Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8574 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-64209 2 Stylemixthemes, Wordpress 2 Masterstudy Lms, Wordpress 2025-12-19 7.5 High
Missing Authorization vulnerability in StylemixThemes Masterstudy masterstudy allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Masterstudy: from n/a through < 4.8.122.
CVE-2025-60079 1 Wordpress 1 Wordpress 2025-12-19 7.1 High
Missing Authorization vulnerability in bPlugins Parallax Section block parallax-section allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Parallax Section block: from n/a through <= 1.0.9.
CVE-2025-60088 2 Saleswonder, Wordpress 2 Webinarignition, Wordpress 2025-12-19 6.5 Medium
Missing Authorization vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarIgnition: from n/a through <= 4.06.04.
CVE-2025-66068 2 Instawp, Wordpress 2 Instawp Connect, Wordpress 2025-12-19 6.5 Medium
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9.
CVE-2025-40602 1 Sonicwall 1 Sma1000 2025-12-19 6.6 Medium
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
CVE-2025-14364 2 Kraftplugins, Wordpress 2 Demo Importer Plus, Wordpress 2025-12-19 8.8 High
The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handle_request() function in all versions up to, and including, 2.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a full site reset, dropping all database tables except users/usermeta and re-running wp_install(), which also assigns the Administrator role to the attacking subscriber account.
CVE-2025-66088 2 Propertyhive, Wordpress 2 Propertyhive, Wordpress 2025-12-19 7.5 High
Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12.
CVE-2025-66117 2 Ays-pro, Wordpress 2 Easy Form, Wordpress 2025-12-19 7.5 High
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8.
CVE-2025-66054 2 Thimpress, Wordpress 2 Learnpress, Wordpress 2025-12-19 7.5 High
Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4.
CVE-2025-64378 1 Wordpress 1 Wordpress 2025-12-19 7.5 High
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through < 2.9.10.
CVE-2025-66070 1 Wordpress 1 Wordpress 2025-12-19 7.5 High
Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.10.
CVE-2025-66100 2 Magnigenie, Wordpress 2 Restropress, Wordpress 2025-12-19 6.5 Medium
Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.3.5.
CVE-2025-14318 1 M-files 2 M-files Server, Server 2025-12-19 N/A
Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled.
CVE-2025-66104 1 Wordpress 1 Wordpress 2025-12-19 6.5 Medium
Missing Authorization vulnerability in Anton Vanyukov Offload, AI &amp; Optimize with Cloudflare Images cf-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Offload, AI &amp; Optimize with Cloudflare Images: from n/a through <= 1.9.5.
CVE-2025-62960 2 Sparkle Wp, Wordpress 2 Construction Light, Wordpress 2025-12-19 5.4 Medium
Missing Authorization vulnerability in Sparkle WP Construction Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through 1.6.7.
CVE-2025-14618 1 Wordpress 1 Wordpress 2025-12-19 4.3 Medium
The Sweet Energy Efficiency plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on the 'sweet_energy_efficiency_action' AJAX handler in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with subscriber level access and above, to read, modify, and delete arbitrary graphs.
CVE-2025-62961 1 Wordpress 1 Wordpress 2025-12-19 5.4 Medium
Missing Authorization vulnerability in Sparkle WP Sparkle FSE allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sparkle FSE: from n/a through 1.0.9.
CVE-2025-7047 1 Utarit 1 Soliclub 2025-12-19 4.3 Medium
Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse.This issue affects SoliClub: before 5.3.7.
CVE-2025-63002 1 Wordpress 1 Wordpress 2025-12-19 5.3 Medium
Missing Authorization vulnerability in wpforchurch Sermon Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sermon Manager: from n/a through 2.30.0.
CVE-2025-66058 2 Pickplugins, Wordpress 2 Post Grid, Wordpress 2025-12-19 6.5 Medium
Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.17.