快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 354299
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-12913 |
code-projects Responsive Hotel Site roomdel.php sql injection
|
MEDIUM | 5.1 | 2025-11-08 |
code-projects Responsive Hotel Site
fabian responsive_hotel_site
|
CVE NVD | |
| CVE-2025-12399 |
Alex Reservations: Smart Restaurant Booking <= 2.2.3 - Authenticated (Admin+) Arbitrary File Upload
|
HIGH | 7.2 | 2025-11-08 |
alexreservations Alex Reservations: Smart Restaurant Booking
|
CVE NVD | |
| CVE-2025-11967 |
Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload
|
HIGH | 7.2 | 2025-11-08 |
getwpfunnels Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more
|
CVE NVD | |
| CVE-2025-11448 |
Gallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery Conversion
|
MEDIUM | 4.3 | 2025-11-08 |
smub Gallery Plugin for WordPress – Envira Photo Gallery
|
CVE NVD | |
| CVE-2025-12837 |
aThemes Addons for Elementor <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget
|
MEDIUM | 6.4 | 2025-11-08 |
smub aThemes Addons for Elementor
|
CVE NVD | |
| CVE-2025-12643 |
Saphali LiqPay for donate <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
|
MEDIUM | 6.4 | 2025-11-08 |
saphali Saphali LiqPay for donate
|
CVE NVD | |
| CVE-2025-11980 |
Quick Featured Images <= 13.7.3 - Authenticated (Editor+) SQL Injection via delete_orphaned
|
MEDIUM | 4.9 | 2025-11-08 |
kybernetikservices Quick Featured Images
|
CVE NVD | |
| CVE-2025-12092 |
CYAN Backup <= 2.5.4 - Authenticated (Admin+) Arbitrary File Deletion
|
MEDIUM | 6.5 | 2025-11-08 |
gregross CYAN Backup
|
CVE NVD | |
| CVE-2025-12098 |
Academy LMS Pro <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'
|
MEDIUM | 5.3 | 2025-11-08 |
academylms Academy LMS Pro
|
CVE NVD | |
| CVE-2025-12099 |
Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection via 'import_all_courses'
|
HIGH | 7.2 | 2025-11-08 |
academylms Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
|
CVE NVD | |
| CVE-2025-12621 |
Flexible Refund and Return Order for WooCommerce <= 1.0.42 - Incorrect Authorization to Authenticated (Contributor+) Refund Status Update
|
MEDIUM | 5.3 | 2025-11-08 |
wpdesk Flexible Refund and Return Order for WooCommerce
|
CVE NVD | |
| CVE-2025-12498 |
EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation
|
MEDIUM | 4.3 | 2025-11-08 |
metagauss EventPrime – Events Calendar, Bookings and Tickets
|
CVE NVD | |
| CVE-2025-9334 |
Better Find and Replace <= 1.7.7 - Authenticated (Subscriber+) Limited Code Injection
|
HIGH | 8.8 | 2025-11-08 |
codesolz Better Find and Replace – AI-Powered Suggestions
|
CVE NVD | |
| CVE-2025-12125 |
HTML Forms <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting
|
MEDIUM | 4.4 | 2025-11-08 |
linksoftware HTML Forms – Simple WordPress Forms Plugin
|
CVE NVD | |
| CVE-2025-12112 |
Insert Headers and Footers Code – HT Script <= 1.1.6 - Authenticated (Author+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-08 |
htplugins Insert Headers and Footers Code – HT Script
|
CVE NVD | |
| CVE-2025-12000 |
WPFunnels <= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal
|
MEDIUM | 6.5 | 2025-11-08 |
getwpfunnels Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels
|
CVE NVD | |
| CVE-2025-11748 |
Groups <= 3.7.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Group Join
|
MEDIUM | 4.3 | 2025-11-08 |
itthinx Groups
|
CVE NVD | |
| CVE-2025-12161 |
Smart Auto Upload Images <= 1.2.0 - Authenticated (Contributor+) Arbitrary File Upload
|
HIGH | 8.8 | 2025-11-08 |
burhandodhy Smart Auto Upload Images – Import External Images
|
CVE NVD | |
| CVE-2025-12193 |
Mang Board WP <= 2.3.1 - Reflected Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-11-08 |
kitae-park Mang Board WP
|
CVE NVD | |
| CVE-2025-11972 |
Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.0 - Authenticated (Editor+) SQL Injection
|
MEDIUM | 4.9 | 2025-11-08 |
stevejburge Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI
|
CVE NVD |