Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Total 333812 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-66120 2026-01-20 N/A 5.3 MEDIUM
Missing Authorization vulnerability in CatFolders CatFolders catfolders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CatFolders: from n/a through <= 2.5.3.
CVE-2025-66119 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.9.
CVE-2025-66118 2026-01-20 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Reflected XSS.This issue affects Sprout Clients: from n/a through <= 3.2.1.
CVE-2025-66117 2026-01-20 N/A 7.5 HIGH
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8.
CVE-2025-66116 2026-01-20 N/A 7.5 HIGH
Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through <= 2.3.
CVE-2025-66115 2026-01-20 N/A 6.6 MEDIUM
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a through <= 2.1.4.
CVE-2025-66114 2026-01-20 N/A 5.3 MEDIUM
Missing Authorization vulnerability in theme funda Show Variations as Single Products Woocommerce woo-show-single-variations-shop-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Show Variations as Single Products Woocommerce: from n/a through <= 2.0.
CVE-2025-66113 2026-01-20 N/A 5.4 MEDIUM
Missing Authorization vulnerability in ThemeAtelier Better Chat Support for Messenger better-chat-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Chat Support for Messenger: from n/a through <= 1.2.18.
CVE-2025-66112 2026-01-20 N/A 4.3 MEDIUM
Missing Authorization vulnerability in WebToffee Accessibility Toolkit by WebYes accessibility-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Toolkit by WebYes: from n/a through <= 2.0.4.
CVE-2025-66111 2026-01-20 N/A 6.1 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through <= 1.3.0.
CVE-2025-66110 2026-01-20 N/A 5.3 MEDIUM
Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tiktok Feed: from n/a through <= 1.0.22.
CVE-2025-66109 2026-01-20 N/A 5.3 MEDIUM
Missing Authorization vulnerability in octolize Cart Weight for WooCommerce woo-cart-weight allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cart Weight for WooCommerce: from n/a through <= 1.9.11.
CVE-2025-66108 2026-01-20 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Merlot Digital (by TNC) TNC Toolbox: Web Performance tnc-toolbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TNC Toolbox: Web Performance: from n/a through <= 2.0.4.
CVE-2025-66107 2026-01-20 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Scott Paterson Subscriptions & Memberships for PayPal subscriptions-memberships-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscriptions & Memberships for PayPal: from n/a through <= 1.1.7.
CVE-2025-66106 2026-01-20 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Essential Plugin Featured Post Creative featured-post-creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through <= 1.5.5.
CVE-2025-66104 2026-01-20 N/A 6.5 MEDIUM
Missing Authorization vulnerability in Anton Vanyukov Offload, AI &amp; Optimize with Cloudflare Images cf-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Offload, AI &amp; Optimize with Cloudflare Images: from n/a through <= 1.9.5.
CVE-2025-66103 2026-01-20 N/A 6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Revmakx WPCal.Io allows DOM-Based XSS.This issue affects WPCal.Io: from n/a through 0.9.5.9.
CVE-2025-66101 2026-01-20 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favorite cbxwpbookmark allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CBX Bookmark & Favorite: from n/a through <= 2.0.1.
CVE-2025-66100 2026-01-20 N/A 6.5 MEDIUM
Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.3.5.
CVE-2025-66099 2026-01-20 N/A 5.3 MEDIUM
Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through <= 3.1.3.