CVE-2025-67585 - WordPress Flexmls® IDX plugin <= 3.15.7 - Open Redirection vulnerability
CVE ID : CVE-2025-67585
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : URL Redirection to Untrusted Site ('Open Redirect') vulnerability in flexmls Flexmls® IDX flexmls-idx allows Phishing.This issue affects Flexmls® IDX: from n/a through <= 3.15.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67585
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : URL Redirection to Untrusted Site ('Open Redirect') vulnerability in flexmls Flexmls® IDX flexmls-idx allows Phishing.This issue affects Flexmls® IDX: from n/a through <= 3.15.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67586 - WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability
CVE ID : CVE-2025-67586
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through <= 5.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67586
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through <= 5.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67587 - WordPress WP Gravity Forms FreshDesk Plugin plugin <= 1.3.5 - Open Redirection vulnerability
CVE ID : CVE-2025-67587
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through <= 1.3.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67587
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Phishing.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through <= 1.3.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67588 - WordPress Elementor Website Builder plugin <= 3.33.0 - Broken Access Control vulnerability
CVE ID : CVE-2025-67588
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.33.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67588
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.33.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67589 - WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 4.9.1 - Broken Access Control vulnerability
CVE ID : CVE-2025-67589
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through <= 4.9.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67589
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips woocommerce-pdf-invoices-packing-slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through <= 4.9.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67590 - WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-67590
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through <= 2.4.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67590
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through <= 2.4.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67591 - WordPress JNews Paywall plugin < 12.0.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-67591
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through < 12.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67591
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through < 12.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67592 - WordPress My Calendar plugin <= 3.6.16 - Broken Access Control vulnerability
CVE ID : CVE-2025-67592
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in Joe Dolson My Calendar my-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Calendar: from n/a through <= 3.6.16.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67592
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in Joe Dolson My Calendar my-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Calendar: from n/a through <= 3.6.16.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67593 - WordPress UsersWP plugin <= 1.2.48 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-67593
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.48.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67593
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.48.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67594 - WordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerability
CVE ID : CVE-2025-67594
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67594
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.3.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67595 - WordPress Quiz Maker plugin <= 6.7.0.82 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-67595
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67595
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker quiz-maker allows Cross Site Request Forgery.This issue affects Quiz Maker: from n/a through <= 6.7.0.82.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67596 - WordPress Business Directory plugin <= 6.4.19 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-67596
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through <= 6.4.19.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67596
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Cross Site Request Forgery.This issue affects Business Directory: from n/a through <= 6.4.19.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67597 - WordPress Fluent Booking plugin <= 1.9.11 - Broken Access Control vulnerability
CVE ID : CVE-2025-67597
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through <= 1.9.11.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67597
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking fluent-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Booking: from n/a through <= 1.9.11.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67598 - WordPress SupportCandy plugin <= 3.4.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-67598
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through <= 3.4.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67598
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins SupportCandy supportcandy allows Cross Site Request Forgery.This issue affects SupportCandy: from n/a through <= 3.4.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67599 - WordPress WebToffee eCommerce Marketing Automation plugin <= 2.1.1 - Broken Access Control vulnerability
CVE ID : CVE-2025-67599
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Automation: from n/a through <= 2.1.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67599
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Missing Authorization vulnerability in WebToffee WebToffee eCommerce Marketing Automation decorator-woocommerce-email-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebToffee eCommerce Marketing Automation: from n/a through <= 2.1.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6923 - Reflected XSS in TalentSoft's UNIS
CVE ID : CVE-2025-6923
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software UNIS allows Reflected XSS.This issue affects UNIS: before 42957.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6923
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software UNIS allows Reflected XSS.This issue affects UNIS: before 42957.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6924 - Reflected XSS in TalentSoft's e-BAP
CVE ID : CVE-2025-6924
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6924
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TalentSoft Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9368 - 432ES-IG3 Series A Denial-of-Service Vulnerability
CVE ID : CVE-2025-9368
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : A security issue exists within 432ES-IG3 Series A, which affects GuardLink® EtherNet/IP Interface, resulting in denial-of-service. A manual power cycle is required to recover the device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9368
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : A security issue exists within 432ES-IG3 Series A, which affects GuardLink® EtherNet/IP Interface, resulting in denial-of-service. A manual power cycle is required to recover the device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9638 - i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel
CVE ID : CVE-2025-9638
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9638
Published : Dec. 9, 2025, 4:18 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-23729 - WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Contributor+ reCAPTCHA Settings Change Vulnerability
CVE ID : CVE-2023-23729
Published : Dec. 9, 2025, 4:40 p.m. | 22 minutes ago
Description : Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-23729
Published : Dec. 9, 2025, 4:40 p.m. | 22 minutes ago
Description : Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-22675 - WordPress WP Fast Cache plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2023-22675
Published : Dec. 9, 2025, 4:41 p.m. | 22 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Taylor Hawkes WP Fast Cache allows Cross Site Request Forgery.This issue affects WP Fast Cache: from n/a through 1.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-22675
Published : Dec. 9, 2025, 4:41 p.m. | 22 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Taylor Hawkes WP Fast Cache allows Cross Site Request Forgery.This issue affects WP Fast Cache: from n/a through 1.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...