CVE-2025-64376 - WordPress ListingPro theme < 2.9.10 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-64376
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through < 2.9.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64376
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through < 2.9.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64377 - WordPress ListingPro theme < 2.9.10 - Local File Inclusion vulnerability
CVE ID : CVE-2025-64377
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through < 2.9.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64377
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through < 2.9.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64378 - WordPress ListingPro theme < 2.9.10 - Broken Access Control vulnerability
CVE ID : CVE-2025-64378
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through < 2.9.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64378
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through < 2.9.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66054 - WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability
CVE ID : CVE-2025-66054
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66054
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66068 - WordPress InstaWP Connect plugin <= 0.1.1.9 - Broken Access Control vulnerability
CVE ID : CVE-2025-66068
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66068
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66070 - WordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerability
CVE ID : CVE-2025-66070
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66070
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.10.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66074 - WordPress WP Webhooks plugin <= 3.3.8 - Arbitrary File Upload vulnerability
CVE ID : CVE-2025-66074
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through <= 3.3.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66074
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through <= 3.3.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66078 - WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability
CVE ID : CVE-2025-66078
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through <= 5.2.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66078
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through <= 5.2.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66088 - WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability
CVE ID : CVE-2025-66088
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66088
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in Property Hive PropertyHive propertyhive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through <= 2.1.12.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66100 - WordPress RestroPress plugin <= 3.2.3.5 - Broken Access Control vulnerability
CVE ID : CVE-2025-66100
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.3.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66100
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.3.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66102 - WordPress FV Antispam plugin <= 2.7 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-66102
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Antispam fv-antispam allows Reflected XSS.This issue affects FV Antispam: from n/a through <= 2.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66102
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Antispam fv-antispam allows Reflected XSS.This issue affects FV Antispam: from n/a through <= 2.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66104 - WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.9.5 - Broken Access Control vulnerability
CVE ID : CVE-2025-66104
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in Anton Vanyukov Offload, AI & Optimize with Cloudflare Images cf-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Offload, AI & Optimize with Cloudflare Images: from n/a through <= 1.9.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66104
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in Anton Vanyukov Offload, AI & Optimize with Cloudflare Images cf-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Offload, AI & Optimize with Cloudflare Images: from n/a through <= 1.9.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66116 - WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Sensitive Data Exposure vulnerability
CVE ID : CVE-2025-66116
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through <= 2.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66116
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through <= 2.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66117 - WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability
CVE ID : CVE-2025-66117
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66117
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66118 - WordPress Sprout Clients plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-66118
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Reflected XSS.This issue affects Sprout Clients: from n/a through <= 3.2.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66118
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Reflected XSS.This issue affects Sprout Clients: from n/a through <= 3.2.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66119 - WordPress Hostel plugin <= 1.1.5.9 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-66119
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66119
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67546 - WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability
CVE ID : CVE-2025-67546
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67546
Published : Dec. 18, 2025, 7:22 a.m. | 49 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14318 - Improper access validation in M-Files Server
CVE ID : CVE-2025-14318
Published : Dec. 18, 2025, 7:32 a.m. | 39 minutes ago
Description : Improper access checks in M-Files Server before 25.12 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14318
Published : Dec. 18, 2025, 7:32 a.m. | 39 minutes ago
Description : Improper access checks in M-Files Server before 25.12 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6324 - WordPress Easy Invoice plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-6324
Published : Dec. 18, 2025, 8:16 a.m. | 1 hour, 57 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through <= 2.0.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6324
Published : Dec. 18, 2025, 8:16 a.m. | 1 hour, 57 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MatrixAddons Easy Invoice easy-invoice allows DOM-Based XSS.This issue affects Easy Invoice: from n/a through <= 2.0.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6326 - WordPress Inset theme <= 1.18.0 - Local File Inclusion Vulnerability
CVE ID : CVE-2025-6326
Published : Dec. 18, 2025, 8:16 a.m. | 1 hour, 57 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Inset inset allows PHP Local File Inclusion.This issue affects Inset: from n/a through <= 1.18.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6326
Published : Dec. 18, 2025, 8:16 a.m. | 1 hour, 57 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Inset inset allows PHP Local File Inclusion.This issue affects Inset: from n/a through <= 1.18.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64997 - Insufficient permission validation when showing agent information
CVE ID : CVE-2025-64997
Published : Dec. 18, 2025, 9:11 a.m. | 1 hour, 2 minutes ago
Description : Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64997
Published : Dec. 18, 2025, 9:11 a.m. | 1 hour, 2 minutes ago
Description : Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...