Latest CVE Feed
-
8.8
HIGHCVE-2025-68853
Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-68542
Missing Authorization vulnerability in vgdevsolutions Checkout Gateway for IRIS checkout-gateway-iris allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Gateway for IRIS: from n/a through <= 1.3.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-68541
Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through <= 1.2.0.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-68534
Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 6.3.0.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-68531
Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through < 1.5.6.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-68069
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.... Read more
Affected Products : directorist- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-68050
Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through <= 1.1.3.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
7.3
HIGHCVE-2025-68043
Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-68026
Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-68024
Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – WooCommerce Wishlist: from n/a through <= 2.0.15.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2025-68022
Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin BlueX for WooCommerce: from n/a through <= 3.1.6.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-68005
Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.8.7.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-68000
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-67997
Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-67993
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.2.1.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
8.2
HIGHCVE-2025-67977
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.8.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-67974
Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67970
Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schedula: from n/a through <= 1.0.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-67624
Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! – Images: from n/a through <= 1.1.3.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2025-46320
A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7.... Read more
Affected Products :- Published: Feb. 24, 2026
- Modified: Feb. 24, 2026
- Vuln Type: Cross-Site Scripting