快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 352348
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-11220 |
Elementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path
|
MEDIUM | 6.4 | 2025-12-16 |
elemntor Elementor Website Builder – More Than Just a Page Builder
|
CVE NVD | |
| CVE-2025-0836 |
XProtect MIP API Missing Authorization
|
MEDIUM | 5.3 | 2025-12-16 |
Milestone Systems XProtect VMS
|
CVE NVD | |
| CVE-2025-14002 |
WPCOM Member <= 1.7.16 - Authentication Bypass via Weak OTP
|
HIGH | 8.1 | 2025-12-16 |
whyun WPCOM Member
|
CVE NVD | |
| CVE-2025-13231 |
Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition
|
MEDIUM | 6.5 | 2025-12-16 |
radykal Fancy Product Designer
|
CVE NVD | |
| CVE-2025-68088 |
WordPress Huger for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability
|
MEDIUM | 5.4 | 2025-12-16 |
merkulove Huger for Elementor
|
CVE NVD | |
| CVE-2025-68087 |
WordPress Modalier for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability
|
MEDIUM | 5.4 | 2025-12-16 |
merkulove Modalier for Elementor
|
CVE NVD | |
| CVE-2025-68086 |
WordPress Reformer for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability
|
MEDIUM | 5.4 | 2025-12-16 |
merkulove Reformer for Elementor
|
CVE NVD | |
| CVE-2025-68085 |
WordPress Buttoner for Elementor plugin <= 1.0.6 - Settings Change vulnerability
|
MEDIUM | 5.4 | 2025-12-16 |
merkulove Buttoner for Elementor
|
CVE NVD | |
| CVE-2025-68084 |
WordPress Ultimate Auction plugin <= 4.3.2 - Broken Access Control vulnerability
|
MEDIUM | 5.4 | 2025-12-16 |
Nitesh Ultimate Auction
|
CVE NVD | |
| CVE-2025-68083 |
WordPress Meks Quick Plugin Disabler plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
|
MEDIUM | 5.4 | 2025-12-16 |
Meks Meks Quick Plugin Disabler
|
CVE NVD | |
| CVE-2025-68082 |
WordPress Semrush Content Toolkit plugin <= 1.1.32 - Cross Site Request Forgery (CSRF) vulnerability
|
MEDIUM | 5.4 | 2025-12-16 |
SEMrush CY LTD Semrush Content Toolkit
|
CVE NVD | |
| CVE-2025-68080 |
WordPress User Avatar - Reloaded plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability
|
MEDIUM | 6.5 | 2025-12-16 |
Saad Iqbal User Avatar - Reloaded
|
CVE NVD | |
| CVE-2025-68079 |
WordPress Salient Shortcodes plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
|
MEDIUM | 6.5 | 2025-12-16 |
ThemeNectar Salient Shortcodes
|
CVE NVD | |
| CVE-2025-68078 |
WordPress Salient Portfolio theme <= 1.8.2 - Cross Site Scripting (XSS) vulnerability
|
MEDIUM | 6.5 | 2025-12-16 |
ThemeNectar Salient Portfolio
|
CVE NVD | |
| CVE-2025-68077 |
WordPress Stockholm theme <= 9.14.1 - Cross Site Scripting (XSS) vulnerability
|
MEDIUM | 6.5 | 2025-12-16 |
Select-Themes Stockholm
|
CVE NVD | |
| CVE-2025-68076 |
WordPress Stockholm Core plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability
|
MEDIUM | 6.5 | 2025-12-16 |
Select-Themes Stockholm Core
|
CVE NVD | |
| CVE-2025-68071 |
WordPress Essential Real Estate plugin <= 5.2.2 - Insecure Direct Object References (IDOR) vulnerability
|
MEDIUM | 6.5 | 2025-12-16 |
g5theme Essential Real Estate
|
CVE NVD | |
| CVE-2025-68070 |
WordPress VK Google Job Posting Manager plugin <= 1.2.21 - Cross Site Scripting (XSS) vulnerability
|
MEDIUM | 6.5 | 2025-12-16 |
Vektor,Inc. VK Google Job Posting Manager
|
CVE NVD | |
| CVE-2025-68068 |
WordPress plugin Stockholm 安全漏洞
|
HIGH | 7.5 | 2025-12-16 |
Select-Themes Stockholm
|
CVE NVD +1 | |
| CVE-2025-68067 |
WordPress plugin Stockholm Core 安全漏洞
|
HIGH | 7.5 | 2025-12-16 |
Select-Themes Stockholm Core
|
CVE NVD +1 |