CVE Database

111521+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-67574
5.3 MEDIUM

Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking …

Dec 9, 2025
CVE-2025-67573
5.3 MEDIUM

Missing Authorization vulnerability in ThimPress Sailing sailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sailing: from n/a through < 4.4.6.

Dec 9, 2025
CVE-2025-67572
5.3 MEDIUM

Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through < 6.7.4.

Dec 9, 2025
CVE-2025-67571
5.3 MEDIUM

Missing Authorization vulnerability in WPFunnels WPFunnels wpfunnels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPFunnels: from n/a through <= 3.6.2.

Dec 9, 2025
CVE-2025-67570
5.3 MEDIUM

Missing Authorization vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPForms Google Sheet Connector: from …

Dec 9, 2025
CVE-2025-67569
5.3 MEDIUM

Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdForest: from n/a through <= 6.0.11.

Dec 9, 2025
CVE-2025-67568
5.3 MEDIUM

Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through <= 5.9.1.

Dec 9, 2025
CVE-2025-67567
5.3 MEDIUM

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in uixthemes Sober sober allows Retrieve Embedded Sensitive Data.This issue affects Sober: from n/a …

Dec 9, 2025
CVE-2025-67566
5.3 MEDIUM

Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.

Dec 9, 2025
CVE-2025-67565
5.3 MEDIUM

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a …

Dec 9, 2025
CVE-2025-67564
5.3 MEDIUM

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects …

Dec 9, 2025
CVE-2025-67563
5.3 MEDIUM

Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through <= …

Dec 9, 2025
CVE-2025-67562
5.4 MEDIUM

Missing Authorization vulnerability in WebCodingPlace Image Caption Hover Pro image-caption-hover-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Caption Hover Pro: from …

Dec 9, 2025
CVE-2025-67561
5.4 MEDIUM

Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a …

Dec 9, 2025
CVE-2025-67560
5.4 MEDIUM

Missing Authorization vulnerability in Webilia Inc. Listdom listdom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listdom: from n/a through <= 5.0.1.

Dec 9, 2025
CVE-2025-67559
5.4 MEDIUM

Missing Authorization vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects …

Dec 9, 2025
CVE-2025-67558
5.9 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through …

Dec 9, 2025
CVE-2025-67557
5.9 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rhys Wynne WP eBay Product Feeds ebay-feeds-for-wordpress allows Stored XSS.This issue affects WP …

Dec 9, 2025
CVE-2025-67556
5.9 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHigh Advanced FAQ Manager advanced-faq-manager allows Stored XSS.This issue affects Advanced FAQ Manager: …

Dec 9, 2025
CVE-2025-67555
5.9 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in useStrict UseStrict's Calendly Embedder cal-embedder-lite allows Stored XSS.This issue affects UseStrict's Calendly Embedder: …

Dec 9, 2025
CVE-2025-67554
5.9 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Humanityco Cookie Notice & Compliance for GDPR / CCPA cookie-notice allows Stored XSS.This …

Dec 9, 2025
CVE-2025-67553
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHigh Advanced FAQ Manager advanced-faq-manager allows DOM-Based XSS.This issue affects Advanced FAQ Manager: …

Dec 9, 2025
CVE-2025-67552
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WalkerWP Walker Core walker-core allows DOM-Based XSS.This issue affects Walker Core: from n/a …

Dec 9, 2025
CVE-2025-67551
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wappointment team Wappointment wappointment allows Stored XSS.This issue affects Wappointment: from n/a through …

Dec 9, 2025
CVE-2025-67550
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rhewlif Donation Thermometer donation-thermometer allows Stored XSS.This issue affects Donation Thermometer: from n/a …

Dec 9, 2025
CVE-2025-67549
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through <= …

Dec 9, 2025
CVE-2025-67548
6.5 MEDIUM

Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= …

Dec 9, 2025
CVE-2025-67545
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FirePlugins FireBox firebox allows Stored XSS.This issue affects FireBox: from n/a through <= …

Dec 9, 2025
CVE-2025-67544
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Get Bowtied Shopkeeper Extender shopkeeper-extender allows Stored XSS.This issue affects Shopkeeper Extender: from …

Dec 9, 2025
CVE-2025-67543
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from …

Dec 9, 2025
CVE-2025-67542
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SilkyPress Multi-Step Checkout for WooCommerce wp-multi-step-checkout allows DOM-Based XSS.This issue affects Multi-Step Checkout …

Dec 9, 2025
CVE-2025-67541
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lester Chan WP-ShowHide wp-showhide allows Stored XSS.This issue affects WP-ShowHide: from n/a through …

Dec 9, 2025
CVE-2025-67540
6.5 MEDIUM

Missing Authorization vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animation Addons for Elementor: from …

Dec 9, 2025
CVE-2025-67539
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Select-Themes Select Core select-core allows DOM-Based XSS.This issue affects Select Core: from n/a …

Dec 9, 2025
CVE-2025-67538
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews Gallery jnews-gallery allows Stored XSS.This issue affects JNews Gallery: from n/a …

Dec 9, 2025
CVE-2025-67537
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows Stored XSS.This issue affects ThirstyAffiliates: from n/a through …

Dec 9, 2025
CVE-2025-67536
6.5 MEDIUM

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress learnpress allows Stored XSS.This issue affects LearnPress: from n/a through <= …

Dec 9, 2025
CVE-2025-67535
6.6 MEDIUM

Deserialization of Untrusted Data vulnerability in Flipper Code - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through …

Dec 9, 2025
CVE-2025-67534
7.1 HIGH

Cross-Site Request Forgery (CSRF) vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through <= 3.13.7.

Dec 9, 2025
CVE-2025-67533
7.1 HIGH

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Portfolio Post themify-portfolio-post allows Stored XSS.This issue affects Themify Portfolio Post: …

Dec 9, 2025
CVE-2025-67532
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue …

Dec 9, 2025
CVE-2025-67531
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Turitor turitor allows PHP Local File Inclusion.This issue …

Dec 9, 2025
CVE-2025-67530
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue …

Dec 9, 2025
CVE-2025-67529
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Opal_WP Fashion fashion2 allows PHP Local File Inclusion.This issue …

Dec 9, 2025
CVE-2025-67528
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue …

Dec 9, 2025
CVE-2025-67527
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Digiqole digiqole allows PHP Local File Inclusion.This issue …

Dec 9, 2025
CVE-2025-67526
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Sailing sailing allows PHP Local File Inclusion.This issue …

Dec 9, 2025
CVE-2025-67525
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Opal_WP ekommart ekommart allows PHP Local File Inclusion.This issue …

Dec 9, 2025
CVE-2025-67524
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NooTheme Jobmonster Elementor Addon jobmonster-addon allows PHP Local File …

Dec 9, 2025
CVE-2025-67523
7.5 HIGH

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Exhibz exhibz allows PHP Local File Inclusion.This issue …

Dec 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.