快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 352348
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-1097 |
ThemeRuby Multi Authors <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' and 'after' Shortcode Attributes
|
MEDIUM | 6.4 | 2026-01-24 |
themeruby ThemeRuby Multi Authors – Assign Multiple Writers to Posts
|
CVE NVD | |
| CVE-2025-14941 |
GZSEO <= 2.0.11 - Authenticated (Contributor+) Authorization Bypass to Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2026-01-24 |
aminhashemy GZSEO
|
CVE NVD | |
| CVE-2026-1084 |
Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields
|
MEDIUM | 4.4 | 2026-01-24 |
lovor Cookie consent for developers
|
CVE NVD | |
| CVE-2025-14843 |
Wizit Gateway for WooCommerce <= 1.2.9 - Missing Authentication to Unauthenticated Arbitrary Order Cancellation
|
MEDIUM | 5.3 | 2026-01-24 |
wizit Wizit Gateway for WooCommerce
|
CVE NVD | |
| CVE-2026-1075 |
ZT Captcha <= 1.0.4 - Cross-Site Request Forgery to Settings Update
|
MEDIUM | 4.3 | 2026-01-24 |
teamzt ZT Captcha
|
CVE NVD | |
| CVE-2026-1081 |
Set Bulk Post Categories <= 1.1 - Cross-Site Request Forgery to Bulk Post Category Update
|
MEDIUM | 4.3 | 2026-01-24 |
sauravrox Set Bulk Post Categories
|
CVE NVD | |
| CVE-2025-14629 |
Alchemist Ajax Upload <= 1.1 - Missing Authorization to Unauthenticated Arbitrary Media File Deletion
|
MEDIUM | 5.3 | 2026-01-24 |
tandubhai Alchemist Ajax Upload
|
CVE NVD | |
| CVE-2026-1103 |
AIKTP <= 5.0.04 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions
|
MEDIUM | 5.4 | 2026-01-24 |
aiktp AIKTP
|
CVE NVD | |
| CVE-2025-14985 |
Alpha Blocks <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alpha_block_css' Post Meta
|
MEDIUM | 6.4 | 2026-01-24 |
robiulawal40 Alpha Blocks
|
CVE NVD | |
| CVE-2025-14797 |
Same Category Posts <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder
|
MEDIUM | 5.4 | 2026-01-24 |
kometschuh Same Category Posts
|
CVE NVD | |
| CVE-2026-1095 |
Canto Testimonials <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fx' Shortcode Attribute
|
MEDIUM | 6.4 | 2026-01-24 |
cantothemes Canto Testimonials
|
CVE NVD | |
| CVE-2026-0806 |
WP-ClanWars <= 2.0.1 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter
|
MEDIUM | 4.9 | 2026-01-24 |
andddd WP-ClanWars
|
CVE NVD | |
| CVE-2025-13374 |
Kalrav AI Agent <= 2.3.3 - Unauthenticated Arbitrary File Upload via kalrav_upload_file AJAX Action
|
CRITICAL | 9.8 | 2026-01-24 |
irisideatechsolutions Kalrav AI Agent
|
CVE NVD | |
| CVE-2026-1076 |
Star Review Manager <= 1.2.2 - Cross-Site Request Forgery to Settings Update
|
MEDIUM | 4.3 | 2026-01-24 |
bramdnl Star Review Manager
|
CVE NVD | |
| CVE-2025-14906 |
WP Youtube Video Gallery <= 1.0 - Cross-Site Request Forgery to Plugin Settings Update
|
MEDIUM | 4.3 | 2026-01-24 |
waqasvickey0071 WP Youtube Video Gallery
|
CVE NVD | |
| CVE-2025-12836 |
VK Google Job Posting Manager <= 1.2.20 - Authenticated (Author+) Stored Cross-Site Scripting via Job Description Field
|
MEDIUM | 6.4 | 2026-01-24 |
vektor-inc VK Google Job Posting Manager
|
CVE NVD | |
| CVE-2026-0807 |
Frontis Blocks <= 1.1.6 - Unauthenticated Server-Side Request Forgery via 'url' Parameter
|
HIGH | 7.2 | 2026-01-24 |
wpmessiah Frontis Blocks — Block Library for the Block Editor
|
CVE NVD | |
| CVE-2026-1070 |
Alex User Counter <= 6.0 - Cross-Site Request Forgery to Settings Update
|
MEDIUM | 4.3 | 2026-01-24 |
adzbierajewski Alex User Counter
|
CVE NVD | |
| CVE-2025-14903 |
Simple Crypto Shortcodes <= 1.0.2 - Cross-Site Request Forgery to Plugin Settings Update
|
MEDIUM | 4.3 | 2026-01-24 |
stefanristic Simple Crypto Shortcodes
|
CVE NVD | |
| CVE-2026-1257 |
Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute
|
HIGH | 7.5 | 2026-01-24 |
shazdeh Administrative Shortcodes
|
CVE NVD |