快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 352190
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2023-25445 |
WordPress HappyFiles Pro plugin <= 1.8.1 - Broken Access Control vulnerability
|
MEDIUM | 5.4 | 2025-12-21 |
HappyFiles HappyFiles Pro
|
CVE NVD | |
| CVE-2023-25068 |
WordPress Magazine Edge theme <= 1.13 - Authenticated Arbitrary Plugin Activation
|
MEDIUM | 4.3 | 2025-12-20 |
Mapro Collins Magazine Edge
|
CVE NVD | |
| CVE-2025-14989 |
Campcodes Complete Online Beauty Parlor Management System search-invoices.php sql injection
|
MEDIUM | 6.9 | 2025-12-20 |
Campcodes Complete Online Beauty Parlor Management System
campcodes complete_online_beauty_parlor_management_system
|
CVE NVD | |
| CVE-2025-34290 |
Versa SASE Client for Windows 安全漏洞
|
HIGH | 8.5 | 2025-12-20 |
Versa Networks SASE Client for Windows
|
CVE NVD +1 | |
| CVE-2025-7782 |
WP JobHunt <= 7.7 - Missing Authorization to Authenticated (Candidate+) Stored Cross-Site Scripting via 'status'
|
HIGH | 7.6 | 2025-12-20 |
未知
|
CVE NVD | |
| CVE-2025-7733 |
WP JobHunt <= 7.7 - Authenticated (Candidate+) Insecure Direct Object Reference
|
MEDIUM | 4.3 | 2025-12-20 |
未知
|
CVE NVD | |
| CVE-2025-14298 |
FiboSearch – Ajax Search for WooCommerce <= 1.32.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via thegem_te_search Shortcode
|
MEDIUM | 5.4 | 2025-12-20 |
damian-gora FiboSearch – Ajax Search for WooCommerce
|
CVE NVD | |
| CVE-2025-12492 |
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure
|
MEDIUM | 5.3 | 2025-12-20 |
ultimatemember Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
|
CVE NVD | |
| CVE-2025-13619 |
Flex Store Users <= 1.1.0 - Unauthenticated Privilege Escalation
|
CRITICAL | 9.8 | 2025-12-20 |
CMSSuperHeroes Flex Store Users
|
CVE NVD | |
| CVE-2025-12820 |
WordPress plugin Pure WC Variation Swatches 安全漏洞
|
MEDIUM | 5.3 | 2025-12-20 |
Unknown Pure WC Variation Swatches
|
CVE NVD +1 | |
| CVE-2025-13365 |
WP Hallo Welt <= 1.4. - Cross-Site Request Forgery to Stored Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-12-20 |
tikolan WP Hallo Welt
|
CVE NVD | |
| CVE-2025-12581 |
Attachments Handler <= 1.1.7 - Reflected Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-12-20 |
kaizencoders Attachments Handler
|
CVE NVD | |
| CVE-2025-13329 |
File Uploader for WooCommerce <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data
|
CRITICAL | 9.8 | 2025-12-20 |
snowray File Uploader for WooCommerce
|
CVE NVD | |
| CVE-2025-14168 |
WP DB Booster <= 1.0.1 - Cross-Site Request Forgery to Database Cleanup
|
MEDIUM | 4.3 | 2025-12-20 |
wpmaniax WP DB Booster
|
CVE NVD | |
| CVE-2025-13624 |
Overstock Affiliate Links <= 1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
|
MEDIUM | 6.1 | 2025-12-20 |
travishoki Overstock Affiliate Links
|
CVE NVD | |
| CVE-2025-14633 |
F70 Lead Document Download <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Media File Download
|
MEDIUM | 5.3 | 2025-12-20 |
niao70 F70 Lead Document Download
|
CVE NVD | |
| CVE-2025-14721 |
Responsive and Swipe slider <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode
|
MEDIUM | 5.5 | 2025-12-20 |
mansoormunib RESPONSIVE AND SWIPE SLIDER!
|
CVE NVD | |
| CVE-2025-12898 |
Pretty Google Calendar <= 2.0.0 - Missing Authorization to Unauthenticated Google API Key Exposure
|
MEDIUM | 5.3 | 2025-12-20 |
lbell Pretty Google Calendar
|
CVE NVD | |
| CVE-2025-14734 |
Amazon affiliate lite Plugin <= 1.0.0 - Cross-Site Request Forgery to Plugin Settings Update
|
MEDIUM | 5.4 | 2025-12-20 |
nestornoe Amazon affiliate lite Plugin
|
CVE NVD | |
| CVE-2025-14164 |
Quran Gateway <= 1.5 - Cross-Site Request Forgery to Settings Update
|
MEDIUM | 4.3 | 2025-12-20 |
edckwt Quran Gateway
|
CVE NVD |