Total
5666 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62929 | 2 Pluginops, Wordpress | 2 Testimonial Slider, Wordpress | 2025-10-28 | 8.8 High |
| Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15. | ||||
| CVE-2025-62928 | 1 Wordpress | 1 Wordpress | 2025-10-28 | 8.1 High |
| Missing Authorization vulnerability in Joby Joseph SEO Meta Description Updater seo-meta-description-updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Meta Description Updater: from n/a through <= 1.2.0. | ||||
| CVE-2025-62927 | 1 Wordpress | 1 Wordpress | 2025-10-28 | 8.1 High |
| Missing Authorization vulnerability in Nelio Software Nelio Content nelio-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio Content: from n/a through <= 4.0.5. | ||||
| CVE-2025-62925 | 2 Conversios, Wordpress | 2 Conversios.io, Wordpress | 2025-10-28 | 8.1 High |
| Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through <= 7.2.10. | ||||
| CVE-2025-62924 | 2 Pickplugins, Wordpress | 2 Post Grid, Wordpress | 2025-10-28 | 8.8 High |
| Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.17. | ||||
| CVE-2025-62922 | 1 Wordpress | 1 Wordpress | 2025-10-28 | 8.1 High |
| Missing Authorization vulnerability in Shambhu Patnaik Export Categories export-categories allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export Categories: from n/a through <= 1.0. | ||||
| CVE-2025-62919 | 1 Wordpress | 1 Wordpress | 2025-10-28 | 9.1 Critical |
| Missing Authorization vulnerability in themeshopy TS Demo Importer ts-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Demo Importer: from n/a through <= 0.1.2. | ||||
| CVE-2025-62918 | 1 Wordpress | 1 Wordpress | 2025-10-28 | 8.8 High |
| Missing Authorization vulnerability in ignitionwp IgnitionDeck ignitiondeck allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IgnitionDeck: from n/a through <= 2.0.10. | ||||
| CVE-2025-62916 | 1 Wordpress | 1 Wordpress | 2025-10-28 | 8.8 High |
| Missing Authorization vulnerability in adivaha® Flights & Hotels Booking WP Plugin adiaha-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flights & Hotels Booking WP Plugin: from n/a through <= 3.1. | ||||
| CVE-2025-62915 | 2 Clicksend, Wordpress | 2 Sms Contact Form 7 Notifications By Clicksend, Wordpress | 2025-10-28 | 8.1 High |
| Missing Authorization vulnerability in clicksend SMS Contact Form 7 Notifications by ClickSend clicksend-contactform7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Contact Form 7 Notifications by ClickSend: from n/a through <= 1.4.0. | ||||
| CVE-2025-62909 | 1 Wordpress | 1 Wordpress | 2025-10-28 | 8.1 High |
| Missing Authorization vulnerability in mrityunjay Smart WeTransfer smart-wetransfer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WeTransfer: from n/a through <= 1.3. | ||||
| CVE-2025-62908 | 1 Wordpress | 1 Wordpress | 2025-10-28 | 9.8 Critical |
| Missing Authorization vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Podlove Web Player: from n/a through <= 5.9.1. | ||||
| CVE-2025-62906 | 1 Wordpress | 1 Wordpress | 2025-10-28 | 9.8 Critical |
| Missing Authorization vulnerability in epiphanyit321 Referral Link Tracker referral-link-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Referral Link Tracker: from n/a through <= 1.1.4. | ||||
| CVE-2025-62892 | 2 Sunshinephotocart, Wordpress | 2 Sunshine Photo Cart, Wordpress | 2025-10-28 | 9.1 Critical |
| Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.3. | ||||
| CVE-2025-62889 | 3 Elementor, Kingaddons, Wordpress | 3 Elementor, King Addons For Elementor, Wordpress | 2025-10-28 | 8.8 High |
| Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects King Addons for Elementor: from n/a through <= 51.1.37. | ||||
| CVE-2025-20362 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense, Firepower Threat Defense Software | 2025-10-28 | 6.5 Medium |
| A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication. | ||||
| CVE-2025-12134 | 2 Bdthemes, Wordpress | 2 Zoloblocks, Wordpress | 2025-10-27 | 5.3 Medium |
| The ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_popup_status() function in all versions up to, and including, 2.3.11. This makes it possible for unauthenticated attackers to enable/disable popups. | ||||
| CVE-2025-11257 | 2 Limelightmarketing, Wordpress | 2 Llm Hubspot Blog Import, Wordpress | 2025-10-27 | 4.3 Medium |
| The LLM Hubspot Blog Import plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_save_blogs' AJAX endpoint in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger an import of all Hubspot data. | ||||
| CVE-2025-10749 | 2 10up, Wordpress | 2 Microsoft Azure Storage For Wordpress, Wordpress | 2025-10-27 | 5.4 Medium |
| The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated attackers with subscriber-level access and above to delete arbitrary media files from the WordPress Media Library via the replace_attachment parameter granted they can access the nonce which is exposed to all authenticated users. | ||||
| CVE-2025-11172 | 2 Plagiarismcheckerx, Wordpress | 2 Plagiarism Checker X, Wordpress | 2025-10-27 | 4.3 Medium |
| The Check Plagiarism plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the chk_plag_mine_plugin_wpse10500_admin_action() function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the API key. | ||||