Latest CVE Feed
-
4.3
MEDIUMCVE-2025-67597
Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through <= 1.9.11.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-67588
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.33.0.... Read more
Affected Products : website_builder- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-12128
The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the save_data_hcps() function. This makes it... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-13794
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulk_action_generate_handler function in all versions up to, and including, 4.2.1. This makes it... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-12587
The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the website management pages. This makes it possible for unauthenticated attackers to a... Read more
Affected Products :- Published: Nov. 25, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-63013
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through <= 2.2.7.... Read more
Affected Products : wp_hotel_booking- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-12827
The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the top_friends_options_subpanel() function. This makes it possible for unauthenticated ... Read more
Affected Products :- Published: Nov. 18, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-66082
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 5.0.4.... Read more
Affected Products : event_manager_and_tickets_selling_for_woocommerce- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-43374
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, macOS Sequoia 15.5, watchOS 11.5. An attacker in physical proximity... Read more
- Published: Nov. 21, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-66097
Cross-Site Request Forgery (CSRF) vulnerability in Igor Jerosimić I Order Terms i-order-terms allows Cross Site Request Forgery.This issue affects I Order Terms: from n/a through <= 1.5.0.... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-66089
Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.1.... Read more
Affected Products :- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-66061
Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.... Read more
Affected Products : seriously_simple_podcasting- Published: Nov. 21, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-66101
Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through <= 2.0.1.... Read more
Affected Products : cbx_bookmark_\&_favorite- Published: Nov. 21, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-12558
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via the 'get_attachment_sizes' function. This makes it possible for authenticated attackers, with ... Read more
Affected Products : beaver_builder- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-62995
Missing Authorization vulnerability in multiparcels MultiParcels Shipping For WooCommerce multiparcels-shipping-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MultiParcels Shipping For WooCommerc... Read more
Affected Products : multiparcels_shipping_for_woocommerce- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-29845
A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.... Read more
- Published: Dec. 04, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-41693
A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2025-62867
Missing Authorization vulnerability in ergonet Ergonet Cache ergonet-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ergonet Cache: from n/a through <= 1.0.11.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-6195
GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration cond... Read more
Affected Products : gitlab- Published: Nov. 26, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-13136
The GSheetConnector For Ninja Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'njform-google-sheet-config ' page in all versions up to, and including, 2.0.1. This makes it possible for authe... Read more
Affected Products :- Published: Nov. 22, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Authorization