NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-12717	The List Attachments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before_list' parameter in the [list-attachme...	2025-12-06	6.4	NETWORK	MEDIUM	NVD
CVE-2025-12715	The Canadian Nutrition Facts Label plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'percentage' field in the Nutrition Label...	2025-12-06	6.4	NETWORK	MEDIUM	NVD
CVE-2025-12673	The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_qr_code() fu...	2025-12-06	9.8	NETWORK	CRITICAL	NVD
CVE-2025-12577	The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing...	2025-12-06	4.3	NETWORK	MEDIUM	NVD
CVE-2025-12574	The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capabil...	2025-12-06	4.3	NETWORK	MEDIUM	NVD
CVE-2025-12091	The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabilit...	2025-12-06	4.3	NETWORK	MEDIUM	NVD
CVE-2025-13922	The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'exis...	2025-12-06	6.5	NETWORK	MEDIUM	NVD
CVE-2025-13292	A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to ...	2025-12-06	7.6	NETWORK	HIGH	NVD
CVE-2025-12505	The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not prope...	2025-12-06	5.4	NETWORK	MEDIUM	NVD
CVE-2025-12510	The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 13.2.4 due to i...	2025-12-06	7.2	NETWORK	HIGH	NVD
CVE-2025-11263	The Link Whisper Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the type parameter in all versions up to, and including...	2025-12-06	6.1	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.