Latest CVE Feed
-
5.3
MEDIUMCVE-2025-12841
The Bookit WordPress plugin before 2.5.1 has a publicly accessible REST endpoint that allows unauthenticated update of the plugins Stripe payment options.... Read more
Affected Products : bookit- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-66128
Missing Authorization vulnerability in Brevo Sendinblue for WooCommerce woocommerce-sendinblue-newsletter-subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sendinblue for WooCommerce: from n/a through ... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12408
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 7.2.2.2 via the 'get_location' action due to insufficient restrictions on which locations can be i... Read more
Affected Products : events_manager- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-14065
The Simple Bike Rental plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'simpbire_carica_prenotazioni' AJAX action in all versions up to, and including, 1.0.6. This makes it possible for authentica... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14442
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and inclu... Read more
Affected Products : secure_copy_content_protection_and_content_locking- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-67583
Missing Authorization vulnerability in ThemeAtelier IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through <= 2.1.15.... Read more
Affected Products : idonate- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-66125
Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through <= 4.3.2.... Read more
Affected Products : ultimate_wordpress_auction_plugin- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-64638
Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through <= 1.0.47.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67572
Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through < 6.7.4.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13157
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qode_wishlist_for_woocommerce_wishlist_table_item_callback' function due to missing validation on... Read more
Affected Products :- Published: Nov. 27, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12809
The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/dokan/v1/wholesale/register` REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticat... Read more
Affected Products : dokan_pro_plugin- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67577
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.8.20.... Read more
Affected Products : easy_form_builder- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13314
The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.5 due to a missing capability check on the 'filter_save_... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13441
The Hide Category by User Role for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.1. This is due to a missing capability check on the admin_init hook that executes wp_cache_flush(). This m... Read more
Affected Products :- Published: Nov. 27, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-62567
Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
-
5.3
MEDIUMCVE-2025-65096
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly acc... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-64633
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through <= 1.6.8.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-12883
The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment Bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly validating that a transaction has occurred through the payment ... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14220
A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and m... Read more
Affected Products :- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-13876
A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be perf... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Path Traversal