快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 354228
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-64262 |
WordPress Auto Prune Posts plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
|
MEDIUM | 6.5 | 2025-11-13 |
ramon fincken Auto Prune Posts
|
CVE NVD | |
| CVE-2025-64261 |
WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability
|
MEDIUM | 6.5 | 2025-11-13 |
codepeople Appointment Booking Calendar
|
CVE NVD | |
| CVE-2025-64259 |
WordPress Theater for WordPress plugin <= 0.18.8 - Broken Access Control vulnerability
|
MEDIUM | 6.5 | 2025-11-13 |
Jeroen Schmit Theater for WordPress
|
CVE NVD | |
| CVE-2025-7704 |
Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability
|
MEDIUM | 5.4 | 2025-11-13 |
SMCI SYS-111C-NR
|
CVE NVD | |
| CVE-2025-11769 |
WordPress Content Flipper <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-13 |
aumsrini WordPress Content Flipper
|
CVE NVD | |
| CVE-2025-11260 |
WP Headless CMS Framework <= 1.15 - Unauthenticated Protection Mechanism Bypass
|
MEDIUM | 5.3 | 2025-11-13 |
benmoody WP Headless CMS Framework
|
CVE NVD | |
| CVE-2025-10295 |
Angel – Fashion Model Agency WordPress CMS Theme <= 3.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-13 |
kayapati Angel – Fashion Model Agency WordPress CMS Theme
|
CVE NVD | |
| CVE-2025-8397 |
Save as PDF Button <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via restpackpdfbutton Shortcode
|
MEDIUM | 6.4 | 2025-11-13 |
restpack Save as PDF Button
|
CVE NVD | |
| CVE-2025-12015 |
Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Afosto Disconnect
|
MEDIUM | 4.3 | 2025-11-13 |
sanderkah Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed
|
CVE NVD | |
| CVE-2025-12844 |
AI Engine <= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization
|
HIGH | 7.1 | 2025-11-13 |
tigroumeow AI Engine
|
CVE NVD | |
| CVE-2025-12681 |
Comment Edit Core – Simple Comment Editing <= 3.1.0 - Unauthenticated Sensitive Information Exposure
|
MEDIUM | 5.3 | 2025-11-13 |
ronalfy Comment Edit Core – Simple Comment Editing
|
CVE NVD | |
| CVE-2025-12620 |
Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 6.0.7 - Authenticated (Administrator+) SQL Injection via `filterbyauthor` Parameter
|
MEDIUM | 4.9 | 2025-11-13 |
ays-pro Poll Maker – Versus Polls, Anonymous Polls, Image Polls
|
CVE NVD | |
| CVE-2025-12891 |
Survey Maker <= 5.1.9.4 - Missing Authorization to Unauthenticated Information Exposure
|
MEDIUM | 5.3 | 2025-11-13 |
ays-pro Survey Maker
|
CVE NVD | |
| CVE-2025-11923 |
LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes - Various Versions - Authenticated (Student+) Privilege Escalation
|
HIGH | 8.8 | 2025-11-13 |
chrisbadgett LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes
|
CVE NVD | |
| CVE-2025-12536 |
SureForms <= 1.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure
|
MEDIUM | 5.3 | 2025-11-13 |
brainstormforce SureForms – Contact Form, Custom Form Builder, Calculator & More
|
CVE NVD | |
| CVE-2025-12733 |
Import any XML, CSV or Excel File to WordPress (WP All Import) <= 3.9.6 - Authenticated (Administrator+) Remote Code Execution via Conditional Logic
|
HIGH | 8.8 | 2025-11-13 |
wpallimport Import any XML, CSV or Excel File to WordPress
|
CVE NVD | |
| CVE-2025-12892 |
Survey Maker <= 5.1.9.4 - Missing Authorization Unauthenticated Limited Option Update
|
MEDIUM | 5.3 | 2025-11-13 |
ays-pro Survey Maker
|
CVE NVD | |
| CVE-2025-12979 |
Welcart e-Commerce <= 2.11.24 - Missing Authorization to Unauthenticated Information Exposure
|
MEDIUM | 5.3 | 2025-11-13 |
uscnanbu Welcart e-Commerce
|
CVE NVD | |
| CVE-2025-12366 |
Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object Reference
|
MEDIUM | 4.3 | 2025-11-13 |
softaculous Page Builder: Pagelayer – Drag and Drop website builder
|
CVE NVD | |
| CVE-2025-12089 |
Data Tables Generator by Supsystic <= 1.10.45 - Authenticated (Admin+) Arbitrary File Deletion
|
MEDIUM | 6.5 | 2025-11-13 |
supsysticcom Data Tables Generator by Supsystic
|
CVE NVD |