CVE-2025-59567 - WordPress Coupon Affiliates Plugin <= 6.8.0 - Broken Access Control Vulnerability
CVE ID : CVE-2025-59567
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.8.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59567
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.8.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59565 - WordPress Upsell Order Bump Offer for WooCommerce Plugin <= 3.0.7 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-59565
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce allows Stored XSS. This issue affects Upsell Order Bump Offer for WooCommerce: from n/a through 3.0.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59565
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce allows Stored XSS. This issue affects Upsell Order Bump Offer for WooCommerce: from n/a through 3.0.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59562 - WordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) Vulnerability
CVE ID : CVE-2025-59562
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Academy LMS: from n/a through 3.3.4.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59562
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Academy LMS: from n/a through 3.3.4.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59561 - WordPress Smart Blocks Plugin <= 2.4 - Broken Access Control Vulnerability
CVE ID : CVE-2025-59561
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in hashthemes Smart Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Blocks: from n/a through 2.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59561
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in hashthemes Smart Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Blocks: from n/a through 2.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59559 - WordPress Payrexx Payment Gateway for WooCommerce Plugin <= 3.1.5 - Broken Access Control Vulnerability
CVE ID : CVE-2025-59559
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in payrexx Payrexx Payment Gateway for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payrexx Payment Gateway for WooCommerce: from n/a through 3.1.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59559
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in payrexx Payrexx Payment Gateway for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payrexx Payment Gateway for WooCommerce: from n/a through 3.1.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59553 - WordPress Custom iFrame for Elementor Plugin <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-59553
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coderz Studio Custom iFrame for Elementor allows DOM-Based XSS. This issue affects Custom iFrame for Elementor: from n/a through 1.0.13.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59553
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coderz Studio Custom iFrame for Elementor allows DOM-Based XSS. This issue affects Custom iFrame for Elementor: from n/a through 1.0.13.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59552 - WordPress Save as PDF Plugin <= 4.5.2 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-59552
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Dev Team Save as PDF allows Stored XSS. This issue affects Save as PDF: from n/a through 4.5.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59552
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Dev Team Save as PDF allows Stored XSS. This issue affects Save as PDF: from n/a through 4.5.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59551 - WordPress Revive.so Plugin <= 2.0.6 - Broken Access Control Vulnerability
CVE ID : CVE-2025-59551
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in WP Chill Revive.so allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so: from n/a through 2.0.6.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59551
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in WP Chill Revive.so allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so: from n/a through 2.0.6.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59549 - WordPress GetResponse Forms Plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-59549
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps GetResponse Forms allows Stored XSS. This issue affects GetResponse Forms: from n/a through 2.6.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59549
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps GetResponse Forms allows Stored XSS. This issue affects GetResponse Forms: from n/a through 2.6.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58992 - WordPress Product Catalog Simple Plugin <= 1.8.2 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-58992
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple allows Stored XSS. This issue affects Product Catalog Simple: from n/a through 1.8.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58992
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple allows Stored XSS. This issue affects Product Catalog Simple: from n/a through 1.8.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58974 - WordPress WPComplete Plugin <= 2.9.5.2 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-58974
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58974
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58973 - WordPress Easy Elementor Addons Plugin <= 2.2.8 - Local File Inclusion Vulnerability
CVE ID : CVE-2025-58973
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hashthemes Easy Elementor Addons allows PHP Local File Inclusion. This issue affects Easy Elementor Addons: from n/a through 2.2.8.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58973
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hashthemes Easy Elementor Addons allows PHP Local File Inclusion. This issue affects Easy Elementor Addons: from n/a through 2.2.8.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58969 - WordPress Custom Login URL Plugin <= 1.0.2 - Broken Access Control Vulnerability
CVE ID : CVE-2025-58969
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Greg Winiarski Custom Login URL allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Login URL: from n/a through 1.0.2.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58969
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Greg Winiarski Custom Login URL allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Login URL: from n/a through 1.0.2.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58968 - WordPress MaxiBlocks Plugin <= 2.1.3 - Broken Access Control Vulnerability
CVE ID : CVE-2025-58968
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MaxiBlocks: from n/a through 2.1.3.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58968
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MaxiBlocks: from n/a through 2.1.3.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58965 - WordPress Fusion Page Builder : Extension – Gallery Plugin <= 1.7.6 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-58965
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery allows Stored XSS. This issue affects Fusion Page Builder : Extension – Gallery: from n/a through 1.7.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58965
Published : Sept. 22, 2025, 6:26 p.m. | 56 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery allows Stored XSS. This issue affects Fusion Page Builder : Extension – Gallery: from n/a through 1.7.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58962 - WordPress Publitio Plugin <= 2.2.1 - Server Side Request Forgery (SSRF) Vulnerability
CVE ID : CVE-2025-58962
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio allows Server Side Request Forgery. This issue affects Publitio: from n/a through 2.2.1.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58962
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio allows Server Side Request Forgery. This issue affects Publitio: from n/a through 2.2.1.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58960 - WordPress IP Based Login Plugin <= 2.4.3 - Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-58960
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through 2.4.3.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58960
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through 2.4.3.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58957 - WordPress VPSUForm Plugin <= 3.2.20 - Broken Access Control Vulnerability
CVE ID : CVE-2025-58957
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Missing Authorization vulnerability in Vikas Ratudi VPSUForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VPSUForm: from n/a through 3.2.20.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58957
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Missing Authorization vulnerability in Vikas Ratudi VPSUForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VPSUForm: from n/a through 3.2.20.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58956 - WordPress WP Attractive Donations System Plugin < 1.29 - Cross Site Request Forgery (CSRF) Vulnerability
CVE ID : CVE-2025-58956
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System allows Stored XSS. This issue affects WP Attractive Donations System: from n/a through n/a.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58956
Published : Sept. 22, 2025, 6:26 p.m. | 55 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System allows Stored XSS. This issue affects WP Attractive Donations System: from n/a through n/a.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10810 - Campcodes Online Learning Management System edit_user.php sql injection
CVE ID : CVE-2025-10810
Published : Sept. 22, 2025, 6:32 p.m. | 50 minutes ago
Description : A vulnerability was detected in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/edit_user.php. Performing manipulation of the argument firstname results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10810
Published : Sept. 22, 2025, 6:32 p.m. | 50 minutes ago
Description : A vulnerability was detected in Campcodes Online Learning Management System 1.0. The impacted element is an unknown function of the file /admin/edit_user.php. Performing manipulation of the argument firstname results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9960 - is-localhost-ip 2.0.0 - SSRF via Restrictions bypass
CVE ID : CVE-2025-9960
Published : Sept. 22, 2025, 6:35 p.m. | 46 minutes ago
Description : A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery (SSRF). This issue affects is-localhost-ip: 2.0.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9960
Published : Sept. 22, 2025, 6:35 p.m. | 46 minutes ago
Description : A restriction bypass vulnerability in is-localhost-ip could allow attackers to perform Server-Side Request Forgery (SSRF). This issue affects is-localhost-ip: 2.0.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...