快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353084
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-12584 |
Quick View for WooCommerce <= 2.2.17 - Unauthenticated Private Product Disclosure
|
MEDIUM | 5.3 | 2025-11-27 |
shapedplugin Quick View for WooCommerce
|
CVE NVD | |
| CVE-2025-13378 |
AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Unauthenticated Server-Side Request Forgery via 'pinecone_url' Parameter
|
MEDIUM | 6.5 | 2025-11-27 |
ays-pro AI ChatBot with ChatGPT and Content Generator by AYS
|
CVE NVD | |
| CVE-2025-59026 |
Malicious content uploaded as file can be used to execute script code when following attacker-contro...
|
MEDIUM | 5.4 | 2025-11-27 |
Open-Xchange GmbH OX App Suite
|
CVE NVD | |
| CVE-2025-59025 |
Malicious e-mail content can be used to execute script code. Unintended actions can be executed in t...
|
MEDIUM | 6.1 | 2025-11-27 |
Open-Xchange GmbH OX App Suite
|
CVE NVD | |
| CVE-2025-30190 |
Malicious content at office documents can be used to inject script code when editing a document. Uni...
|
MEDIUM | 5.4 | 2025-11-27 |
Open-Xchange GmbH OX App Suite
|
CVE NVD | |
| CVE-2025-30186 |
Malicious content uploaded as file can be used to execute script code when following attacker-contro...
|
MEDIUM | 5.4 | 2025-11-27 |
Open-Xchange GmbH OX App Suite
|
CVE NVD | |
| CVE-2025-13536 |
Blubrry PowerPress <= 11.15.2 - Authenticated (Contributor+) Arbitrary File Upload via 'powerpress_edit_post'
|
HIGH | 8.8 | 2025-11-27 |
blubrry PowerPress Podcasting plugin by Blubrry
|
CVE NVD | |
| CVE-2025-13157 |
QODE Wishlist for WooCommerce <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist Update
|
MEDIUM | 5.3 | 2025-11-27 |
qodeinteractive QODE Wishlist for WooCommerce
|
CVE NVD | |
| CVE-2025-13441 |
Hide Category by User Role for WooCommerce <= 2.3.1 - Missing Authorization to Unauthenticated Cache Flushing
|
MEDIUM | 5.3 | 2025-11-27 |
themesupport Hide Category by User Role for WooCommerce
|
CVE NVD | |
| CVE-2025-13143 |
Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.12.0 - Cross-Site Request Forgery to Account Disconnection
|
MEDIUM | 4.3 | 2025-11-27 |
assafp Poll, Survey & Quiz Maker Plugin by Opinion Stage
|
CVE NVD | |
| CVE-2025-13525 |
WP Directory Kit <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter
|
MEDIUM | 6.1 | 2025-11-27 |
listingthemes WP Directory Kit
|
CVE NVD | |
| CVE-2025-12123 |
Customer Reviews Collector for WooCommerce <= 4.6.1 - Reflected Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-11-27 |
trustindex Customer Reviews Collector for WooCommerce
|
CVE NVD | |
| CVE-2025-12185 |
StaffList <= 3.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting
|
MEDIUM | 4.4 | 2025-11-27 |
era404 StaffList
|
CVE NVD | |
| CVE-2025-12758 |
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or M...
|
HIGH | 8.7 | 2025-11-27 |
validator_project validator
|
CVE NVD | |
| CVE-2025-13539 |
FindAll Membership <= 1.0.4 - Authentication Bypass via Social Login
|
CRITICAL | 9.8 | 2025-11-27 |
Elated Themes FindAll Membership
|
CVE NVD | |
| CVE-2025-13540 |
Tiare Membership <= 1.2 - Unauthenticated Privilege Escalation
|
CRITICAL | 9.8 | 2025-11-27 |
Qode Interactive Tiare Membership
|
CVE NVD | |
| CVE-2025-13680 |
Tiger <= 101.2.1 - Authenticated (Subscriber+) Privilege Escalation
|
HIGH | 8.8 | 2025-11-27 |
DirectoryThemes Tiger
|
CVE NVD | |
| CVE-2025-12151 |
Simple Folio <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-27 |
presstigers Simple Folio
|
CVE NVD | |
| CVE-2025-13675 |
Tiger <= 101.2.1 - Unauthenticated Privilege Escalation
|
CRITICAL | 9.8 | 2025-11-27 |
DirectoryThemes Tiger
|
CVE NVD | |
| CVE-2025-7820 |
SKT PayPal for WooCommerce <= 1.4 - Unauthenticated Payment Bypass
|
HIGH | 7.5 | 2025-11-27 |
sonalsinha21 SKT PayPal for WooCommerce
|
CVE NVD |