Total
6246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5888 | 1 Jsnjfz | 1 Webstack-guns | 2025-12-03 | 4.3 Medium |
| A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-13381 | 2 Ays-pro, Wordpress | 2 Ai Chatbot With Chatgpt, Wordpress | 2025-12-03 | 5.3 Medium |
| The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays_chatgpt_save_wp_media' function in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to upload media files. | ||||
| CVE-2025-65669 | 1 Classroomio | 1 Classroomio | 2025-12-03 | 9.1 Critical |
| An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction. | ||||
| CVE-2025-9954 | 2 Acquia, Drupal | 3 Dam, Acquia Dam, Drupal | 2025-12-03 | 7.5 High |
| Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5. | ||||
| CVE-2025-41012 | 1 Tcman | 1 Gim | 2025-12-03 | 5.3 Medium |
| Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'. | ||||
| CVE-2025-12169 | 3 Elextensions, Elula, Wordpress | 3 Elex Wordpress Plugin, Wsdesk, Wordpress | 2025-12-03 | 4.3 Medium |
| The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_eh_crm_settings_empty_scheduled_actions' AJAX Action in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the scheduled triggers option. | ||||
| CVE-2025-12085 | 3 Elextensions, Elula, Wordpress | 3 Elex Wordpress Plugin, Wsdesk, Wordpress | 2025-12-03 | 4.3 Medium |
| The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_empty_trash' function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to empty the ticket trash. | ||||
| CVE-2025-12023 | 3 Elextensions, Elula, Wordpress | 3 Elex Wordpress Plugin, Wsdesk, Wordpress | 2025-12-03 | 4.3 Medium |
| The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_crm_restore_data() function in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to restore tickets. | ||||
| CVE-2025-12022 | 3 Elextensions, Elula, Wordpress | 3 Elex Wordpress Plugin, Wsdesk, Wordpress | 2025-12-03 | 4.3 Medium |
| The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eh_crm_settings_restore_trash' AJAX endpoint in all versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to restore all deleted tickets. | ||||
| CVE-2025-53421 | 2 Pickplugins, Wordpress | 2 Accordion, Wordpress | 2025-12-03 | 6.3 Medium |
| Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.14. | ||||
| CVE-2025-13828 | 1 Mautic | 1 Mautic | 2025-12-03 | N/A |
| SummaryA non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. ImpactA low-privileged user of the platform can install malicious code to obtain higher privileges. | ||||
| CVE-2023-52177 | 1 Softlabbd | 1 Integrate Google Drive | 2025-12-02 | 5.4 Medium |
| Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3. | ||||
| CVE-2025-9825 | 1 Gitlab | 1 Gitlab | 2025-12-02 | 5 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API. | ||||
| CVE-2025-52670 | 2 Revive, Revive-adserver | 2 Adserver, Revive Adserver | 2025-12-02 | 6.5 Medium |
| Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts | ||||
| CVE-2025-66109 | 3 Octolize, Woocommerce, Wordpress | 3 Cart Weight For Woocommerce, Woocommerce, Wordpress | 2025-12-02 | 5.3 Medium |
| Missing Authorization vulnerability in octolize Cart Weight for WooCommerce woo-cart-weight allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cart Weight for WooCommerce: from n/a through <= 1.9.11. | ||||
| CVE-2025-53424 | 3 Vanquish, Woocommerce, Wordpress | 3 Woocommerce Orders Customers Exporter, Woocommerce, Wordpress | 2025-12-02 | 6.5 Medium |
| Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4. | ||||
| CVE-2025-64349 | 2 Elog, Elog Project | 2 Elog, Elog | 2025-12-02 | 8.8 High |
| ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration. | ||||
| CVE-2025-66114 | 3 Theme Funda, Woocommerce, Wordpress | 3 Show Variations As Single Products Woocommerce, Woocommerce, Wordpress | 2025-12-01 | 5.3 Medium |
| Missing Authorization vulnerability in theme funda Show Variations as Single Products Woocommerce woo-show-single-variations-shop-category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Show Variations as Single Products Woocommerce: from n/a through <= 2.0. | ||||
| CVE-2025-66108 | 1 Wordpress | 1 Wordpress | 2025-12-01 | 4.3 Medium |
| Missing Authorization vulnerability in Merlot Digital (by TNC) TNC Toolbox: Web Performance tnc-toolbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TNC Toolbox: Web Performance: from n/a through <= 2.0.4. | ||||
| CVE-2025-66107 | 2 Scott Paterson, Wordpress | 2 Subscriptions & Memberships For Paypal, Wordpress | 2025-12-01 | 5.3 Medium |
| Missing Authorization vulnerability in Scott Paterson Subscriptions & Memberships for PayPal subscriptions-memberships-for-paypal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscriptions & Memberships for PayPal: from n/a through <= 1.1.7. | ||||