快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 356770
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-12671 |
WP-Iconics <= 0.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-11 |
mrx3k1 WP-Iconics
|
CVE NVD | |
| CVE-2025-11869 |
Precise Columns <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-11 |
simonpedge Precise Columns
|
CVE NVD | |
| CVE-2025-12526 |
Private Google Calendars <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
|
MEDIUM | 4.3 | 2025-11-11 |
michielve Private Google Calendars
|
CVE NVD | |
| CVE-2025-11828 |
Magazine Companion <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-11 |
pubudu-malalasekara Magazine Companion
|
CVE NVD | |
| CVE-2025-12753 |
Chart Expert <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
|
MEDIUM | 6.4 | 2025-11-11 |
sagortouch Chart Expert
|
CVE NVD | |
| CVE-2025-11170 |
WP移行専用プラグイン for CPI <= 1.0.2 - Unauthenticated Arbitrary File Upload
|
CRITICAL | 9.8 | 2025-11-11 |
kddiwebcommunications WP移行専用プラグイン for CPI
|
CVE NVD | |
| CVE-2025-12711 |
Share to Google Classroom <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via share_to_google Shortcode
|
MEDIUM | 6.4 | 2025-11-11 |
pritenhshah Share to Google Classroom
|
CVE NVD | |
| CVE-2025-12813 |
Holiday class post calendar <= 7.1 - Unauthenticated Remote Code Execution via 'contents'
|
CRITICAL | 9.8 | 2025-11-11 |
strix-bubol5 Holiday class post calendar
|
CVE NVD | |
| CVE-2025-11457 |
EasyCommerce – AI-Powered, Blazing-Fast & Beautiful WordPress Ecommerce Plugin 0.9.0-beta2 - 1.5.0 - Unauthenticated Privilege Escalation
|
CRITICAL | 9.8 | 2025-11-11 |
easycommerce EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin
|
CVE NVD | |
| CVE-2025-11856 |
Eventbee Ticketing Widget <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-11 |
eventbee Eventbee Ticketing Widget
|
CVE NVD | |
| CVE-2025-12590 |
YSlider <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-11-11 |
andreaferracani YSlider
|
CVE NVD | |
| CVE-2025-12021 |
WP-OAuth <= 0.4.1 - Reflected Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-11-11 |
hectavex WP-OAuth
|
CVE NVD | |
| CVE-2025-12588 |
USB Qr Code Scanner For Woocommerce <= 1.0.0 - Cross-Site Request Forgery to Settings Update
|
MEDIUM | 4.3 | 2025-11-11 |
behzadrohizadeh USB Qr Code Scanner For Woocommerce
|
CVE NVD | |
| CVE-2025-12020 |
Double the Donation <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
|
MEDIUM | 4.9 | 2025-11-11 |
kanwei_doublethedonation Double the Donation – A workplace giving tool
|
CVE NVD | |
| CVE-2025-12132 |
WP Custom Admin Login Page Logo <= 1.4.8.4 - Cross-Site Request Forgery to Settings Update
|
MEDIUM | 4.3 | 2025-11-11 |
larsactionhero WP Custom Admin Login Page Logo
|
CVE NVD | |
| CVE-2025-12589 |
WP-Walla <= 0.5.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-11-11 |
baronen WP-Walla
|
CVE NVD | |
| CVE-2025-12672 |
Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-11 |
nuvuscripts Flickr Show
|
CVE NVD | |
| CVE-2025-11997 |
Document Pro Elementor – Documentation & Knowledge Base <= 1.0.9 - Unauthenticated Information Exposure
|
MEDIUM | 5.3 | 2025-11-11 |
ngothoai Document Pro Elementor – Documentation & Knowledge Base
|
CVE NVD | |
| CVE-2025-11451 |
Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read
|
HIGH | 7.5 | 2025-11-11 |
miunosoft Auto Amazon Links – Amazon Associates Affiliate Plugin
|
CVE NVD | |
| CVE-2025-12010 |
Authors List <= 2.0.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Limited Method Call in Plugin's Shortcode
|
MEDIUM | 6.5 | 2025-11-11 |
wpkube Authors List
|
CVE NVD |