Total
333370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-66060 | 1 Castos | 1 Seriously Simple Podcasting | 2026-01-20 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0. | |||||
| CVE-2025-66059 | 1 Castos | 1 Seriously Simple Podcasting | 2026-01-20 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0. | |||||
| CVE-2025-66058 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.17. | |||||
| CVE-2025-66057 | 2026-01-20 | N/A | 6.3 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through <= 5.5.2. | |||||
| CVE-2025-66056 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0. | |||||
| CVE-2025-66055 | 2026-01-20 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10. | |||||
| CVE-2025-66054 | 2026-01-20 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4. | |||||
| CVE-2025-66053 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows Stored XSS.This issue affects Enfold: from n/a through <= 7.1.2. | |||||
| CVE-2025-64639 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.50.07. | |||||
| CVE-2025-64638 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through <= 1.0.47. | |||||
| CVE-2025-64635 | 2026-01-20 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0. | |||||
| CVE-2025-64634 | 1 Theme-fusion | 1 Avada | 2026-01-20 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through <= 7.13.1. | |||||
| CVE-2025-64633 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through <= 1.6.8. | |||||
| CVE-2025-64632 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.21. | |||||
| CVE-2025-64631 | 2026-01-20 | N/A | 5.0 MEDIUM | ||
| Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through <= 3.6.15. | |||||
| CVE-2025-64630 | 2026-01-20 | N/A | 4.7 MEDIUM | ||
| Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.19. | |||||
| CVE-2025-64384 | 2026-01-20 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through <= 3.5.3. | |||||
| CVE-2025-64382 | 2026-01-20 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import for WooCommerce: from n/a through <= 2.6.7. | |||||
| CVE-2025-64379 | 1 Booster | 1 Booster For Woocommerce | 2026-01-20 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through <= 7.4.0. | |||||
| CVE-2025-64378 | 2026-01-20 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through < 2.9.10. | |||||