Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-66122 Missing Authorization vulnerability in Design Stylish Price List stylish-price-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stylish Price List: from ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-66124 Missing Authorization vulnerability in ZEEN101 Leaky Paywall leaky-paywall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leaky Paywall: from n/a through <=... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-66125 Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a thro... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-66126 Insertion of Sensitive Information Into Sent Data vulnerability in wowpress.host Fix Media Library wow-media-library-fix allows Retrieve Embedded Sensitive Data.This issue affects Fix Media Library: f... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-66127 Missing Authorization vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Est... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-27063 Memory corruption during video playback when video session open fails with time out error. | 7.8 | HIGH | — | 0 |
| CVE-2025-66128 Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issu... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-66129 Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through <= 1.18.0. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-66130 Missing Authorization vulnerability in etruel WP Views Counter wpecounter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Views Counter: from n/a through ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-66131 Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig-payment-gateway-for-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue ... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-66132 Authorization Bypass Through User-Controlled Key vulnerability in FAPI Business s.r.o. FAPI Member fapi-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-66133 Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.Thi... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-66134 Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FileBird Pro: from n/a through <= ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-66147 Missing Authorization vulnerability in merkulove Coder for Elementor coder-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coder for Elementor: fro... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-66161 Missing Authorization vulnerability in merkulove Grider for Elementor grider-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grider for Elementor: ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-66162 Missing Authorization vulnerability in merkulove Spoter for Elementor spoter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spoter for Elementor: ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-66163 Missing Authorization vulnerability in merkulove Masker for Elementor masker-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masker for Elementor: ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-67929 Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI Wo... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-67948 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Retrieve Embedded... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-67950 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects ... | 8.5 | HIGH | — | 0 |
| CVE-2025-67951 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor wpzoom-elementor-addons allows DOM-Based XSS.This issue affects... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-67962 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue aff... | 7.6 | HIGH | — | 0 |
| CVE-2025-67965 Missing Authorization vulnerability in favethemes Homey Core homey-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Homey Core: from n/a through <= 2.4.3... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-67976 Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-67983 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows DOM-Based XSS.This iss... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-67985 Authorization Bypass Through User-Controlled Key vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-67986 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barn2 Plugins Document Library Lite document-library-lite allows DOM-Based XSS.This issue affects ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-67989 Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge kerge allows Server Side Request Forgery.This issue affects Kerge: from n/a through <= 4.1.3. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-68054 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL I... | 8.5 | HIGH | — | 0 |
| CVE-2025-68055 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n... | 8.5 | HIGH | — | 0 |
| CVE-2025-68056 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LBG Zoominoutslider lbg_zoominoutslider allows SQL Injection.This issue affects LBG Z... | 8.5 | HIGH | — | 0 |
| CVE-2025-68061 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects Ed... | 7.5 | HIGH | — | 0 |
| CVE-2025-68062 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects ... | 7.5 | HIGH | — | 0 |
| CVE-2025-68065 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core hub-core allows PHP Local File Inclusion.This issue affec... | 7.5 | HIGH | — | 0 |
| CVE-2025-68066 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects ... | 7.5 | HIGH | — | 0 |
| CVE-2025-68067 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.Thi... | 7.5 | HIGH | — | 0 |
| CVE-2025-68068 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm stockholm allows PHP Local File Inclusion.This issue af... | 7.5 | HIGH | — | 0 |
| CVE-2025-68070 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vektor,Inc. VK Google Job Posting Manager vk-google-job-posting-manager allows Stored XSS.This iss... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68071 Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68078 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNectar Salient Portfolio salient-portfolio allows Stored XSS.This issue affects Salient Portf... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68079 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNectar Salient Shortcodes salient-shortcodes allows Stored XSS.This issue affects Salient Sho... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68080 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal User Avatar - Reloaded user-avatar-reloaded allows Stored XSS.This issue affects User A... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68082 Cross-Site Request Forgery (CSRF) vulnerability in SEMrush CY LTD Semrush Content Toolkit semrush-contentshake allows Cross Site Request Forgery.This issue affects Semrush Content Toolkit: from n/a th... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-68083 Cross-Site Request Forgery (CSRF) vulnerability in Meks Meks Quick Plugin Disabler meks-quick-plugin-disabler allows Cross Site Request Forgery.This issue affects Meks Quick Plugin Disabler: from n/a ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-68084 Missing Authorization vulnerability in Nitesh Ultimate Auction ultimate-auction allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Auction : from n/a ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-68085 Missing Authorization vulnerability in merkulove Buttoner for Elementor buttoner-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Buttoner for Eleme... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-68086 Missing Authorization vulnerability in merkulove Reformer for Elementor reformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reformer for Eleme... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-68087 Missing Authorization vulnerability in merkulove Modalier for Elementor modalier-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modalier for Eleme... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-68088 Missing Authorization vulnerability in merkulove Huger for Elementor huger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Huger for Elementor: fro... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-53894 phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashe... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.