NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-14068	The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 0.6.3 d...	2025-12-12	7.5	NETWORK	HIGH	NVD
CVE-2025-13660	The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin expos...	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-12655	The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up ...	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-12570	The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including...	2025-12-12	7.2	NETWORK	HIGH	NVD
CVE-2025-67725	Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can bloc...	2025-12-12	7.5	NETWORK	HIGH	NVD
CVE-2025-67724	Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HT...	2025-12-12	5.4	NETWORK	MEDIUM	NVD
CVE-2025-67508	gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such...	2025-12-12	N/A	None	None	NVD
CVE-2025-10684	The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticat...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-66492	Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5...	2025-12-12	8.2	NETWORK	HIGH	NVD
CVE-2025-66284	Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSes...	2025-12-12	4.8	NETWORK	MEDIUM	NVD
CVE-2025-65120	Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupS...	2025-12-12	5.1	NETWORK	MEDIUM	NVD
CVE-2025-64781	In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page displa...	2025-12-12	5.1	NETWORK	MEDIUM	NVD
CVE-2025-62192	SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior...	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-61987	GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins ...	2025-12-12	6.9	NETWORK	MEDIUM	NVD
CVE-2025-61950	In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some c...	2025-12-12	5.3	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.