Latest CVE Feed
-
5.3
MEDIUMCVE-2025-67579
Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through <= 16.8.... Read more
Affected Products : user_extra_fields- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67578
Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp-email-capture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Email Capture: from n/a through <= 3.12.4.... Read more
Affected Products : wp_email_capture- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67576
Missing Authorization vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Link Directory: from n/a through <= 8.8.3.... Read more
Affected Products : simple_link_directory- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-63071
Insertion of Sensitive Information Into Sent Data vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Retrieve Embedded Sensitive Data.This issue affects Shortcodes and extra features for Phlox theme: from n/a throu... Read more
Affected Products : shortcodes_and_extra_features_for_phlox_theme- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-62870
Missing Authorization vulnerability in Eupago Eupago Gateway For Woocommerce eupago-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eupago Gateway For Woocommerce: from n/a through <= 4.6.... Read more
Affected Products : eupago_gateway_woocommerce- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67582
Missing Authorization vulnerability in wbcomdesigns Wbcom Designs lock-my-bp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wbcom Designs: from n/a through <= 2.1.1.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67575
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through <= 2.4.1.... Read more
Affected Products : sitewide_notice_wp- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67565
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a through <= 19.9.9.1.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-67566
Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.... Read more
Affected Products : woffice- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67581
Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: from n/a through <= 1.1.0.... Read more
Affected Products : truebooker- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-10876
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allows Cross-Site Scripting (XSS).This issue affects e-BAP Automation: from 1.8.96 before v.41815.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-67567
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in uixthemes Sober sober allows Retrieve Embedded Sensitive Data.This issue affects Sober: from n/a through <= 3.5.11.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-67586
Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through <= 5.2.0.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-63008
Missing Authorization vulnerability in weDevs WP ERP erp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through <= 1.16.7.... Read more
Affected Products : wp_erp- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-63069
Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through <= 5.5.12.... Read more
Affected Products : ivory_search- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67584
Missing Authorization vulnerability in rtCamp GoDAM godam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDAM: from n/a through <= 1.4.6.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67580
Missing Authorization vulnerability in Constant Contact Constant Contact + WooCommerce constant-contact-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact + WooCommerce: from n/a through... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67574
Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a... Read more
Affected Products : booking_calendar- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-67485
mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and blocking of malicious web activity using custom security policies. Versions 0.3 and below allow attackers to bypass HTTP/HTTPS traffic interception rules, potentially exposing sensitive... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-62740
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5.... Read more
Affected Products : wp-crm_system- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization