radar

ONE Sentinel

shield

CVE Tracker

11,012 total CVEs

Live vulnerability feed from the National Vulnerability Database

5.4
CVE-2025-62917open_in_newMED2025-10-27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jamel.Z Tooltipy bluet-keywords-tooltip-generator allows Stored XSS.This issue affects Tooltipy: from n/a through <= 5.5.9.

8.8
CVE-2025-62916open_in_newHIGH2025-10-27

Missing Authorization vulnerability in adivaha® Flights &amp; Hotels Booking WP Plugin adiaha-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flights &amp; Hotels Booking WP Plugin: from n/a through <= 3.1.

8.1
CVE-2025-62915open_in_newHIGH2025-10-27

Missing Authorization vulnerability in clicksend SMS Contact Form 7 Notifications by ClickSend clicksend-contactform7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Contact Form 7 Notifications by ClickSend: from n/a through <= 1.4.0.

5.4
CVE-2025-62913open_in_newMED2025-10-27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpopal Opal Service opal-service allows Stored XSS.This issue affects Opal Service: from n/a through <= 1.9.1.

5.4
CVE-2025-62912open_in_newMED2025-10-27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SiteGround SiteGround Email Marketing siteground-email-marketing allows Stored XSS.This issue affects SiteGround Email Marketing: from n/a through <= 1.7.1.

5.4
CVE-2025-62911open_in_newMED2025-10-27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Content Rock Convert rock-convert allows Stored XSS.This issue affects Rock Convert: from n/a through <= 3.0.1.

5.4
CVE-2025-62910open_in_newMED2025-10-27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in deshine Video Gallery by Huzzaz huzzaz-video-gallery allows Stored XSS.This issue affects Video Gallery by Huzzaz: from n/a through <= 10.5.

8.1
CVE-2025-62909open_in_newHIGH2025-10-27

Missing Authorization vulnerability in mrityunjay Smart WeTransfer smart-wetransfer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WeTransfer: from n/a through <= 1.3.

5.4
CVE-2025-62907open_in_newMED2025-10-27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Custom Post Type Attachment custom-post-type-pdf-attachment allows Stored XSS.This issue affects Custom Post Type Attachment: from n/a through <= 3.4.6.

9.8
CVE-2025-62906open_in_newCRIT2025-10-27

Missing Authorization vulnerability in epiphanyit321 Referral Link Tracker referral-link-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Referral Link Tracker: from n/a through <= 1.1.4.

5.4
CVE-2025-62905open_in_newMED2025-10-27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Query Posts query-posts allows Stored XSS.This issue affects Query Posts: from n/a through <= 0.3.2.

5.4
CVE-2025-62904open_in_newMED2025-10-27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Huson WP Geo wp-geo allows Stored XSS.This issue affects WP Geo: from n/a through <= 3.5.1.

5.4
CVE-2025-62903open_in_newMED2025-10-27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPClever WPC Smart Messages for WooCommerce wpc-smart-messages allows Stored XSS.This issue affects WPC Smart Messages for WooCommerce: from n/a through <= 4.2.4.

7.5
CVE-2025-62902open_in_newHIGH2025-10-27

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.6.

5.4
CVE-2025-62900open_in_newMED2025-10-27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WeblineIndia Popular Posts by Webline popular-posts-by-webline allows Stored XSS.This issue affects Popular Posts by Webline: from n/a through <= 1.1.1.

5.4
CVE-2025-62899open_in_newMED2025-10-27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in THRIVE - Web Design Gold Coast Photospace Responsive photospace-responsive allows Stored XSS.This issue affects Photospace Responsive: from n/a through <= 2.2.0.

5.4
CVE-2025-62898open_in_newMED2025-10-27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maarten Links shortcode links-shortcode allows Stored XSS.This issue affects Links shortcode: from n/a through <= 1.8.3.

4.7
CVE-2025-62897open_in_newMED2025-10-27

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Code Injection.This issue affects WP Recipe Maker: from n/a through <= 10.1.1.

8.8
CVE-2025-62896open_in_newHIGH2025-10-27

Cross-Site Request Forgery (CSRF) vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Stored XSS.This issue affects Multilang Contact Form: from n/a through <= 1.5.

7.5
CVE-2025-62895open_in_newHIGH2025-10-27

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.

5.4
CVE-2025-62894open_in_newMED2025-10-27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magicoders ACF Recent Posts Widget acf-recent-posts-widget allows Stored XSS.This issue affects ACF Recent Posts Widget: from n/a through <= 5.9.3.

9.1
CVE-2025-62892open_in_newCRIT2025-10-27

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.3.

8.8
CVE-2025-62891open_in_newHIGH2025-10-27

Cross-Site Request Forgery (CSRF) vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows Cross Site Request Forgery.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through <= 0.5.8.5.

8.8
CVE-2025-62890open_in_newHIGH2025-10-27

Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Brands for WooCommerce premmerce-woocommerce-brands allows Cross Site Request Forgery.This issue affects Premmerce Brands for WooCommerce: from n/a through <= 1.2.13.

8.8
CVE-2025-62889open_in_newHIGH2025-10-27

Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects King Addons for Elementor: from n/a through <= 51.1.37.

Showing 8226-8250 of 11,012 CVEs

chevron_left1...329330331...441chevron_right