Latest CVE Feed
-
6.5
MEDIUMCVE-2025-62761
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BasePress Knowledge Base documentation & wiki plugin – BasePress allows Stored XSS.This issue affects Knowledge Base documentation & wiki plugin – BasePr... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62760
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62759
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Series allows Stored XSS.This issue affects Series: from n/a through 2.0.1.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62758
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Funnelforms Funnelforms Free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through 3.8.... Read more
Affected Products : funnelforms_free- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62757
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebMan Design | Oliver Juhas WebMan Amplifier allows DOM-Based XSS.This issue affects WebMan Amplifier: from n/a through 1.5.12.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62756
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lvaudore The Moneytizer allows DOM-Based XSS.This issue affects The Moneytizer: from n/a through 10.0.6.... Read more
Affected Products : the_moneytizer- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-62755
Unauthenticated Broken Access Control in GS Portfolio for Envato <= 1.4.2 versions.... Read more
Affected Products : gs_portfolio_for_envato- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-62753
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MadrasThemes MAS Videos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through 1.3.2.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-62752
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kalender.Digital Calendar.Online / Kalender.Digital allows DOM-Based XSS.This issue affects Calendar.Online / Kalender.Digital: from n/a through 1.0.11.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-62751
Missing Authorization vulnerability in Extend Themes Vireo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vireo: from n/a through 1.0.24.... Read more
Affected Products : vireo- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-62750
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filipe Seabra WooCommerce Parcelas allows DOM-Based XSS.This issue affects WooCommerce Parcelas: from n/a through 1.3.5.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62749
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bainternet User Specific Content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through 1.0.6.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62748
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Genetech Products Web and WooCommerce Addons for WPBakery Builder allows DOM-Based XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder... Read more
Affected Products : web_and_woocommerce_addons_for_wpbakery_builder- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-62747
Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through 1.3.3.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-62746
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeFlavors Featured Video for WordPress & VideographyWP allows Stored XSS.This issue affects Featured Video for WordPress & VideographyWP: from n/a thro... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62744
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Steman Page Title Splitter allows Stored XSS.This issue affects Page Title Splitter: from n/a through 2.5.9.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62743
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore allows Stored XSS.This issue affects MyBookTable Bookstore: from n/a through 3.5.5.... Read more
Affected Products : mybook_table_bookstore- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62742
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Curator.Io allows Stored XSS.This issue affects Curator.Io: from n/a through 1.9.5.... Read more
Affected Products : curator.io- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-62154
Missing Authorization vulnerability in Recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Content Writing Assistant (Conte... Read more
Affected Products : ai_content_writing_assistant- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-62150
Missing Authorization vulnerability in Themesawesome History Timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects History Timeline: from n/a through 1.0.6.... Read more
Affected Products : timeline_awesome- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Authorization