Tonec Inc. CVEs and Security Vulnerabilities

Search

Expected end of text, found '.' (at char 16), (line:1, col:17)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (328542 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-66083	1 Wordpress	1 Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 5.0.4.
CVE-2025-66082	1 Wordpress	1 Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 5.0.4.
CVE-2025-66081	2 Jeff Starr, Wordpress	2 Head Meta Data, Wordpress	2026-01-20	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Head Meta Data head-meta-data allows Stored XSS.This issue affects Head Meta Data: from n/a through <= 20250327.
CVE-2025-66080	2 Wordpress, Wp Legal Pages	2 Wordpress, Wp Cookie Notice	2026-01-20	5.3 Medium
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through 4.0.3.
CVE-2025-66079	2 Jegstudio, Wordpress	2 Gutenverse, Wordpress	2026-01-20	7.3 High
Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.2.0.
CVE-2025-66078	1 Wordpress	1 Wordpress	2026-01-20	9.1 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters Hotel Booking Lite motopress-hotel-booking-lite allows Remote Code Inclusion.This issue affects Hotel Booking Lite: from n/a through <= 5.2.3.
CVE-2025-66077	2 Wordpress, Wpwax	2 Wordpress, Legal Pages	2026-01-20	4.3 Medium
Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through <= 1.4.6.
CVE-2025-66075	2 Wordpress, Wp Legal Pages	2 Wordpress, Wp Cookie Notice	2026-01-20	4.2 Medium
Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through <= 4.0.3.
CVE-2025-66074	1 Wordpress	1 Wordpress	2026-01-20	9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Path Traversal.This issue affects WP Webhooks: from n/a through <= 3.3.8.
CVE-2025-66073	1 Wordpress	1 Wordpress	2026-01-20	6.5 Medium
Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through <= 3.3.8.
CVE-2025-66072	1 Wordpress	1 Wordpress	2026-01-20	9.8 Critical
Missing Authorization vulnerability in Stiofan UsersWP userswp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through <= 1.2.47.
CVE-2025-66071	2 Tychesoftwares, Wordpress	2 Custom Order Numbers For Woocommerce, Wordpress	2026-01-20	9.8 Critical
Missing Authorization vulnerability in tychesoftwares Custom Order Numbers for WooCommerce custom-order-numbers-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Order Numbers for WooCommerce: from n/a through <= 1.11.0.
CVE-2025-66070	1 Wordpress	1 Wordpress	2026-01-20	7.5 High
Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.10.
CVE-2025-66069	3 Themeisle, Woocommerce, Wordpress	3 Ppom For Woocommerce, Woocommerce, Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.16.
CVE-2025-66068	2 Instawp, Wordpress	2 Instawp Connect, Wordpress	2026-01-20	6.5 Medium
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9.
CVE-2025-66067	2 Funnelkit, Wordpress	2 Funnel Builder, Wordpress	2026-01-20	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.13.1.2.
CVE-2025-66066	2 Envothemes, Wordpress	2 Envo Extra, Wordpress	2026-01-20	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through <= 1.9.11.
CVE-2025-66065	2 Jegstudio, Wordpress	2 Gutenverse, Wordpress	2026-01-20	5.3 Medium
Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through <= 3.2.1.
CVE-2025-66064	2 Rafflepress, Wordpress	3 Giveaways And Contests, Giveaways And Contests By Rafflepress, Wordpress	2026-01-20	5.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through <= 1.12.20.
CVE-2025-66063	2 Jgwhite33, Wordpress	2 Wp Google Review Slider, Wordpress	2026-01-20	5.4 Medium
Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Google Review Slider: from n/a through <= 17.4.

« first previous Page 46 of 16428. next last »