CVEs

28,755 total · page 118 of 576

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-69375	SolverWp Portfolio Builder	Hig	0.53	8.1	0.00	Feb 20, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through <= 1.2.5.
CVE-2025-69374	SolverWp Eleblog – Elementor Blog And Magazine Addons	Hig	0.53	8.1	0.00	Feb 20, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Eleblog – Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through <= 2.0.3.
CVE-2025-69373	beeteam368 VidoRev	Hig	0.49	7.5	0.00	Feb 20, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through <= 2.9.9.9.9.9.7.
CVE-2025-69368	—	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes SOHO - Photography WordPress Theme soho allows DOM-Based XSS.This issue affects SOHO - Photography WordPress Theme: from n/a through <= 3.0.3.
CVE-2025-69367	—	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through <= 4.4.3.
CVE-2025-69330	Zyxel Prestige	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes Prestige prestige allows Reflected XSS.This issue affects Prestige: from n/a through < 1.4.1.
CVE-2025-69328	Magepeople inc. Booking and Rental Manager	Hig	0.57	8.8	0.00	Feb 20, 2026	Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through <= 2.5.9.
CVE-2025-69326	Basixonline Nex Forms	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through <= 9.1.7.
CVE-2025-69324	Basixonline Nex Forms	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through <= 9.1.7.
CVE-2025-69323	Wp Slimstat Slimstat Analytics	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through <= 5.3.2.
CVE-2025-69322	—	Hig	0.53	8.1	0.00	Feb 20, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through < 1.5.9.
CVE-2025-69303	modeltheme ModelTheme Framework	Hig	0.49	7.5	0.00	Feb 20, 2026	Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Framework: from n/a through < 2.0.0.
CVE-2025-69302	WordPress Designthemes Core Features	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core Features designthemes-core-features allows Reflected XSS.This issue affects DesignThemes Core Features: from n/a through <= 2.3.
CVE-2025-69299	Soflyy Oxygen	Hig	0.47	7.2	0.00	Feb 20, 2026	Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8.
CVE-2025-69298	GhostPool Gauge	Hig	0.49	7.5	0.00	Feb 20, 2026	Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4.
CVE-2025-69297	GhostPool Aardvark Plugin	Hig	0.49	7.5	0.00	Feb 20, 2026	Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19.
CVE-2025-69296	GhostPool Aardvark Plugin	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhostPool Aardvark aardvark allows Reflected XSS.This issue affects Aardvark: from n/a through <= 4.6.3.
CVE-2025-69294	fuelthemes PeakShops	Hig	0.57	8.8	0.00	Feb 20, 2026	Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through <= 1.5.9.
CVE-2025-69063	Wpexperts New User Approve	Hig	0.56	8.6	0.00	Feb 20, 2026	Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.0.
CVE-2025-68880	WordPress Simple Archive Generator	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peterwsterling Simple Archive Generator simple-archive-generator allows Reflected XSS.This issue affects Simple Archive Generator: from n/a through <= 5.2.
CVE-2025-68863	Zack Katz iContact for Gravity Forms	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz iContact for Gravity Forms gravity-forms-icontact allows Reflected XSS.This issue affects iContact for Gravity Forms: from n/a through <= 1.3.2.
CVE-2025-68862	Murtaza Bhurgri Woo File Dropzone	Hig	0.50	7.7	0.00	Feb 20, 2026	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Murtaza Bhurgri Woo File Dropzone woo-file-dropzone allows Path Traversal.This issue affects Woo File Dropzone: from n/a through <= 1.1.7.
CVE-2025-68856	Mopinion Mopinion Feedback Form	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keeswolters Mopinion Feedback Form mopinion-feedback-form allows DOM-Based XSS.This issue affects Mopinion Feedback Form: from n/a through <= 1.1.1.
CVE-2025-68854	—	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through <= 2.1.2.
CVE-2025-68853	Ocean12 Technologies Contact Manager	Hig	0.57	8.8	0.00	Feb 20, 2026	Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1.
CVE-2025-68852	webmuehle Court Reservation	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.13.
CVE-2025-68848	Anmari amr cron manager	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anmari amr cron manager amr-cron-manager allows Reflected XSS.This issue affects amr cron manager: from n/a through <= 2.3.
CVE-2025-68847	itex iSape isape	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itex iSape isape allows Reflected XSS.This issue affects iSape: from n/a through <= 0.72.
CVE-2025-68846	Paris Holley Asynchronous Javascript	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through <= 1.3.5.
CVE-2025-68845	aThemeArt Translations eDS Responsive Menu	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Reflected XSS.This issue affects eDS Responsive Menu: from n/a through <= 1.2.
CVE-2025-68844	DaleAB Membee Login	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaleAB Membee Login membees-member-login-widget allows Reflected XSS.This issue affects Membee Login: from n/a through <= 2.3.6.
CVE-2025-68843	Bas Schuiling FeedWordPress Advanced Filters	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Schuiling FeedWordPress Advanced Filters faf allows Reflected XSS.This issue affects FeedWordPress Advanced Filters: from n/a through <= 0.6.2.
CVE-2025-68842	totalbounty Widget Logic Visual	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through <= 1.52.
CVE-2025-68841	Themepul TopperPack – Complete Elementor Addons, Theme & CPT Builder	Hig	0.49	7.5	0.00	Feb 20, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themepul TopperPack – Complete Elementor Addons, Theme & CPT Builder topper-pack allows PHP Local File Inclusion.This issue affects TopperPack – Complete Elementor Addons, Theme & CPT Builder: from n/a through <= 1.2.1.
CVE-2025-68834	Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce	Hig	0.49	7.5	0.00	Feb 20, 2026	Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3.
CVE-2025-68552	Webcodingplace WooCommerce Coming Soon Product with Countdown	Hig	0.49	7.5	0.00	Feb 20, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product allows PHP Local File Inclusion.This issue affects WooCommerce Coming Soon Product with Countdown: from n/a through <= 5.0.
CVE-2025-68545	thembay Nika	Hig	0.53	8.1	0.00	Feb 20, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.14.
CVE-2025-68543	—	Hig	0.53	8.1	0.00	Feb 20, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.15.
CVE-2025-68539	WordPress Fana	Hig	0.53	8.1	0.00	Feb 20, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.35.
CVE-2025-68536	thembay Zota	Hig	0.53	8.1	0.00	Feb 20, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14.
CVE-2025-68531	modeltheme ModelTheme Addons for WPBakery and Elementor	Hig	0.57	8.8	0.00	Feb 20, 2026	Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through < 1.5.6.
CVE-2025-68526	A WP Life Modal Popup Box	Hig	0.57	8.8	0.00	Feb 20, 2026	Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1.
CVE-2025-68501	Mollie Mollie Payments For Woocommerce	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This issue affects Mollie Payments for WooCommerce: from n/a through <= 8.1.1.
CVE-2025-68495	WordPress Jetengine	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.8.0.
CVE-2025-68069	Wpwax Directorist	Hig	0.46	7.1	0.00	Feb 20, 2026	Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.6.6.
CVE-2025-68051	Shiprocket Shiprocket	Hig	0.49	7.5	0.00	Feb 20, 2026	Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket: from n/a through <= 2.0.8.
CVE-2025-68048	Xlplugins Nextmove	Hig	0.49	7.5	0.00	Feb 20, 2026	Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.
CVE-2025-68043	LottieFiles LottieFiles	Hig	0.48	7.3	0.02	Feb 20, 2026	Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.
CVE-2025-68037	Atlasgondal Export Media URLs	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atlas Gondal Export Media URLs export-media-urls allows Reflected XSS.This issue affects Export Media URLs: from n/a through <= 2.2.
CVE-2025-68031	farazsms farazsms	Hig	0.46	7.1	0.00	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through <= 2.7.3.

CVE-2025-69375HigFeb 20, 2026
SolverWp
Portfolio Builder
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through <= 1.2.5.
CVE-2025-69374HigFeb 20, 2026
SolverWp
Eleblog – Elementor Blog And Magazine Addons
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Eleblog – Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through <= 2.0.3.
CVE-2025-69373HigFeb 20, 2026
beeteam368
VidoRev
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through <= 2.9.9.9.9.9.7.
CVE-2025-69368HigFeb 20, 2026
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes SOHO - Photography WordPress Theme soho allows DOM-Based XSS.This issue affects SOHO - Photography WordPress Theme: from n/a through <= 3.0.3.
CVE-2025-69367HigFeb 20, 2026
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through <= 4.4.3.
CVE-2025-69330HigFeb 20, 2026
Zyxel
Prestige
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes Prestige prestige allows Reflected XSS.This issue affects Prestige: from n/a through < 1.4.1.
CVE-2025-69328HigFeb 20, 2026
Magepeople inc.
Booking and Rental Manager
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through <= 2.5.9.
CVE-2025-69326HigFeb 20, 2026
Basixonline
Nex Forms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through <= 9.1.7.
CVE-2025-69324HigFeb 20, 2026
Basixonline
Nex Forms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through <= 9.1.7.
CVE-2025-69323HigFeb 20, 2026
Wp Slimstat
Slimstat Analytics
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs Slimstat Analytics wp-slimstat allows Reflected XSS.This issue affects Slimstat Analytics: from n/a through <= 5.3.2.
CVE-2025-69322HigFeb 20, 2026
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through < 1.5.9.
CVE-2025-69303HigFeb 20, 2026
modeltheme
ModelTheme Framework
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Framework: from n/a through < 2.0.0.
CVE-2025-69302HigFeb 20, 2026
WordPress
Designthemes Core Features
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core Features designthemes-core-features allows Reflected XSS.This issue affects DesignThemes Core Features: from n/a through <= 2.3.
CVE-2025-69299HigFeb 20, 2026
Soflyy
Oxygen
risk 0.47cvss 7.2epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8.
CVE-2025-69298HigFeb 20, 2026
GhostPool
Gauge
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4.
CVE-2025-69297HigFeb 20, 2026
GhostPool
Aardvark Plugin
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19.
CVE-2025-69296HigFeb 20, 2026
GhostPool
Aardvark Plugin
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhostPool Aardvark aardvark allows Reflected XSS.This issue affects Aardvark: from n/a through <= 4.6.3.
CVE-2025-69294HigFeb 20, 2026
fuelthemes
PeakShops
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through <= 1.5.9.
CVE-2025-69063HigFeb 20, 2026
Wpexperts
New User Approve
risk 0.56cvss 8.6epss 0.00
Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.0.
CVE-2025-68880HigFeb 20, 2026
WordPress
Simple Archive Generator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peterwsterling Simple Archive Generator simple-archive-generator allows Reflected XSS.This issue affects Simple Archive Generator: from n/a through <= 5.2.
CVE-2025-68863HigFeb 20, 2026
Zack Katz
iContact for Gravity Forms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz iContact for Gravity Forms gravity-forms-icontact allows Reflected XSS.This issue affects iContact for Gravity Forms: from n/a through <= 1.3.2.
CVE-2025-68862HigFeb 20, 2026
Murtaza Bhurgri
Woo File Dropzone
risk 0.50cvss 7.7epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Murtaza Bhurgri Woo File Dropzone woo-file-dropzone allows Path Traversal.This issue affects Woo File Dropzone: from n/a through <= 1.1.7.
CVE-2025-68856HigFeb 20, 2026
Mopinion
Mopinion Feedback Form
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keeswolters Mopinion Feedback Form mopinion-feedback-form allows DOM-Based XSS.This issue affects Mopinion Feedback Form: from n/a through <= 1.1.1.
CVE-2025-68854HigFeb 20, 2026
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through <= 2.1.2.
CVE-2025-68853HigFeb 20, 2026
Ocean12 Technologies
Contact Manager
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1.
CVE-2025-68852HigFeb 20, 2026
webmuehle
Court Reservation
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.13.
CVE-2025-68848HigFeb 20, 2026
Anmari
amr cron manager
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anmari amr cron manager amr-cron-manager allows Reflected XSS.This issue affects amr cron manager: from n/a through <= 2.3.
CVE-2025-68847HigFeb 20, 2026
itex iSape
isape
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itex iSape isape allows Reflected XSS.This issue affects iSape: from n/a through <= 0.72.
CVE-2025-68846HigFeb 20, 2026
Paris Holley
Asynchronous Javascript
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paris Holley Asynchronous Javascript asynchronous-javascript allows Reflected XSS.This issue affects Asynchronous Javascript: from n/a through <= 1.3.5.
CVE-2025-68845HigFeb 20, 2026
aThemeArt
Translations eDS Responsive Menu
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Reflected XSS.This issue affects eDS Responsive Menu: from n/a through <= 1.2.
CVE-2025-68844HigFeb 20, 2026
DaleAB
Membee Login
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DaleAB Membee Login membees-member-login-widget allows Reflected XSS.This issue affects Membee Login: from n/a through <= 2.3.6.
CVE-2025-68843HigFeb 20, 2026
Bas Schuiling
FeedWordPress Advanced Filters
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Schuiling FeedWordPress Advanced Filters faf allows Reflected XSS.This issue affects FeedWordPress Advanced Filters: from n/a through <= 0.6.2.
CVE-2025-68842HigFeb 20, 2026
totalbounty
Widget Logic Visual
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalbounty Widget Logic Visual widget-logic-visual allows Reflected XSS.This issue affects Widget Logic Visual: from n/a through <= 1.52.
CVE-2025-68841HigFeb 20, 2026
Themepul
TopperPack – Complete Elementor Addons, Theme & CPT Builder
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themepul TopperPack – Complete Elementor Addons, Theme & CPT Builder topper-pack allows PHP Local File Inclusion.This issue affects TopperPack – Complete Elementor Addons, Theme & CPT Builder: from n/a through <= 1.2.1.
CVE-2025-68834HigFeb 20, 2026
Saiful Islam
Sync Master Sheet – Product Sync with Google Sheet for WooCommerce
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Saiful Islam Sync Master Sheet – Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet – Product Sync with Google Sheet for WooCommerce: from n/a through <= 1.1.3.
CVE-2025-68552HigFeb 20, 2026
Webcodingplace
WooCommerce Coming Soon Product with Countdown
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product allows PHP Local File Inclusion.This issue affects WooCommerce Coming Soon Product with Countdown: from n/a through <= 5.0.
CVE-2025-68545HigFeb 20, 2026
thembay
Nika
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.14.
CVE-2025-68543HigFeb 20, 2026
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.15.
CVE-2025-68539HigFeb 20, 2026
WordPress
Fana
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.35.
CVE-2025-68536HigFeb 20, 2026
thembay
Zota
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14.
CVE-2025-68531HigFeb 20, 2026
modeltheme
ModelTheme Addons for WPBakery and Elementor
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through < 1.5.6.
CVE-2025-68526HigFeb 20, 2026
A WP Life
Modal Popup Box
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1.
CVE-2025-68501HigFeb 20, 2026
Mollie
Mollie Payments For Woocommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This issue affects Mollie Payments for WooCommerce: from n/a through <= 8.1.1.
CVE-2025-68495HigFeb 20, 2026
WordPress
Jetengine
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through <= 3.8.0.
CVE-2025-68069HigFeb 20, 2026
Wpwax
Directorist
risk 0.46cvss 7.1epss 0.00
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.6.6.
CVE-2025-68051HigFeb 20, 2026
Shiprocket
Shiprocket
risk 0.49cvss 7.5epss 0.00
Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket: from n/a through <= 2.0.8.
CVE-2025-68048HigFeb 20, 2026
Xlplugins
Nextmove
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.
CVE-2025-68043HigFeb 20, 2026
LottieFiles
LottieFiles
risk 0.48cvss 7.3epss 0.02
Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.
CVE-2025-68037HigFeb 20, 2026
Atlasgondal
Export Media URLs
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atlas Gondal Export Media URLs export-media-urls allows Reflected XSS.This issue affects Export Media URLs: from n/a through <= 2.2.
CVE-2025-68031HigFeb 20, 2026
farazsms
farazsms
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through <= 2.7.3.