A vulnerability, which was classified as problematic, has been found in Cookie Notice & Compliance for GDPR CCPA Plugin up
Vulnerabilities
CVE-2025-66089 | WebToffee Product Feed for WooCommerce Plugin up to 2.3.1 on WordPress authorization
A vulnerability was found in WebToffee Product Feed for WooCommerce Plugin up to 2.3.1 on WordPress and classified as critical.
CVE-2025-66115 | MatrixAddons Easy Invoice Plugin up to 2.1.4 on WordPress filename control
A vulnerability was found in MatrixAddons Easy Invoice Plugin up to 2.1.4 on WordPress. It has been classified as critical.
CVE-2025-66084 | Shahjahan Jewel FluentCommunity Plugin up to 2.0.0 on WordPress authorization
A vulnerability was found in Shahjahan Jewel FluentCommunity Plugin up to 2.0.0 on WordPress. It has been declared as critical.
CVE-2025-66099 | ThemeAtelier Chat Help Plugin up to 3.1.3 on WordPress authorization
A vulnerability was found in ThemeAtelier Chat Help Plugin up to 3.1.3 on WordPress. It has been rated as critical.
CVE-2025-66109 | octolize Cart Weight for WooCommerce Plugin up to 1.9.11 on WordPress authorization
A vulnerability categorized as critical has been discovered in octolize Cart Weight for WooCommerce Plugin up to 1.9.11 on WordPress.
CVE-2025-66095 | Iqonic Design KiviCare Plugin up to 3.6.13 on WordPress sql injection
A vulnerability identified as critical has been detected in Iqonic Design KiviCare Plugin up to 3.6.13 on WordPress. Affected by
CVE-2025-66086 | Cozy Vision SMS Alert Order Notifications Plugin up to 3.8.8 on WordPress authorization
A vulnerability labeled as critical has been found in Cozy Vision SMS Alert Order Notifications Plugin up to 3.8.8 on
CVE-2025-66096 | Imtiaz Rayhan Table Block by Tableberg Plugin up to 0.6.9 on WordPress authorization
A vulnerability marked as critical has been reported in Imtiaz Rayhan Table Block by Tableberg Plugin up to 0.6.9 on
CVE-2025-66087 | Property Hive PropertyHive Plugin up to 2.1.12 on WordPress authorization
A vulnerability classified as critical has been found in Property Hive PropertyHive Plugin up to 2.1.12 on WordPress. This issue
CVE-2025-66107 | Scott Paterson Subscriptions & Memberships for PayPal Plugin up to 1.1.7 on WordPress authorization
A vulnerability described as critical has been identified in Scott Paterson Subscriptions & Memberships for PayPal Plugin up to 1.1.7
CVE-2025-66085 | tychesoftwares Arconix Shortcodes Plugin up to 2.1.18 on WordPress authorization
A vulnerability classified as critical was found in tychesoftwares Arconix Shortcodes Plugin up to 2.1.18 on WordPress. Impacted is an
CVE-2025-66114 | Theme Funda Show Variations as Single Products Woocommerce Plugin authorization
A vulnerability, which was classified as critical, has been found in Theme Funda Show Variations as Single Products Woocommerce Plugin
CVE-2025-66108 | Merlot Digital TNC Toolbox: Web Performance Plugin up to 2.0.4 on WordPress authorization
A vulnerability, which was classified as critical, was found in Merlot Digital TNC Toolbox: Web Performance Plugin up to 2.0.4
CVE-2025-66110 | bPlugins Tiktok Feed Plugin up to 1.0.22 on WordPress authorization
A vulnerability has been found in bPlugins Tiktok Feed Plugin up to 1.0.22 on WordPress and classified as critical. This
CVE-2025-66101 | Sabuj Kundu CBX Bookmark & Favorite Plugin up to 2.0.1 on WordPress authorization
A vulnerability was found in Sabuj Kundu CBX Bookmark & Favorite Plugin up to 2.0.1 on WordPress and classified as
CVE-2025-66112 | WebToffee Accessibility Toolkit by WebYes Plugin up to 2.0.4 on WordPress authorization
A vulnerability was found in WebToffee Accessibility Toolkit by WebYes Plugin up to 2.0.4 on WordPress. It has been classified
CVE-2025-66113 | ThemeAtelier Better Chat Support for Messenger Plugin up to 1.2.18 on WordPress authorization
A vulnerability was found in ThemeAtelier Better Chat Support for Messenger Plugin up to 1.2.18 on WordPress. It has been
CVE-2025-11127 | Mstoreapp Mobile App Plugin/Mobile Multivendor Plugin on WordPress Email Address authorization
A vulnerability was found in Mstoreapp Mobile App Plugin and Mobile Multivendor Plugin on WordPress. It has been rated as
CVE-2025-66066 | EnvoThemes Envo Extra Plugin up to 1.9.11 on WordPress cross site scripting
A vulnerability categorized as problematic has been discovered in EnvoThemes Envo Extra Plugin up to 1.9.11 on WordPress. This affects
CVE-2025-66053 | Kriesi Enfold Plugin up to 7.1.2 on WordPress cross site scripting
A vulnerability identified as problematic has been detected in Kriesi Enfold Plugin up to 7.1.2 on WordPress. This vulnerability affects
CVE-2025-66064 | Syed Balkhi Giveaways and Contests by RafflePress Plugin up to 1.12.20 on WordPress cross-site request forgery
A vulnerability labeled as problematic has been found in Syed Balkhi Giveaways and Contests by RafflePress Plugin up to 1.12.20
CVE-2025-66057 | boldthemes Bold Page Builder Plugin up to 5.5.2 on WordPress cross site scripting
A vulnerability marked as problematic has been reported in boldthemes Bold Page Builder Plugin up to 5.5.2 on WordPress. Impacted
CVE-2025-66067 | FunnelKit Funnel Builder Plugin up to 3.13.1.2 on WordPress cross site scripting
A vulnerability described as problematic has been identified in FunnelKit Funnel Builder Plugin up to 3.13.1.2 on WordPress. The affected
CVE-2025-66081 | Jeff Starr Head Meta Data Plugin up to 20250327 on WordPress cross site scripting
A vulnerability classified as problematic has been found in Jeff Starr Head Meta Data Plugin up to 20250327 on WordPress.
CVE-2025-66106 | Essential Plugin Featured Post Creative Plugin up to 1.5.5 on WordPress authorization
A vulnerability classified as critical was found in Essential Plugin Featured Post Creative Plugin up to 1.5.5 on WordPress. This
CVE-2025-66061 | Craig Hewitt Seriously Simple Podcasting Plugin up to 3.13.0 on WordPress cross-site request forgery
A vulnerability, which was classified as problematic, has been found in Craig Hewitt Seriously Simple Podcasting Plugin up to 3.13.0
CVE-2025-66090 | sonalsinha21 SKT Skill Bar Plugin up to 2.5 on WordPress cross site scripting
A vulnerability, which was classified as problematic, was found in sonalsinha21 SKT Skill Bar Plugin up to 2.5 on WordPress.
CVE-2025-66073 | Cozmoslabs WP Webhooks Plugin up to 3.3.8 on WordPress deserialization
A vulnerability has been found in Cozmoslabs WP Webhooks Plugin up to 3.3.8 on WordPress and classified as critical. Affected
CVE-2025-66093 | hupe13 Extensions for Leaflet Map Plugin up to 4.8 on WordPress cross site scripting
A vulnerability was found in hupe13 Extensions for Leaflet Map Plugin up to 4.8 on WordPress and classified as problematic.
CVE-2025-40210 | Linux Kernel up to 6.17.7/6.18-rc3 NFSD allocation of resources
A vulnerability classified as critical was found in Linux Kernel up to 6.17.7/6.18-rc3. Affected is an unknown function of the
CVE-2025-40211 | Linux Kernel up to 6.12.57/6.17.7/6.18-rc3 ACPI acpi_video_switch_brightness use after free
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.57/6.17.7/6.18-rc3. Affected by this vulnerability
CVE-2025-40209 | Linux Kernel up to 6.12.57/6.17.7/6.18-rc4 btrfs_add_qgroup_relation return value
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.57/6.17.7/6.18-rc4. Affected by this issue is
CVE-2025-64310 | Seiko Epson WebConfig for Projector Products excessive authentication
A vulnerability has been found in Seiko Epson WebConfig for Projector Products and Web Control for Projector Products and classified
CVE-2025-62189 | LogStare Collector HTTP Request authorization
A vulnerability was found in LogStare Collector and classified as problematic. Affected by this vulnerability is an unknown functionality of
CVE-2025-64695 | LogStare Collector on Windows Installer uncontrolled search path
A vulnerability was found in LogStare Collector on Windows. It has been classified as problematic. Affected by this issue is
CVE-2025-9825 | GitLab Community Edition/Enterprise Edition up to 18.2.7/18.3.3/18.4.1 GraphQL API authorization (Patch 567301)
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.2.7/18.3.3/18.4.1. It has been declared as problematic.
CVE-2025-13499 | Wireshark up to 4.4.10/4.6.0 Kafka Dissector uninitialized pointer
A vulnerability was found in Wireshark up to 4.4.10/4.6.0. It has been rated as problematic. This vulnerability affects unknown code
CVE-2025-58097 | LogStare Collector Installation Directory default permission
A vulnerability categorized as critical has been discovered in LogStare Collector. This issue affects some unknown processing of the component
CVE-2025-61949 | LogStare Collector Management Page cross site scripting
A vulnerability identified as problematic has been detected in LogStare Collector. Impacted is an unknown function of the component Management
CVE-2025-64299 | LogStare Collector Password Hash Handler insertion of sensitive information into sent data
A vulnerability labeled as problematic has been found in LogStare Collector. The affected element is an unknown function of the
CVE-2025-62687 | LogStare Collector cross-site request forgery
A vulnerability marked as problematic has been reported in LogStare Collector. The impacted element is an unknown function. The manipulation
CVE-2025-13207 | Tenda 4G03 Pro up to 04.03.01.44 /usr/sbin/httpd command injection
A vulnerability described as critical has been identified in Tenda 4G03 Pro up to 04.03.01.44. This affects an unknown function
CVE-2024-24481 | Tenda 4G03 Pro up to 04.03.01.14 Service Port 7329 command injection
A vulnerability classified as critical has been found in Tenda 4G03 Pro up to 04.03.01.14. This impacts an unknown function
CVE-2025-13149 | PublishPress Schedule Post Changes with PublishPress Future Plugin REST API Endpoint saveFutureActionData authorization
A vulnerability identified as problematic has been detected in PublishPress Schedule Post Changes with PublishPress Future Plugin up to 4.9.1
CVE-2025-12086 | WPSwings Return Refund and Exchange for WooCommerce Plugin up to 4.5.5 on WordPress AJAX Endpoint wps_rma_cancel_return_request resource injection
A vulnerability labeled as problematic has been found in WPSwings Return Refund and Exchange for WooCommerce Plugin up to 4.5.5
CVE-2025-12881 | WPSwings Return Refund and Exchange for WooCommerce Plugin up to 4.5.5 on WordPress Order Message wps_rma_fetch_order_msgs resource injection
A vulnerability marked as problematic has been reported in WPSwings Return Refund and Exchange for WooCommerce Plugin up to 4.5.5
CVE-2025-12023 | ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin eh_crm_restore_data authorization
A vulnerability described as problematic has been identified in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin up to
CVE-2025-12085 | ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin Setting eh_crm_settings_empty_trash authorization
A vulnerability classified as problematic has been found in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin up to
CVE-2025-12169 | ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin Setting wp_ajax_eh_crm_settings_empty_scheduled_actions authorization
A vulnerability classified as problematic was found in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin up to 3.3.0
CVE-2025-12170 | Checkbox Plugin up to 2.8.10 on WordPress AJAX Endpoint wp_ajax_nopriv_checkbox_clean_log authorization
A vulnerability, which was classified as critical, has been found in Checkbox Plugin up to 2.8.10 on WordPress. Affected is
CVE-2025-12894 | Import WP Plugin up to 2.14.17 on WordPress information disclosure
A vulnerability, which was classified as problematic, was found in Import WP Plugin up to 2.14.17 on WordPress. Affected by
CVE-2025-12894 | Import WP Plugin up to 2.14.17 on WordPress information disclosure
A vulnerability has been found in Import WP Plugin up to 2.14.17 on WordPress and classified as problematic. Affected by
CVE-2025-11985 | Realty Portal Plugin up to 0.1/0.4.1 on WordPress Setting rp_save_property_settings authorization
A vulnerability was found in Realty Portal Plugin up to 0.1/0.4.1 on WordPress and classified as problematic. This affects the
CVE-2025-12747 | Tainacan Plugin up to 1.0.0 on WordPress information disclosure
A vulnerability was found in Tainacan Plugin up to 1.0.0 on WordPress. It has been classified as problematic. This vulnerability
CVE-2025-13138 | WP Directory Kit Plugin up to 1.4.3 on WordPress select_2_ajax columns_search sql injection
A vulnerability was found in WP Directory Kit Plugin up to 1.4.3 on WordPress. It has been rated as critical.
CVE-2025-12022 | ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin AJAX Endpoint eh_crm_settings_restore_trash authorization
A vulnerability was found in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin up to 3.3.1 on WordPress. It
CVE-2025-12750 | Groundhogg Plugin up to 4.2.6.1 on WordPress term sql injection
A vulnerability categorized as critical has been discovered in Groundhogg Plugin up to 4.2.6.1 on WordPress. The affected element is
CVE-2025-12170 | Checkbox Plugin up to 2.8.10 on WordPress AJAX Endpoint wp_ajax_nopriv_checkbox_clean_log authorization
A vulnerability identified as critical has been detected in Checkbox Plugin up to 2.8.10 on WordPress. The impacted element is
CVE-2025-10938 | UiPress lite Plugin up to 3.5.08 on WordPress User Information uip_process_block_query authorization
A vulnerability labeled as problematic has been found in UiPress lite Plugin up to 3.5.08 on WordPress. This affects the
CVE-2025-64657 | Microsoft Azure App Gateway stack-based overflow
A vulnerability marked as critical has been reported in Microsoft Azure App Gateway. This impacts an unknown function. The manipulation
CVE-2025-64656 | Microsoft Azure App Gateway out-of-bounds
A vulnerability described as critical has been identified in Microsoft Azure App Gateway. Affected is an unknown function. The manipulation
CVE-2025-11973 | 简数采集器 Plugin up to 2.6.3 on WordPress __kds_flag path traversal
A vulnerability classified as critical has been found in 简数采集器 Plugin up to 2.6.3 on WordPress. Affected by this vulnerability
CVE-2025-11815 | UiPress Lite Plugin up to 3.5.08 on WordPress Setting uip_save_site_option authorization
A vulnerability classified as problematic was found in UiPress Lite Plugin up to 3.5.08 on WordPress. Affected by this issue
CVE-2025-10054 | ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin Role eh_crm_remove_agent authorization
A vulnerability, which was classified as problematic, has been found in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin
CVE-2025-11799 | Affiliate AI Lite Plugin up to 1.0.1 on WordPress Shortcode asin cross site scripting
A vulnerability, which was classified as problematic, was found in Affiliate AI Lite Plugin up to 1.0.1 on WordPress. This
CVE-2025-12660 | Padlet Shortcode Plugin up to 1.3 on WordPress wallwisher key cross site scripting
A vulnerability has been found in Padlet Shortcode Plugin up to 1.3 on WordPress and classified as problematic. This issue
CVE-2025-10039 | ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin eh_crm_ticket_single_view_client resource injection
A vulnerability was found in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin up to 3.2.9 on WordPress and
CVE-2025-12746 | Tainacan Plugin up to 1.0.0 on WordPress Search cross site scripting
A vulnerability was found in Tainacan Plugin up to 1.0.0 on WordPress. It has been classified as problematic. The affected
CVE-2025-12135 | WPBookit Plugin up to 1.0.6 on WordPress save_custome_code css_code cross site scripting
A vulnerability was found in WPBookit Plugin up to 1.0.6 on WordPress. It has been declared as problematic. The impacted
CVE-2025-11808 | Shortcode for Google Street View Plugin up to 0.5.7 on WordPress cross site scripting
A vulnerability was found in Shortcode for Google Street View Plugin up to 0.5.7 on WordPress. It has been rated
CVE-2025-11767 | Tips Shortcode Plugin up to 0.2.1 on WordPress tip cross site scripting
A vulnerability categorized as problematic has been discovered in Tips Shortcode Plugin up to 0.2.1 on WordPress. This impacts the
CVE-2025-11765 | Stock Tools Plugin up to 1.1 on WordPress Shortcode image_height/image_width cross site scripting
A vulnerability identified as problematic has been detected in Stock Tools Plugin up to 1.1 on WordPress. Affected is an
CVE-2025-12661 | Pollcaster Shortcode Plugin up to 1.0 on WordPress pollcaster height cross site scripting
A vulnerability labeled as problematic has been found in Pollcaster Shortcode Plugin up to 1.0 on WordPress. Affected by this
CVE-2025-11801 | AudioTube Plugin up to 0.0.3 on WordPress Shortcode caption cross site scripting
A vulnerability marked as problematic has been reported in AudioTube Plugin up to 0.0.3 on WordPress. Affected by this issue
CVE-2025-13159 | Flo Forms Plugin up to 1.0.43 on WordPress AJAX Endpoint flo_form_submit cross site scripting
A vulnerability described as problematic has been identified in Flo Forms Plugin up to 1.0.43 on WordPress. This affects the
CVE-2025-11803 | WPSite Shortcode Plugin up to 1.2 on WordPress cross site scripting
A vulnerability classified as problematic has been found in WPSite Shortcode Plugin up to 1.2 on WordPress. This vulnerability affects
CVE-2025-11770 | BrightTALK Shortcode Plugin up to 2.4.0 on WordPress format cross site scripting
A vulnerability classified as problematic was found in BrightTALK Shortcode Plugin up to 2.4.0 on WordPress. This issue affects the
CVE-2025-13142 | Custom Post Type Plugin up to 1.0 on WordPress cross-site request forgery
A vulnerability, which was classified as problematic, has been found in Custom Post Type Plugin up to 1.0 on WordPress.
CVE-2025-11763 | Display Pages Shortcode Plugin up to 1.1 on WordPress column_count cross site scripting
A vulnerability, which was classified as problematic, was found in Display Pages Shortcode Plugin up to 1.1 on WordPress. The
CVE-2025-11764 | Shortcodes Bootstrap Plugin up to 1.1 on WordPress Type cross site scripting
A vulnerability has been found in Shortcodes Bootstrap Plugin up to 1.1 on WordPress and classified as problematic. The impacted
CVE-2025-13141 | HT Mega Plugin up to 3.0.0 on WordPress tag_escape cross site scripting
A vulnerability was found in HT Mega Plugin up to 3.0.0 on WordPress and classified as problematic. This affects the
CVE-2025-11885 | EchBay Admin Security Plugin up to 1.3.0 on WordPress _ebnonce cross site scripting
A vulnerability was found in EchBay Admin Security Plugin up to 1.3.0 on WordPress. It has been classified as problematic.
CVE-2025-12160 | Simple User Registration Plugin up to 6.6 on WordPress wpr_admin_msg cross site scripting
A vulnerability was found in Simple User Registration Plugin up to 6.6 on WordPress. It has been declared as problematic.
CVE-2025-12935 | FluentCRM Plugin up to 2.9.84 on WordPress Shortcode fluentcrm_content cross site scripting
A vulnerability was found in FluentCRM Plugin up to 2.9.84 on WordPress. It has been rated as problematic. Affected by
CVE-2025-12066 | WP Delete Post Copies Plugin up to 6.0.2 on WordPress Setting cross site scripting
A vulnerability categorized as problematic has been discovered in WP Delete Post Copies Plugin up to 6.0.2 on WordPress. Affected
CVE-2025-11826 | WP Company Info Plugin up to 1.9.0 on WordPress Shortcode cross site scripting
A vulnerability labeled as problematic has been found in WP Company Info Plugin up to 1.9.0 on WordPress. This vulnerability
CVE-2025-13135 | HotelRunner Booking Widget Plugin up to 5.2.4 on WordPress hotelrunner cross site scripting
A vulnerability identified as problematic has been detected in HotelRunner Booking Widget Plugin up to 5.2.4 on WordPress. This affects
CVE-2025-11768 | Islamic Phrases Plugin up to 2.12.2015 on WordPress Shortcode phrases cross site scripting
A vulnerability marked as problematic has been reported in Islamic Phrases Plugin up to 2.12.2015 on WordPress. This issue affects
CVE-2025-13134 | AuthorSure Plugin up to 2.3 on WordPress Setting cross-site request forgery
A vulnerability described as problematic has been identified in AuthorSure Plugin up to 2.3 on WordPress. Impacted is an unknown
CVE-2025-11802 | Bulma Shortcodes Plugin up to 1.0 on WordPress Shortcode type cross site scripting
A vulnerability classified as problematic has been found in Bulma Shortcodes Plugin up to 1.0 on WordPress. The affected element
CVE-2025-11800 | Surbma Plugin up to 2.0 on WordPress Shortcode minicrm ID cross site scripting
A vulnerability classified as problematic was found in Surbma Plugin up to 2.0 on WordPress. The impacted element is the
CVE-2025-11003 | UiPress Lite Plugin up to 3.5.08 on WordPress uip_save_ui_template cross site scripting
A vulnerability, which was classified as problematic, has been found in UiPress Lite Plugin up to 3.5.08 on WordPress. This
CVE-2025-12964 | Magical Products Display Plugin up to 1.1.29 on WordPress MDP Pricing Table Widget mpdpr_title_tag/mpdpr_subtitle_tag cross site scripting
A vulnerability, which was classified as problematic, was found in Magical Products Display Plugin up to 1.1.29 on WordPress. This
CVE-2025-63888 | ThinkPHP 5.0.24 File.php read privilege escalation
A vulnerability marked as critical has been reported in ThinkPHP 5.0.24. Impacted is the function read of the file thinkphplibrarythinktemplatedriverFile.php.
CVE-2025-36153 | IBM Concert up to 2.0.0 Web UI cross site scripting
A vulnerability described as problematic has been identified in IBM Concert up to 2.0.0. The affected element is an unknown
CVE-2025-64524 | OpenPrinting cups-filters up to 2.0.1 Cups Printing Service heap-based overflow (GHSA-rq44-2q5p-x3hv)
A vulnerability classified as critical has been found in OpenPrinting cups-filters up to 2.0.1. The impacted element is an unknown
CVE-2025-55128 | Revive Adserver up to 6.0.2 Admin Interface userlog-index.php resource consumption
A vulnerability classified as problematic was found in Revive Adserver up to 6.0.2. This affects an unknown function of the
CVE-2025-52671 | Revive Adserver up to 5.5.2/6.0.1 SQL information exposure
A vulnerability, which was classified as problematic, has been found in Revive Adserver up to 5.5.2/6.0.1. This impacts an unknown
CVE-2025-63807 | weijiang1994 university-bbs 9e06bab430bfc729f27b4284ba7570db3b11ce84 Verification Code weak authentication
A vulnerability, which was classified as problematic, was found in weijiang1994 university-bbs 9e06bab430bfc729f27b4284ba7570db3b11ce84. Affected is an unknown function of the
CVE-2025-13087 | Opto22 groov RIO GRV-R7-I1VAPM-3 up to 4.0.2 REST API os command injection (icsa-25-324-03)
A vulnerability has been found in Opto22 GRV-EPIC-PR1, GRV-EPIC-PR2, groov RIO GRV-R7-MM1001-10, groov RIO GRV-R7-MM2001-10 and groov RIO GRV-R7-I1VAPM-3 up