精确匹配,速度快(10-50ms)
常用厂商: microsoft cisco google apple oracle
10-50ms
示例: microsoft sql_server cisco ios apache http_server
漏洞列表 340282
CVE ID 标题 严重程度 CVSS 发布时间 受影响产品 数据源 操作
CVE-2025-12643
Saphali LiqPay for donate <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
MEDIUM 6.4 2025-11-08
saphali Saphali LiqPay for donate
CVE NVD
CVE-2025-11980
Quick Featured Images <= 13.7.3 - Authenticated (Editor+) SQL Injection via delete_orphaned
MEDIUM 4.9 2025-11-08
kybernetikservices Quick Featured Images
CVE NVD
CVE-2025-12092
CYAN Backup <= 2.5.4 - Authenticated (Admin+) Arbitrary File Deletion
MEDIUM 6.5 2025-11-08
gregross CYAN Backup
CVE NVD
CVE-2025-12098
Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'
MEDIUM 5.3 2025-11-08
academylms Academy LMS Pro
CVE NVD
CVE-2025-12099
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection via 'import_all_courses'
HIGH 7.2 2025-11-08
academylms Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
CVE NVD
CVE-2025-12621
Flexible Refund and Return Order for WooCommerce <= 1.0.42 - Incorrect Authorization to Authenticated (Contributor+) Refund Status Update
MEDIUM 5.3 2025-11-08
wpdesk Flexible Refund and Return Order for WooCommerce
CVE NVD
CVE-2025-12498
EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation
MEDIUM 4.3 2025-11-08
metagauss EventPrime – Events Calendar, Bookings and Tickets
CVE NVD
CVE-2025-9334
Better Find and Replace <= 1.7.7 - Authenticated (Subscriber+) Limited Code Injection
HIGH 8.8 2025-11-08
codesolz Better Find and Replace – AI-Powered Suggestions
CVE NVD
CVE-2025-12125
HTML Forms <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting
MEDIUM 4.4 2025-11-08
linksoftware HTML Forms – Simple WordPress Forms Plugin
CVE NVD
CVE-2025-12112
Insert Headers and Footers Code – HT Script <= 1.1.6 - Authenticated (Author+) Stored Cross-Site Scripting
MEDIUM 6.4 2025-11-08
htplugins Insert Headers and Footers Code – HT Script
CVE NVD
CVE-2025-12000
WPFunnels <= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal
MEDIUM 6.5 2025-11-08
getwpfunnels Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels
CVE NVD
CVE-2025-11748
Groups <= 3.7.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Group Join
MEDIUM 4.3 2025-11-08
itthinx Groups
CVE NVD
CVE-2025-12161
Smart Auto Upload Images <= 1.2.0 - Authenticated (Contributor+) Arbitrary File Upload
HIGH 8.8 2025-11-08
burhandodhy Smart Auto Upload Images – Import External Images
CVE NVD
CVE-2025-12193
Mang Board WP <= 2.3.1 - Reflected Cross-Site Scripting
MEDIUM 6.1 2025-11-08
kitae-park Mang Board WP
CVE NVD
CVE-2025-11972
Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.0 - Authenticated (Editor+) SQL Injection
MEDIUM 4.9 2025-11-08
stevejburge Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI
CVE NVD
CVE-2025-7663
Ovatheme Events Manager <= 1.8.6 - Missing Authorization
MEDIUM 6.5 2025-11-08
ovatheme Ovatheme Events Manager
CVE NVD
CVE-2025-12353
WPFunnels <= 3.6.2 - Unauthorized User Registration
MEDIUM 5.3 2025-11-08
getwpfunnels Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels
CVE NVD
CVE-2025-12042
Course Booking System <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export
MEDIUM 5.3 2025-11-08
werbeagenturcommotion Course Booking System
CVE NVD
CVE-2025-12064
WP2Social Auto Publish <= 2.4.7 - Reflected Cross-Site Scripting via PostMessage
MEDIUM 6.1 2025-11-08
f1logic WP2Social Auto Publish
CVE NVD
CVE-2025-12177
Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key
MEDIUM 5.3 2025-11-08
codename065 Download Manager
CVE NVD