Vulnerabilites CVE

Base de donnees CVE enrichie avec CISA KEV et NVD

Total: 333,971 CVEs

CVE ID	CVSS	Severite	KEV	Publie
CVE-2025-67961 Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows Server Side Request Forgery.This issue affects WPO365: from n/a through <= 40.0.	6.4	MEDIUM	—	1/22/2026
CVE-2025-67960 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: f...	7.1	HIGH	—	1/22/2026
CVE-2025-67959 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout workscout allows Reflected XSS.This issue affects WorkScout: from n/a through...	7.1	HIGH	—	1/22/2026
CVE-2025-67958 Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCom...	6.5	MEDIUM	—	1/22/2026
CVE-2025-67957 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP Listivo Core listivo-core allows PHP Local File Inclusion.This issue...	8.1	HIGH	—	1/22/2026
CVE-2025-67956 Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from ...	8.2	HIGH	—	1/22/2026
CVE-2025-67955 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP MyHome Core myhome-core allows PHP Local File Inclusion.This issue a...	7.5	HIGH	—	1/22/2026
CVE-2025-67954 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue ...	6.5	MEDIUM	—	1/22/2026
CVE-2025-67953 Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through <= 1.1...	8.1	HIGH	—	1/22/2026
CVE-2025-67952 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a throu...	7.1	HIGH	—	1/22/2026
CVE-2025-67949 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through <...	7.1	HIGH	—	1/22/2026
CVE-2025-67947 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdFore...	7.1	HIGH	—	1/22/2026
CVE-2025-67946 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affe...	8.1	HIGH	—	1/22/2026
CVE-2025-67945 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue aff...	9.3	CRITICAL	—	1/22/2026
CVE-2025-67944 Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through ...	9.1	CRITICAL	—	1/22/2026
CVE-2025-67943 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affec...	7.1	HIGH	—	1/22/2026
CVE-2025-67942 Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach P...	6.5	MEDIUM	—	1/22/2026
CVE-2025-67941 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle theaisle allows PHP Local File Inclusion.This issue aff...	8.1	HIGH	—	1/22/2026
CVE-2025-67940 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Powerlift powerlift allows PHP Local File Inclusion.This issue af...	8.1	HIGH	—	1/22/2026
CVE-2025-67939 Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a throu...	6.5	MEDIUM	—	1/22/2026
CVE-2025-67938 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Biagiotti biagiotti allows PHP Local File Inclusion.This issue af...	8.1	HIGH	—	1/22/2026
CVE-2025-67923 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a throug...	7.1	HIGH	—	1/22/2026
CVE-2025-67626 Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO Search wp-seo-search allows Cross Site Request Forgery.This issue affects WP SEO Search: from n/a through <= 1.1.	4.3	MEDIUM	—	1/22/2026
CVE-2025-67620 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CleverSoft Anon anon2x allows Reflected XSS.This issue affects Anon: from n/a through <= 2.2.10.	7.1	HIGH	—	1/22/2026
CVE-2025-67619 Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through <= 3.2.	8.8	HIGH	—	1/22/2026
CVE-2025-67617 Deserialization of Untrusted Data vulnerability in themeton Consult Aid consultaid allows Object Injection.This issue affects Consult Aid: from n/a through <= 1.4.3.	9.8	CRITICAL	—	1/22/2026
CVE-2025-67616 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: ...	8.1	HIGH	—	1/22/2026
CVE-2025-67615 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Myour myour allows PHP Local File Inclusion.This issue affects Myour:...	8.1	HIGH	—	1/22/2026
CVE-2025-67614 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through <= 1.5...	7.1	HIGH	—	1/22/2026
CVE-2025-67221 The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.	7.5	HIGH	—	1/22/2026
CVE-2025-66143 Missing Authorization vulnerability in merkulove Crumber crumber-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crumber: from n/a through <= 1.0.1...	5.4	MEDIUM	—	1/22/2026
CVE-2025-66142 Missing Authorization vulnerability in merkulove Comparimager for Elementor comparimager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comparimag...	5.4	MEDIUM	—	1/22/2026
CVE-2025-66141 Missing Authorization vulnerability in merkulove Scroller scroller allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scroller: from n/a through <= 2.0.2.	5.4	MEDIUM	—	1/22/2026
CVE-2025-66140 Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n...	5.4	MEDIUM	—	1/22/2026
CVE-2025-66139 Missing Authorization vulnerability in merkulove Audier For Elementor audier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audier For Elementor: ...	5.4	MEDIUM	—	1/22/2026
CVE-2025-66138 Missing Authorization vulnerability in merkulove Motionger for Elementor motionger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motionger for El...	5.4	MEDIUM	—	1/22/2026
CVE-2025-66137 Missing Authorization vulnerability in merkulove Searcher for Elementor searcher-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Searcher for Eleme...	5.4	MEDIUM	—	1/22/2026
CVE-2025-66136 Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: ...	5.4	MEDIUM	—	1/22/2026
CVE-2025-66135 Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: ...	5.4	MEDIUM	—	1/22/2026
CVE-2025-64252 Server-Side Request Forgery (SSRF) vulnerability in Marco Milesi ANAC XML Viewer anac-xml-viewer allows Server Side Request Forgery.This issue affects ANAC XML Viewer: from n/a through <= 1.8.2.	4.9	MEDIUM	—	1/22/2026
CVE-2025-63051 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Frame...	4.3	MEDIUM	—	1/22/2026
CVE-2025-63026 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant Theme Elements for Elementor grandrestaurant-elementor allows Stored X...	6.5	MEDIUM	—	1/22/2026
CVE-2025-63019 Insertion of Sensitive Information Into Sent Data vulnerability in Johan Jonk Stenström Cookies and Content Security Policy cookies-and-content-security-policy allows Retrieve Embedded Sensitive Data....	5.3	MEDIUM	—	1/22/2026
CVE-2025-63018 Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bard: from n/a through <= 2.229.	4.3	MEDIUM	—	1/22/2026
CVE-2025-63017 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes WerkStatt Plugin werkstatt-plugin allows PHP Local File Inclusion.Th...	7.5	HIGH	—	1/22/2026
CVE-2025-62754 Missing Authorization vulnerability in Kapil Paul Payment Gateway bKash for WC woo-payment-bkash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gate...	5.3	MEDIUM	—	1/22/2026
CVE-2025-62741 Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3.	5.4	MEDIUM	—	1/22/2026
CVE-2025-62106 Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a throu...	5.4	MEDIUM	—	1/22/2026
CVE-2025-62077 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SEOSEON EUROPE S.L Affiliate Link Tracker affiliate-link-tracker allows Stored XSS.This issue affe...	5.9	MEDIUM	—	1/22/2026
CVE-2025-62056 Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes News Event news-event.This issue affects News Event: from n/a through <= 1.0.1.	9.9	CRITICAL	—	1/22/2026

Page 376 de 6680

Precedent Suivant

This product uses data from the NVD API but is not endorsed or certified by the NVD.