Latest CVE Feed
-
5.4
MEDIUMCVE-2025-14976
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. T... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.4
MEDIUMCVE-2025-14001
The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it po... Read more
Affected Products : wp_duplicate_page- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-13979
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2.... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-13983
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.44.... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-71164
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the Editing component. The images parameter (submitted as images[] in a POST request) is reflected into an HTML href attribute without proper c... Read more
Affected Products : typesetter- Published: Jan. 14, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-24631
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through <= 1.4.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-24037
Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the has_xss() function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making t... Read more
Affected Products : horilla- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-68718
KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials (root:12345678). The administrator cannot disable these services or change the hardcoded password. (Changing the management GUI ... Read more
- Published: Jan. 08, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-69354
Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-24558
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-24550
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.15.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-66140
Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-61550
Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. User-supplied input is stored and later rende... Read more
Affected Products : print_shop_pro_webdesk- Published: Jan. 08, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-24365
Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce: from n/a through < 3.6.0.... Read more
Affected Products : stock_manager_for_woocommerce- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.4
MEDIUMCVE-2026-1146
A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /php/api_register_patient.php. Such manipulation of the argument firstName/l... Read more
Affected Products : patients_waiting_area_queue_management_system- Published: Jan. 19, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-15510
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenti... Read more
Affected Products : nex-forms- Published: Jan. 31, 2026
- Modified: Jan. 31, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-22458
Missing Authorization vulnerability in Mikado-Themes Wanderland wanderland allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wanderland: from n/a through <= 1.5.... Read more
Affected Products : wanderland- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-68949
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source ... Read more
Affected Products : n8n- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2026-0817
Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39.... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-0831
The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`,... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Path Traversal