Latest CVE Feed
-
5.4
CVSS31CVE-2025-54038
Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress allows Cross Site Request Forgery. This issue affects Restaurant Menu by MotoPress: from n/a through 2.4.6.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
5.4
CVSS31CVE-2025-54037
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects News Kit Elementor Addons: from n/a through 1.3.4.... Read more
Affected Products : news_kit_elementor_addons- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
4.3
CVSS31CVE-2025-54036
Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking allows Cross Site Request Forgery. This issue affects Webba Booking: from n/a through 5.1.20.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
4.3
CVSS31CVE-2025-54035
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Newsletters allows Cross Site Request Forgery. This issue affects Newsletters: from n/a through 4.10.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
6.5
CVSS31CVE-2025-54033
Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP Theme Builder For Elementor allows Cross Site Request Forgery. This issue affects Theme Builder For Elementor: from n/a through 1.2.3.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
4.3
CVSS31CVE-2025-54030
Cross-Site Request Forgery (CSRF) vulnerability in GSheetConnector by WesternDeal WooCommerce Google Sheet Connector allows Cross Site Request Forgery. This issue affects WooCommerce Google Sheet Connector: from n/a through 1.3.20.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
8.5
CVSS31CVE-2025-54026
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuanticaLabs GymBase Theme Classes allows SQL Injection. This issue affects GymBase Theme Classes: from n/a through 1.4.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
6.5
CVSS31CVE-2025-54024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affects WPAdverts: from n/a through 2.2.5.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
6.5
CVSS31CVE-2025-54023
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows DOM-Based XSS. This issue affects WP Delicious: from n/a through 1.8.4.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
6.5
CVSS31CVE-2025-54022
Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Cross Site Request Forgery. This issue affects Coupon Affiliates: from n/a through 6.4.0.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
5.4
CVSS31CVE-2025-54020
Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form 7 allows Cross Site Request Forgery. This issue affects AntiSpam for Contact Form 7: from n/a through 0.6.3.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
4.3
CVSS31CVE-2025-54018
Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CM Pop-Up banners: from n/a through 1.8.4.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
6.5
CVSS31CVE-2025-54016
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Gilman Videopack allows DOM-Based XSS. This issue affects Videopack: from n/a through 4.10.3.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
6.6
CVSS31CVE-2025-54015
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins HT Contact Form 7 allows PHP Local File Inclusion. This issue affects HT Contact Form 7: from n/a through 2.0.0.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
5.9
CVSS31CVE-2025-54013
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nanbu Welcart e-Commerce allows Stored XSS. This issue affects Welcart e-Commerce: from n/a through 2.11.16.... Read more
Affected Products : welcart_e-commerce- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
4.3
CVSS31CVE-2025-54011
Missing Authorization vulnerability in SMTP2GO SMTP2GO allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMTP2GO: from n/a through 1.12.1.... Read more
Affected Products : smtp2go- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
9.6
CVSS31CVE-2025-54010
Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel FluentSnippets allows Cross Site Request Forgery. This issue affects FluentSnippets: from n/a through 10.50.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
6.5
CVSS31CVE-2025-54009
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSmartFilters allows Stored XSS. This issue affects JetSmartFilters: from n/a through 3.6.8.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
6.5
CVSS31CVE-2025-54006
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.4.1.... Read more
Affected Products : bold_page_builder- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025
-
4.3
CVSS31CVE-2025-53997
Missing Authorization vulnerability in favethemes Houzez allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez: from n/a through 4.0.4.... Read more
Affected Products : houzez- Published: Jul. 16, 2025
- Modified: Jul. 16, 2025