快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 350844
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-14478 |
Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload
|
HIGH | 7.5 | 2026-01-17 |
kraftplugins Demo Importer Plus
|
CVE NVD | |
| CVE-2025-12129 |
CubeWP – All-in-One Dynamic Content Framework <= 1.1.27 - Unauthenticated Information Exposure
|
MEDIUM | 5.3 | 2026-01-17 |
cubewp1211 CubeWP Framework
|
CVE NVD | |
| CVE-2026-0808 |
Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter
|
MEDIUM | 5.3 | 2026-01-17 |
bdthemes Spin Wheel – Interactive spinning wheel that offers coupons
|
CVE NVD | |
| CVE-2026-0691 |
CM E-Mail Blacklist <= 1.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'black_email' Parameter
|
MEDIUM | 4.4 | 2026-01-17 |
creativemindssolutions CM E-Mail Blacklist – Simple email filtering for safer registration
|
CVE NVD | |
| CVE-2025-12984 |
Advanced Ads – Ad Manager & AdSense <= 2.0.15 - Authenticated (Admin+) SQL Injection
|
MEDIUM | 4.9 | 2026-01-17 |
monetizemore Advanced Ads – Ad Manager & AdSense
|
CVE NVD | |
| CVE-2026-0833 |
Team Section Block <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Network Link
|
MEDIUM | 6.4 | 2026-01-17 |
bplugins Team Section Block – Showcase Team Members with Layout Options
|
CVE NVD | |
| CVE-2025-12825 |
User Registration Using Contact Form 7 <= 2.5 - Authenticated (Subscriber+) Information Exposure
|
MEDIUM | 5.3 | 2026-01-17 |
zealopensource User Registration Using Contact Form 7
|
CVE NVD | |
| CVE-2025-12168 |
Phrase TMS Integration for WordPress <= 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Log Deletion
|
MEDIUM | 4.3 | 2026-01-17 |
memsource Phrase TMS Integration for WordPress
|
CVE NVD | |
| CVE-2025-14029 |
Community Events <= 1.5.6 - Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' Parameter
|
MEDIUM | 5.3 | 2026-01-17 |
jackdewey Community Events
|
CVE NVD | |
| CVE-2025-14463 |
Payment Button for PayPal <= 1.2.3.41 - Missing Authorization to Unauthenticated Arbitrary Order Creation
|
MEDIUM | 5.3 | 2026-01-17 |
naa986 Payment Button for PayPal
|
CVE NVD | |
| CVE-2025-13725 |
Gutenberg Thim Blocks <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter
|
MEDIUM | 6.5 | 2026-01-17 |
thimpress Thim Blocks
|
CVE NVD | |
| CVE-2026-0682 |
Church Admin <= 5.0.28 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'audio_url' Parameter
|
LOW | 2.2 | 2026-01-17 |
andy_moyle Church Admin
|
CVE NVD | |
| CVE-2026-0820 |
RepairBuddy <= 4.1116 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Signature Upload to Orders
|
MEDIUM | 5.3 | 2026-01-17 |
sweetdaisy86 RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress
|
CVE NVD | |
| CVE-2025-12002 |
Feeds for YouTube Pro <= 2.6.0 - Unauthenticated Arbitrary File Read via Path Traversal
|
MEDIUM | 5.9 | 2026-01-17 |
Awesome Motive YouTube Feed Pro
|
CVE NVD | |
| CVE-2025-12718 |
Quick Contact Form <= 8.2.6 - Unauthenticated Open Mail Relay
|
MEDIUM | 5.8 | 2026-01-17 |
saadiqbal Quick Contact Form
|
CVE NVD | |
| CVE-2025-14632 |
Filr – Secure document library <= 1.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via HTML Upload
|
MEDIUM | 4.4 | 2026-01-17 |
wpchill Filr – Secure document library
|
CVE NVD | |
| CVE-2025-15403 |
RegistrationMagic <= 6.0.7.1 - Privilege Escalation via admin_order
|
CRITICAL | 9.8 | 2026-01-17 |
metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
|
CVE NVD | |
| CVE-2025-14450 |
Wallet System for WooCommerce <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulation
|
MEDIUM | 6.5 | 2026-01-17 |
wpswings Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments
|
CVE NVD | |
| CVE-2025-14075 |
WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter
|
MEDIUM | 5.3 | 2026-01-17 |
thimpress WP Hotel Booking
|
CVE NVD | |
| CVE-2026-0519 |
Information Disclosure in Secure Access Between 12.70 and 14.20
|
MEDIUM | 4.6 | 2026-01-17 |
Absolute Security Secure Access
|
CVE NVD |