CVEs

31,844 total · page 191 of 637

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-69035	WordPress Dentalcare Cpt	Hig	0.57	8.8	0.00	Jan 22, 2026	Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2.
CVE-2025-69005	Elated-Themes Search & Go	Hig	0.53	8.1	0.00	Jan 22, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Search & Go search-and-go allows PHP Local File Inclusion.This issue affects Search & Go: from n/a through <= 2.8.
CVE-2025-69004	XpeedStudio Bajaar	Hig	0.53	8.1	0.00	Jan 22, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable…
CVE-2025-69003	Qantumthemes Qt Kentharadio	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through <= 2.2.0.
CVE-2025-69002	designthemes OneLife	Hig	0.57	8.8	0.00	Jan 22, 2026	Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through <= 3.9.
CVE-2025-68999	Leevio Happy Addons For Elementor	Hig	0.55	8.5	0.00	Jan 22, 2026	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.4.
CVE-2025-68913	zozothemes Miion	Hig	0.49	7.5	0.00	Jan 22, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion: from n/a through <= 1.2.7.
CVE-2025-68912	WordPress Hdforms	Hig	0.56	8.6	0.01	Jan 22, 2026	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1.
CVE-2025-68908	temash Barberry	Hig	0.53	8.1	0.00	Jan 22, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in temash Barberry barberry allows PHP Local File Inclusion.This issue affects Barberry: from n/a through <= 2.9.9.87.
CVE-2025-68907	AivahThemes Hostme v2	Hig	0.49	7.5	0.00	Jan 22, 2026	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Hostme v2 hostmev2 allows Path Traversal.This issue affects Hostme v2: from n/a through <= 7.0.
CVE-2025-68906	WordPress Jnews Video	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a through <= 11.0.2.
CVE-2025-68905	WordPress Jnews Pay Writer	Hig	0.49	7.5	0.00	Jan 22, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.This issue affects JNews - Pay Writer: from n/a through <= 11.0.0.
CVE-2025-68904	WordPress Jnews Frontend Submit	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through <= 11.0.0.
CVE-2025-68903	AivahThemes Anona	Hig	0.57	8.8	0.00	Jan 22, 2026	Deserialization of Untrusted Data vulnerability in AivahThemes Anona anona allows Object Injection.This issue affects Anona: from n/a through <= 8.0.
CVE-2025-68902	AivahThemes Anona	Hig	0.49	7.5	0.00	Jan 22, 2026	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0.
CVE-2025-68901	AivahThemes Anona	Hig	0.56	8.6	0.00	Jan 22, 2026	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0.
CVE-2025-68899	designthemes Vivagh	Hig	0.57	8.8	0.00	Jan 22, 2026	Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4.
CVE-2025-68894	shoutoutglobal ShoutOut	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a through <= 4.0.2.
CVE-2025-68884	WordPress Wp Simple Redirect	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Redirect: from n/a through <= 1.1.
CVE-2025-68883	extremeidea bidorbuy Store Integrator	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affects bidorbuy Store Integrator: from n/a through <= 2.12.0.
CVE-2025-68882	WordPress Scalenut	Hig	0.49	7.5	0.00	Jan 22, 2026	Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through <= 1.1.5.
CVE-2025-68881	WordPress Appexperts	Hig	0.55	8.5	0.00	Jan 22, 2026	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal AppExperts appexperts allows SQL Injection.This issue affects AppExperts: from n/a through <= 1.4.5.
CVE-2025-68871	noCreativity Dooodl	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through <= 2.3.0.
CVE-2025-68866	woofer696 Dinatur	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through <= 1.18.
CVE-2025-68864	Infility Infility Global	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Stored XSS.This issue affects Infility Global: from n/a through <= 2.15.11.
CVE-2025-68859	WordPress Syntax Highlighter Compress	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: from n/a through <= 3.0.83.3.
CVE-2025-68858	WordPress Wpcas	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson wpCAS wpcas allows Reflected XSS.This issue affects wpCAS: from n/a through <= 1.07.
CVE-2025-68849	WordPress Quote Master	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank Corso Quote Master quote-master allows Reflected XSS.This issue affects Quote Master: from n/a through <= 7.1.1.
CVE-2025-68839	Remi Corson Easy Theme Options	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Remi Corson Easy Theme Options easy-theme-options allows Reflected XSS.This issue affects Easy Theme Options: from n/a through <= 1.0.
CVE-2025-68838	WordPress Expresstechsoftwares Memberpress Discord Add On	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through…
CVE-2025-68835	Matiskiba Ravpage	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.33.
CVE-2025-68538	Craftcms Craft CMS	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through <= 2.3.6.
CVE-2025-68520	Themegoods DotLife	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods DotLife dotlife allows Reflected XSS.This issue affects DotLife: from n/a through < 4.9.5.
CVE-2025-68518	Themegoods Hoteller	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Hoteller hoteller allows Reflected XSS.This issue affects Hoteller: from n/a through < 6.8.9.
CVE-2025-68510	Themegoods Photography	Hig	0.53	8.1	0.00	Jan 22, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through < 7.7.5.
CVE-2025-68059	WordPress Hotel Listing	Hig	0.49	7.6	0.00	Jan 22, 2026	Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.
CVE-2025-68058	WordPress Institutions Directory	Hig	0.49	7.6	0.00	Jan 22, 2026	Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3..4.
CVE-2025-68057	WordPress Hospital Doctor Directory	Hig	0.49	7.6	0.00	Jan 22, 2026	Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
CVE-2025-68047	Themewinter Eventin	Hig	0.57	8.8	0.00	Jan 22, 2026	Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.1.3.
CVE-2025-68041	codisto Omnichannel for WooCommerce	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codisto Omnichannel for WooCommerce codistoconnect allows Stored XSS.This issue affects Omnichannel for WooCommerce: from n/a through <= 1.3.65.
CVE-2025-68035	WordPress Tabby Checkout	Hig	0.49	7.5	0.00	Jan 22, 2026	Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= 5.8.4.
CVE-2025-68030	WordPress Frontis Blocks	Hig	0.47	7.2	0.00	Jan 22, 2026	Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through <= 1.1.5.
CVE-2025-68027	WordPress Hydra Booking	Hig	0.47	7.3	0.00	Jan 22, 2026	Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through <= 1.1.32.
CVE-2025-68017	WordPress Antideo Email Validator	Hig	0.49	7.5	0.00	Jan 22, 2026	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10.
CVE-2025-68012	Dmytro Shteflyuk CodeColorer	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/a through <= 0.10.1.
CVE-2025-68011	GLS GLS Shipping for WooCommerce	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n/a through <= 1.4.0.
CVE-2025-68010	Netgsm Netgsm	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netgsm Netgsm netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through <= 2.9.63.
CVE-2025-68008	Filemanagerpro WP Mail	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= 1.3.
CVE-2025-68004	Kapil Chugh My Post Order	Hig	0.46	7.1	0.00	Jan 22, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through <= 1.2.1.1.
CVE-2025-67967	WordPress Lawyer Directory	Hig	0.49	7.6	0.00	Jan 22, 2026	Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.3.

CVE-2025-69035HigJan 22, 2026
WordPress
Dentalcare Cpt
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2.
CVE-2025-69005HigJan 22, 2026
Elated-Themes
Search & Go
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Search & Go search-and-go allows PHP Local File Inclusion.This issue affects Search & Go: from n/a through <= 2.8.
CVE-2025-69004HigJan 22, 2026
XpeedStudio
Bajaar
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable…
CVE-2025-69003HigJan 22, 2026
Qantumthemes
Qt Kentharadio
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through <= 2.2.0.
CVE-2025-69002HigJan 22, 2026
designthemes
OneLife
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through <= 3.9.
CVE-2025-68999HigJan 22, 2026
Leevio
Happy Addons For Elementor
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.4.
CVE-2025-68913HigJan 22, 2026
zozothemes
Miion
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion: from n/a through <= 1.2.7.
CVE-2025-68912HigJan 22, 2026
WordPress
Hdforms
risk 0.56cvss 8.6epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1.
CVE-2025-68908HigJan 22, 2026
temash
Barberry
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in temash Barberry barberry allows PHP Local File Inclusion.This issue affects Barberry: from n/a through <= 2.9.9.87.
CVE-2025-68907HigJan 22, 2026
AivahThemes
Hostme v2
risk 0.49cvss 7.5epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Hostme v2 hostmev2 allows Path Traversal.This issue affects Hostme v2: from n/a through <= 7.0.
CVE-2025-68906HigJan 22, 2026
WordPress
Jnews Video
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a through <= 11.0.2.
CVE-2025-68905HigJan 22, 2026
WordPress
Jnews Pay Writer
risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.This issue affects JNews - Pay Writer: from n/a through <= 11.0.0.
CVE-2025-68904HigJan 22, 2026
WordPress
Jnews Frontend Submit
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through <= 11.0.0.
CVE-2025-68903HigJan 22, 2026
AivahThemes
Anona
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in AivahThemes Anona anona allows Object Injection.This issue affects Anona: from n/a through <= 8.0.
CVE-2025-68902HigJan 22, 2026
AivahThemes
Anona
risk 0.49cvss 7.5epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0.
CVE-2025-68901HigJan 22, 2026
AivahThemes
Anona
risk 0.56cvss 8.6epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0.
CVE-2025-68899HigJan 22, 2026
designthemes
Vivagh
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4.
CVE-2025-68894HigJan 22, 2026
shoutoutglobal
ShoutOut
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a through <= 4.0.2.
CVE-2025-68884HigJan 22, 2026
WordPress
Wp Simple Redirect
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Redirect: from n/a through <= 1.1.
CVE-2025-68883HigJan 22, 2026
extremeidea
bidorbuy Store Integrator
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affects bidorbuy Store Integrator: from n/a through <= 2.12.0.
CVE-2025-68882HigJan 22, 2026
WordPress
Scalenut
risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through <= 1.1.5.
CVE-2025-68881HigJan 22, 2026
WordPress
Appexperts
risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal AppExperts appexperts allows SQL Injection.This issue affects AppExperts: from n/a through <= 1.4.5.
CVE-2025-68871HigJan 22, 2026
noCreativity
Dooodl
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noCreativity Dooodl dooodl allows Reflected XSS.This issue affects Dooodl: from n/a through <= 2.3.0.
CVE-2025-68866HigJan 22, 2026
woofer696
Dinatur
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woofer696 Dinatur dinatur allows Stored XSS.This issue affects Dinatur: from n/a through <= 1.18.
CVE-2025-68864HigJan 22, 2026
Infility
Infility Global
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Stored XSS.This issue affects Infility Global: from n/a through <= 2.15.11.
CVE-2025-68859HigJan 22, 2026
WordPress
Syntax Highlighter Compress
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: from n/a through <= 3.0.83.3.
CVE-2025-68858HigJan 22, 2026
WordPress
Wpcas
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson wpCAS wpcas allows Reflected XSS.This issue affects wpCAS: from n/a through <= 1.07.
CVE-2025-68849HigJan 22, 2026
WordPress
Quote Master
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank Corso Quote Master quote-master allows Reflected XSS.This issue affects Quote Master: from n/a through <= 7.1.1.
CVE-2025-68839HigJan 22, 2026
Remi Corson
Easy Theme Options
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Remi Corson Easy Theme Options easy-theme-options allows Reflected XSS.This issue affects Easy Theme Options: from n/a through <= 1.0.
CVE-2025-68838HigJan 22, 2026
WordPress
Expresstechsoftwares Memberpress Discord Add On
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through…
CVE-2025-68835HigJan 22, 2026
Matiskiba
Ravpage
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.33.
CVE-2025-68538HigJan 22, 2026
Craftcms
Craft CMS
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through <= 2.3.6.
CVE-2025-68520HigJan 22, 2026
Themegoods
DotLife
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods DotLife dotlife allows Reflected XSS.This issue affects DotLife: from n/a through < 4.9.5.
CVE-2025-68518HigJan 22, 2026
Themegoods
Hoteller
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Hoteller hoteller allows Reflected XSS.This issue affects Hoteller: from n/a through < 6.8.9.
CVE-2025-68510HigJan 22, 2026
Themegoods
Photography
risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through < 7.7.5.
CVE-2025-68059HigJan 22, 2026
WordPress
Hotel Listing
risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.
CVE-2025-68058HigJan 22, 2026
WordPress
Institutions Directory
risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3..4.
CVE-2025-68057HigJan 22, 2026
WordPress
Hospital Doctor Directory
risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
CVE-2025-68047HigJan 22, 2026
Themewinter
Eventin
risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.1.3.
CVE-2025-68041HigJan 22, 2026
codisto
Omnichannel for WooCommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codisto Omnichannel for WooCommerce codistoconnect allows Stored XSS.This issue affects Omnichannel for WooCommerce: from n/a through <= 1.3.65.
CVE-2025-68035HigJan 22, 2026
WordPress
Tabby Checkout
risk 0.49cvss 7.5epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through <= 5.8.4.
CVE-2025-68030HigJan 22, 2026
WordPress
Frontis Blocks
risk 0.47cvss 7.2epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through <= 1.1.5.
CVE-2025-68027HigJan 22, 2026
WordPress
Hydra Booking
risk 0.47cvss 7.3epss 0.00
Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through <= 1.1.32.
CVE-2025-68017HigJan 22, 2026
WordPress
Antideo Email Validator
risk 0.49cvss 7.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10.
CVE-2025-68012HigJan 22, 2026
Dmytro Shteflyuk
CodeColorer
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/a through <= 0.10.1.
CVE-2025-68011HigJan 22, 2026
GLS
GLS Shipping for WooCommerce
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n/a through <= 1.4.0.
CVE-2025-68010HigJan 22, 2026
Netgsm
Netgsm
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netgsm Netgsm netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through <= 2.9.63.
CVE-2025-68008HigJan 22, 2026
Filemanagerpro
WP Mail
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= 1.3.
CVE-2025-68004HigJan 22, 2026
Kapil Chugh
My Post Order
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a through <= 1.2.1.1.
CVE-2025-67967HigJan 22, 2026
WordPress
Lawyer Directory
risk 0.49cvss 7.6epss 0.00
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.3.