NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-65120	Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupS...	2025-12-12	5.1	NETWORK	MEDIUM	NVD
CVE-2025-64781	In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page displa...	2025-12-12	5.1	NETWORK	MEDIUM	NVD
CVE-2025-62192	SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior...	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-61987	GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins ...	2025-12-12	6.9	NETWORK	MEDIUM	NVD
CVE-2025-61950	In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some c...	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-58576	Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSessi...	2025-12-12	5.1	NETWORK	MEDIUM	NVD
CVE-2025-57883	Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupS...	2025-12-12	5.1	NETWORK	MEDIUM	NVD
CVE-2025-54407	Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSess...	2025-12-12	5.1	NETWORK	MEDIUM	NVD
CVE-2025-53523	Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSes...	2025-12-12	4.8	NETWORK	MEDIUM	NVD
CVE-2025-14467	The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.3.9. This is due to the pl...	2025-12-12	4.4	NETWORK	MEDIUM	NVD
CVE-2025-14393	The Wpik WordPress Basic Ajax Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dname' parameter in all versions up to, ...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-14392	The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user_theme_a...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14391	The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missin...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14354	The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. T...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14344	The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pl...	2025-12-12	9.8	NETWORK	CRITICAL	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.