Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-69053 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects... | 7.1 | HIGH | — | 0 |
| CVE-2025-69052 Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number for WooCommerce registration-login-with-mobile-phone-number allows Exploiting Incorrectly Configured Acce... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69051 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro Reviews listingpro-reviews allows Reflected XSS.This issue affects Listing... | 7.1 | HIGH | — | 0 |
| CVE-2025-69050 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affe... | 8.1 | HIGH | — | 0 |
| CVE-2025-69049 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Töbel tobel allows PHP Local File Inclusion.This issue affects Tö... | 8.1 | HIGH | — | 0 |
| CVE-2025-69048 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects... | 7.1 | HIGH | — | 0 |
| CVE-2025-69047 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech MaxShop sw_maxshop allows PHP Local File Inclusion.This issue affects... | 8.1 | HIGH | — | 0 |
| CVE-2025-69046 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab iRecco Core irecco-core allows PHP Local File Inclusion.This issue... | 8.1 | HIGH | — | 0 |
| CVE-2025-69045 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents fo... | 8.5 | HIGH | — | 0 |
| CVE-2025-69044 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Vango vango allows PHP Local File Inclusion.This issue affects Vango... | 8.1 | HIGH | — | 0 |
| CVE-2025-69043 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rashy... | 8.1 | HIGH | — | 0 |
| CVE-2025-69042 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo... | 8.1 | HIGH | — | 0 |
| CVE-2025-69041 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Dekoro dekoro allows PHP Local File Inclusion.This issue affects Dek... | 8.1 | HIGH | — | 0 |
| CVE-2025-69040 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfres... | 8.1 | HIGH | — | 0 |
| CVE-2025-69039 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bai... | 8.1 | HIGH | — | 0 |
| CVE-2025-69038 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Hyori hyori allows PHP Local File Inclusion.This issue affects Hyori... | 8.1 | HIGH | — | 0 |
| CVE-2025-69037 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Pippo pippo allows PHP Local File Inclusion.This issue affects Pippo... | 8.1 | HIGH | — | 0 |
| CVE-2025-69036 Deserialization of Untrusted Data vulnerability in strongholdthemes Tech Life CPT techlife-cpt allows Object Injection.This issue affects Tech Life CPT: from n/a through <= 16.4. | 8.8 | HIGH | — | 0 |
| CVE-2025-69035 Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2. | 8.8 | HIGH | — | 0 |
| CVE-2025-69005 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Search & Go search-and-go allows PHP Local File Inclusion.This is... | 8.1 | HIGH | — | 0 |
| CVE-2025-69004 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar all... | 8.1 | HIGH | — | 0 |
| CVE-2025-69003 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from ... | 7.1 | HIGH | — | 0 |
| CVE-2025-69002 Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through <= 3.9. | 8.8 | HIGH | — | 0 |
| CVE-2025-69001 Improper Control of Generation of Code ('Code Injection') vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through <= 6.1.11. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-68999 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This iss... | 8.5 | HIGH | — | 0 |
| CVE-2025-68986 Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Miion miion allows Upload a Web Shell to a Web Server.This issue affects Miion: from n/a through <= 1.2.7. | 9.9 | CRITICAL | — | 0 |
| CVE-2025-68913 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion... | 7.5 | HIGH | — | 0 |
| CVE-2025-68912 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.... | 8.6 | HIGH | — | 0 |
| CVE-2025-68911 Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through <= 2.1.16. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68910 Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogzee blogzee allows Using Malicious Files.This issue affects Blogzee: from n/a through <= 1.0.5. | 9.9 | CRITICAL | — | 0 |
| CVE-2025-68909 Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogistic blogistic allows Using Malicious Files.This issue affects Blogistic: from n/a through <= 1.0.5. | 9.9 | CRITICAL | — | 0 |
| CVE-2025-68908 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in temash Barberry barberry allows PHP Local File Inclusion.This issue affects Bar... | 8.1 | HIGH | — | 0 |
| CVE-2025-68907 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Hostme v2 hostmev2 allows Path Traversal.This issue affects Hostme v2: from n/a through <= 7... | 7.5 | HIGH | — | 0 |
| CVE-2025-68906 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a... | 7.1 | HIGH | — | 0 |
| CVE-2025-68905 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.Th... | 7.5 | HIGH | — | 0 |
| CVE-2025-68904 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNe... | 7.1 | HIGH | — | 0 |
| CVE-2025-68903 Deserialization of Untrusted Data vulnerability in AivahThemes Anona anona allows Object Injection.This issue affects Anona: from n/a through <= 8.0. | 8.8 | HIGH | — | 0 |
| CVE-2025-68902 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0. | 7.5 | HIGH | — | 0 |
| CVE-2025-68901 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0. | 8.6 | HIGH | — | 0 |
| CVE-2025-68900 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows DOM-Based XSS.This issue affects Enfold: from n/a through <= 7.1.3. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68899 Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4. | 8.8 | HIGH | — | 0 |
| CVE-2025-68898 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects... | 5.8 | MEDIUM | — | 0 |
| CVE-2025-68896 Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a t... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68894 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a throug... | 7.1 | HIGH | — | 0 |
| CVE-2025-68884 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Re... | 7.1 | HIGH | — | 0 |
| CVE-2025-68883 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affe... | 7.1 | HIGH | — | 0 |
| CVE-2025-68882 Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through <= 1.1.5. | 7.5 | HIGH | — | 0 |
| CVE-2025-68881 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal AppExperts appexperts allows SQL Injection.This issue affects AppExperts: from n/a thro... | 8.5 | HIGH | — | 0 |
| CVE-2025-68871 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through <= 2.3... | 7.1 | HIGH | — | 0 |
| CVE-2025-68869 Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.2.37. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.