NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-14170	The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing ...	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-14166	The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin a...	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-14165	The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. ...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14162	The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missi...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14161	The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing ...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14160	The Upcoming for Calendly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14158	The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14143	The Ayo Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' parameter of the ayo_action shortcode in all vers...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-14138	The WPLG Default Mail From plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all version...	2025-12-12	6.1	NETWORK	MEDIUM	NVD
CVE-2025-14137	The Simple AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up t...	2025-12-12	6.1	NETWORK	MEDIUM	NVD
CVE-2025-14132	The Category Dropdown List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all version...	2025-12-12	6.1	NETWORK	MEDIUM	NVD
CVE-2025-14129	The Like DisLike Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions u...	2025-12-12	6.1	NETWORK	MEDIUM	NVD
CVE-2025-14125	The Complag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and in...	2025-12-12	6.1	NETWORK	MEDIUM	NVD
CVE-2025-14119	The App Landing Template Blocks for WPBakery (Visual Composer) Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-14064	The BuddyTask plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple AJAX en...	2025-12-12	6.5	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.