Total
6215 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10648 | 1 Robocode | 1 Robocode | 2025-12-22 | N/A |
| Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL. | ||||
| CVE-2025-11587 | 1 Wordpress | 1 Wordpress | 2025-12-22 | 4.3 Medium |
| The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to link the plugin to their nowbuttons.com account and add malicious buttons to the site. The vulnerability is only exploitable on fresh installs where the plugin has not been previously configured with an API key. | ||||
| CVE-2025-64132 | 1 Jenkins | 2 Jenkins, Mcp Server | 2025-12-22 | 5.4 Medium |
| Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access. | ||||
| CVE-2025-11996 | 2 Toastwebsites, Wordpress | 2 Find Unused Images, Wordpress | 2025-12-22 | 5.3 Medium |
| The Find Unused Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the fui_delete_image() and fui_delete_all_images() functiosn in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to delete all of a site's attachments. | ||||
| CVE-2025-64273 | 2 Getresponse, Wordpress | 2 Getresponse, Wordpress | 2025-12-21 | 7.5 High |
| Missing Authorization vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email marketing for WordPress by GetResponse Official: from n/a through <= 1.5.3. | ||||
| CVE-2025-13754 | 2 Croixhaug, Wordpress | 2 Appointment Booking Calendar, Wordpress | 2025-12-21 | 5.3 Medium |
| The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.16. This is due to the plugin exposing its admin embed endpoint at `/wp-json/ssa/v1/embed-inner-admin` without authentication, which leaks plugin settings including staff names, business names, and configuration data that are not publicly displayed on the booking form. This makes it possible for unauthenticated attackers to extract private business configuration. In premium versions with integrations configured, this might also expose other sensitive data including API keys for external services. | ||||
| CVE-2025-14455 | 2 Wordpress, Wpchill | 2 Wordpress, Image Photo Gallery Final Tiles Grid | 2025-12-21 | 5.4 Medium |
| The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.7. This is due to the plugin not properly verifying that a user is authorized to perform actions on gallery management functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete, modify, or clone galleries created by any user, including administrators. | ||||
| CVE-2025-12361 | 2 Saadiqbal, Wordpress | 2 Mycred, Wordpress | 2025-12-21 | 4.3 Medium |
| The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive information including user IDs, display names, and email addresses of all users on the site via the get_bank_accounts AJAX action. Passwords are not exposed. | ||||
| CVE-2025-12377 | 2 Smub, Wordpress | 2 Gallery Plugin For Wordpress, Wordpress | 2025-12-19 | 4.3 Medium |
| The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-level access and above, to perform multiple actions, such as removing images from arbitrary galleries. The vulnerability was partially patched in version 1.12.0. | ||||
| CVE-2025-7047 | 1 Utarit | 1 Soliclub | 2025-12-19 | 4.3 Medium |
| Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse.This issue affects SoliClub: before 5.3.7. | ||||
| CVE-2025-63002 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 5.3 Medium |
| Missing Authorization vulnerability in wpforchurch Sermon Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sermon Manager: from n/a through 2.30.0. | ||||
| CVE-2025-62960 | 2 Sparkle Wp, Wordpress | 2 Construction Light, Wordpress | 2025-12-19 | 5.4 Medium |
| Missing Authorization vulnerability in Sparkle WP Construction Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Light: from n/a through 1.6.7. | ||||
| CVE-2025-62961 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 5.4 Medium |
| Missing Authorization vulnerability in Sparkle WP Sparkle FSE allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sparkle FSE: from n/a through 1.0.9. | ||||
| CVE-2025-66058 | 2 Pickplugins, Wordpress | 2 Post Grid, Wordpress | 2025-12-19 | 6.5 Medium |
| Missing Authorization vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.17. | ||||
| CVE-2025-40602 | 1 Sonicwall | 10 Sma1000, Sma6200, Sma6200 Firmware and 7 more | 2025-12-19 | 6.6 Medium |
| A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). | ||||
| CVE-2025-54751 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2025-12-19 | 7.1 High |
| Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 4.1.36. | ||||
| CVE-2025-49041 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 6.5 Medium |
| Missing Authorization vulnerability in The African Boss Get Cash get-cash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Get Cash: from n/a through <= 3.2.3. | ||||
| CVE-2025-58877 | 2 Javothemes, Wordpress | 2 Javo Core, Wordpress | 2025-12-19 | 7.5 High |
| Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529. | ||||
| CVE-2025-49902 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 6.5 Medium |
| Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer – Customizer Login Page, Admin Page, Custom Design: from n/a through <= 2.1.1. | ||||
| CVE-2025-54741 | 1 Wordpress | 1 Wordpress | 2025-12-19 | 8.6 High |
| Missing Authorization vulnerability in Tyler Moore Super Blank super-blank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Blank: from n/a through <= 1.2.0. | ||||