Total
347456 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68514 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through <= 2.16.8. | |||||
| CVE-2025-68029 | 2026-04-29 | N/A | 6.3 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through <= 2.7.3. | |||||
| CVE-2025-68016 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce: from n/a through <= 1.1.2. | |||||
| CVE-2025-67969 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through <= 1.5.1. | |||||
| CVE-2025-67956 | 2026-04-29 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.6. | |||||
| CVE-2025-63030 | 2026-04-29 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.3. | |||||
| CVE-2025-59575 | 2026-04-29 | N/A | 4.9 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS: from n/a through <= 3.6.20. | |||||
| CVE-2025-59003 | 2026-04-29 | N/A | 5.8 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in inkthemescom ColorWay colorway allows Retrieve Embedded Sensitive Data.This issue affects ColorWay: from n/a through <= 4.2.3. | |||||
| CVE-2025-58595 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-login allows Identity Spoofing.This issue affects All In One Login: from n/a through <= 2.0.8. | |||||
| CVE-2025-54743 | 2026-04-29 | N/A | 5.8 MEDIUM | ||
| Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through 2.1.5-2.1.6. | |||||
| CVE-2025-54008 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows Retrieve Embedded Sensitive Data.This issue affects JetSmartFilters: from n/a through <= 3.6.7. | |||||
| CVE-2025-53998 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Retrieve Embedded Sensitive Data.This issue affects JetWooBuilder: from n/a through <= 2.1.20. | |||||
| CVE-2025-53993 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetPopup jet-popup allows Retrieve Embedded Sensitive Data.This issue affects JetPopup: from n/a through <= 2.0.15. | |||||
| CVE-2025-53992 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTricks jet-tricks allows Retrieve Embedded Sensitive Data.This issue affects JetTricks: from n/a through <= 1.5.4.1. | |||||
| CVE-2025-53988 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through <= 1.3.18. | |||||
| CVE-2025-53987 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu jet-menu allows Retrieve Embedded Sensitive Data.This issue affects JetMenu: from n/a through <= 2.4.11.1. | |||||
| CVE-2025-53985 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs jet-tabs allows Retrieve Embedded Sensitive Data.This issue affects JetTabs: from n/a through <= 2.2.9. | |||||
| CVE-2025-53983 | 2026-04-29 | N/A | 6.5 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetElements For Elementor jet-elements allows Retrieve Embedded Sensitive Data.This issue affects JetElements For Elementor: from n/a through <= 2.7.7. | |||||
| CVE-2025-53348 | 2026-04-29 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Laborator Kalium kalium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kalium: from n/a through <= 3.18.3. | |||||
| CVE-2025-53319 | 2026-04-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads adthrive-ads allows Reflected XSS.This issue affects Raptive Ads: from n/a through <= 3.8.0. | |||||