精确匹配,速度快(10-50ms)
常用厂商: microsoft cisco google apple oracle
10-50ms
示例: microsoft sql_server cisco ios apache http_server
漏洞列表 352999
CVE ID 标题 严重程度 CVSS 发布时间 受影响产品 数据源 操作
CVE-2025-12783
Premmerce Brands for WooCommerce <= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update
MEDIUM 4.3 2025-12-12
premmerce Premmerce Brands for WooCommerce
CVE NVD
CVE-2025-14044
Visitor Logic Lite <= 1.0.3 - Unauthenticated PHP Object Injection via 'lpblocks' Cookie
HIGH 8.1 2025-12-12
rodgerholl Visitor Logic Lite
CVE NVD
CVE-2025-14166
WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection
MEDIUM 5.3 2025-12-12
ludwigyou WPMasterToolKit (WPMTK) – All in one plugin
CVE NVD
CVE-2025-14119
App Landing Template Blocks for WPBakery Page Builder <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
MEDIUM 6.4 2025-12-12
themebon App Landing Template Blocks for WPBakery (Visual Composer) Page Builder
CVE NVD
CVE-2025-14158
Coding Blocks <= 1.1.0 - Cross-Site Request Forgery to Settings Update
MEDIUM 4.3 2025-12-12
octagonsimon Coding Blocks
CVE NVD
CVE-2025-13904
WPGancio <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
MEDIUM 6.4 2025-12-12
lesion WPGancio
CVE NVD
CVE-2025-14045
URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload
MEDIUM 4.3 2025-12-12
apprhyme URL Media Uploader
CVE NVD
CVE-2025-12968
Infility Global <= 2.14.23 - Authenticated (Subscriber+) Arbitrary File Upload
HIGH 8.8 2025-12-12
infility Infility Global
CVE NVD
CVE-2025-12824
Player Leaderboard 1.0.0 - 1.0.2 - Authenticated (Contributor+) Local File Inclusion
HIGH 8.8 2025-12-12
tharkun69 Player Leaderboard
CVE NVD
CVE-2025-13408
Foxtool All-in-One: Contact chat button, Custom login, Media optimize images <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection
MEDIUM 4.3 2025-12-12
foxtheme Foxtool All-in-One: Contact chat button, Custom login, Media optimize images
CVE NVD
CVE-2025-14344
Multi Uploader for Gravity Forms <= 1.1.7 - Unauthenticated Arbitrary File Deletion
CRITICAL 9.8 2025-12-12
sh1zen Multi Uploader for Gravity Forms
CVE NVD
CVE-2025-12883
Campay Woocommerce Payment Gateway <= 1.2.2 - Unauthenticated Payment Bypass
MEDIUM 5.3 2025-12-12
campay Campay Woocommerce Payment Gateway
CVE NVD
CVE-2025-14048
SimplyConvert <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'simplyconvert_hash' Option
MEDIUM 4.4 2025-12-12
jonahsc SimplyConvert
CVE NVD
CVE-2025-14129
Like DisLike Voting <= 1.0.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
MEDIUM 6.1 2025-12-12
wasiul99 Like DisLike Voting
CVE NVD
CVE-2025-13989
WP Dropzone <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'callback' Shortcode Attribute
MEDIUM 6.4 2025-12-12
nazsabuz WP Dropzone
CVE NVD
CVE-2025-14125
Complag <= 1.0.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
MEDIUM 6.1 2025-12-12
andru1 Complag
CVE NVD
CVE-2025-14393
Wpik WordPress Basic Ajax Form <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
MEDIUM 6.4 2025-12-12
awanhrp Wpik WordPress Basic Ajax Form
CVE NVD
CVE-2025-14143
Ayo Shortcodes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute
MEDIUM 6.4 2025-12-12
ayothemes Ayo Shortcodes
CVE NVD
CVE-2025-13972
WatchTowerHQ <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter
MEDIUM 4.9 2025-12-12
watchtowerhq WatchTowerHQ
CVE NVD
CVE-2025-14064
BuddyTask <= 1.3.0 - Missing Authorization to Authenticated (Subscriber+) Cross-Group Task Board Access and Manipulation
MEDIUM 6.5 2025-12-12
cytechltd BuddyTask
CVE NVD