快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353262
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-13159 |
Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload
|
HIGH | 7.1 | 2025-11-21 |
flothemesplugins Flo Forms – Easy Drag & Drop Form Builder
|
CVE NVD | |
| CVE-2025-13134 |
AuthorSure <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-11-21 |
powerblogservice AuthorSure
|
CVE NVD | |
| CVE-2025-12135 |
WPBookit <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting
|
HIGH | 7.2 | 2025-11-21 |
iqonicdesign WPBookit
|
CVE NVD | |
| CVE-2025-11885 |
EchBay Admin Security <= 1.3.0 - Reflected Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-11-21 |
itvn9online EchBay Admin Security
|
CVE NVD | |
| CVE-2025-13142 |
Custom Post Type <= 1.0 - Cross-Site Request Forgery to Custom Post Type Deletion
|
MEDIUM | 4.3 | 2025-11-21 |
farvehandleren Custom Post Type
|
CVE NVD | |
| CVE-2025-11768 |
Islamic Phrases <= 2.12.2015 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-21 |
darto Islamic Phrases
|
CVE NVD | |
| CVE-2025-11770 |
BrightTALK WordPress Shortcode <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-21 |
billybigpotatoes BrightTALK WordPress Shortcode
|
CVE NVD | |
| CVE-2025-11767 |
Tips Shortcode <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-21 |
fpcorso Tips Shortcode
|
CVE NVD | |
| CVE-2025-12894 |
Import WP – Export and Import CSV and XML files to WordPress <= 2.14.17 - Unauthenticated Information Exposure
|
MEDIUM | 5.3 | 2025-11-21 |
jcollings Import WP – Export and Import CSV and XML files to WordPress
|
CVE NVD | |
| CVE-2025-11801 |
AudioTube <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-21 |
davidangel AudioTube
|
CVE NVD | |
| CVE-2025-12138 |
URL Image Importer <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload
|
HIGH | 8.8 | 2025-11-21 |
bww URL Image Importer
|
CVE NVD | |
| CVE-2025-11765 |
Stock Tools <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-21 |
developdaly Stock Tools
|
CVE NVD | |
| CVE-2025-12170 |
Checkbox <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing
|
MEDIUM | 5.3 | 2025-11-21 |
bandido Checkbox
|
CVE NVD | |
| CVE-2025-12086 |
Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation
|
MEDIUM | 4.3 | 2025-11-21 |
wpswings Return Refund and Exchange For WooCommerce
|
CVE NVD | |
| CVE-2025-12661 |
Pollcaster Shortcode Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
|
MEDIUM | 6.4 | 2025-11-21 |
qzzr Pollcaster Shortcode Plugin
|
CVE NVD | |
| CVE-2025-13322 |
WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Parameter
|
HIGH | 8.1 | 2025-11-21 |
husainali52 WP AUDIO GALLERY
|
CVE NVD | |
| CVE-2025-12660 |
Padlet Shortcode <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
|
MEDIUM | 6.4 | 2025-11-21 |
coffeebite Padlet Shortcode
|
CVE NVD | |
| CVE-2025-12746 |
Tainacan <= 1.0.0 - Reflected Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-11-21 |
tainacan Tainacan
|
CVE NVD | |
| CVE-2025-64695 |
Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). ...
|
HIGH | 8.4 | 2025-11-21 |
LogStare Inc. Installer of LogStare Collector (for Windows)
secuavail logstare_collector
|
CVE NVD | |
| CVE-2025-64299 |
LogStare Collector improperly handles the password hash data. An administrative user may obtain the ...
|
MEDIUM | 6.9 | 2025-11-21 |
LogStare Inc. LogStare Collector (for Windows)
LogStare Inc. LogStare Collector (for Linux)
+1个
|
CVE NVD |