快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353043
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-12191 |
PDF Catalog for WooCommerce <= 1.1.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting
|
MEDIUM | 5.4 | 2025-12-05 |
ovologics PDF Catalog for WooCommerce
|
CVE NVD | |
| CVE-2025-12189 |
Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents <= 7.10.1321 - Cross-Site Request Forgery to Arbitrary File Upload
|
MEDIUM | 4.3 | 2025-12-05 |
breadbutter Bread & Butter: Gate content & Improve lead conversion in 60 seconds
breadbutter bread_and_butter
|
CVE NVD | |
| CVE-2025-12128 |
Hide Categories Or Products On Shop Page <= 1.0.7 - Cross-Site Request Forgery to Settings Update
|
MEDIUM | 4.3 | 2025-12-05 |
kaushikankrani Hide Categories Or Products On Shop Page
|
CVE NVD | |
| CVE-2025-12133 |
EPROLO Dropshipping <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Tracking Data Modification
|
MEDIUM | 4.3 | 2025-12-05 |
paulepro2019 EPROLO Dropshipping
|
CVE NVD | |
| CVE-2025-12370 |
Takeads <= 1.0.13 - Missing Authorization to Plugin Settings Deletion
|
MEDIUM | 4.3 | 2025-12-05 |
takeads Takeads
|
CVE NVD | |
| CVE-2025-12153 |
Featured Image via URL <= 0.1 - Authenticated (Contributor+) Arbitrary FIle Upload
|
HIGH | 8.8 | 2025-12-05 |
tsaiid Featured Image via URL
|
CVE NVD | |
| CVE-2025-13623 |
Twitscription <= 0.1.1 - Reflected Cross-Site Scripting via admin.php PATH_INFO
|
MEDIUM | 6.1 | 2025-12-05 |
natambu Twitscription
|
CVE NVD | |
| CVE-2025-13622 |
Jabbernotification <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO
|
MEDIUM | 6.1 | 2025-12-05 |
missi Jabbernotification
|
CVE NVD | |
| CVE-2025-10055 |
Time Sheets <= 2.1.3 - Cross-Site Request Forgery
|
MEDIUM | 4.3 | 2025-12-05 |
mrdenny Time Sheets
|
CVE NVD | |
| CVE-2025-12181 |
ContentStudio <= 1.3.7 - Authenticated (Author+) Arbitrary File Upload
|
HIGH | 8.8 | 2025-12-05 |
contentstudio ContentStudio
|
CVE NVD | |
| CVE-2025-13625 |
WP-SOS-Donate Donation Sidebar Plugin <= 0.9.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
|
MEDIUM | 6.1 | 2025-12-05 |
switch2mac WP-SOS-Donate Donation Sidebar Plugin
|
CVE NVD | |
| CVE-2025-13360 |
Quantic Social Image Hover <= 1.0.8 - Cross-Site Request Forgery to Settings Update
|
MEDIUM | 4.3 | 2025-12-05 |
monkeyboz Quantic Social Image Hover
|
CVE NVD | |
| CVE-2025-12368 |
Sermon Manager <= 2.30.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-12-05 |
wpforchurch Sermon Manager
|
CVE NVD | |
| CVE-2025-13621 |
dream gallery <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action
|
MEDIUM | 6.1 | 2025-12-05 |
teamdream dream gallery
|
CVE NVD | |
| CVE-2025-12165 |
Webcake – Landing Page Builder <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update
|
MEDIUM | 4.3 | 2025-12-05 |
huyme Webcake – Landing Page Builder
|
CVE NVD | |
| CVE-2025-12163 |
Omnipress <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-12-05 |
omnipressteam Omnipress
|
CVE NVD | |
| CVE-2025-13512 |
CoSign Single Signon <= 0.3.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
|
MEDIUM | 6.1 | 2025-12-05 |
jiangxin CoSign Single Signon
|
CVE NVD | |
| CVE-2025-12124 |
FitVids for WordPress <= 4.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting
|
MEDIUM | 4.4 | 2025-12-05 |
kevindees FitVids for WordPress
|
CVE NVD | |
| CVE-2025-13144 |
ContentStudio <= 1.3.7 - Cross-Site Request Forgery to Settings Update
|
MEDIUM | 4.3 | 2025-12-05 |
contentstudio ContentStudio
|
CVE NVD | |
| CVE-2025-13312 |
CRM Memberships <= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action
|
MEDIUM | 5.3 | 2025-12-05 |
dripadmin CRM Memberships
|
CVE NVD |