannerize Pro: from n/a ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25011 Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25010 Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a thr... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24998 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24997 Missing Authorization vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Exploiting Incorrectly Configured Access Control Security Levels.This iss... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24996 Missing Authorization vulnerability in wpelemento WPElemento Importer wpelemento-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPElemento Importer... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24995 Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Sh... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24994 Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Pho... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24992 Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Retrieve Embedded Sensit... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24991 Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24990 Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through <= 2.2.8. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-24988 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored X... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24986 Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership W... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-24985 Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issu... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24984 Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: fr... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24982 Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24967 Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.38. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24966 Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape Premium copyscape-premium allows Cross Site Request Forgery.This issue affects Copyscape Premium: from n/a through <= 1.4.1. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24965 Missing Authorization vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24962 Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sigmize sigmize allows Cross Site Request Forgery.This issue affects Sigmize: from n/a through <= 0.0.9. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24961 Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through < 3.1.5. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-24958 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetEleme... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24957 Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24954 Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.0.8. | 8.8 | HIGH | — | 0 |
| CVE-2026-24952 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24951 Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.7.3. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24947 Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24945 Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24942 Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through <= 5.1.1. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24940 Missing Authorization vulnerability in Themefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelfic Toolkit: from n... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24939 Missing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modula Image Ga... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24938 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Better Search better-search allows Stored XSS.This issue affects Better Search: from n/a thro... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-1814 Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword() method. When updating legacy keystore passwords, th... | N/A | NONE | — | 0 |
| CVE-2026-1312 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, u... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1287 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1285 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_h... | 7.5 | HIGH | — | 0 |
| CVE-2026-1207 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the ban... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-65017 Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generati... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-5319 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Emit Informatics and Communication Technologies Industry and Trade Ltd. Co. DIGITA Efficiency Mana... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14550 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple... | 7.5 | HIGH | — | 0 |
| CVE-2025-13473 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows rem... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-37102 Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the un... | 7.8 | HIGH | — | 0 |
| CVE-2020-37101 VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in '... | 7.8 | HIGH | — | 0 |
| CVE-2020-37100 Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted... | 7.8 | HIGH | — | 0 |
| CVE-2020-37099 Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the ... | 7.8 | HIGH | — | 0 |
| CVE-2020-37098 Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted... | 7.8 | HIGH | — | 0 |
| CVE-2019-25261 AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the un... | 7.8 | HIGH | — | 0 |
| CVE-2025-7760 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HT... | 7.6 | HIGH | — | 0 |
| CVE-2025-6397 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Webs... | 8.6 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.