NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-58576	Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSessi...	2025-12-12	5.1	NETWORK	MEDIUM	NVD
CVE-2025-57883	Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupS...	2025-12-12	5.1	NETWORK	MEDIUM	NVD
CVE-2025-54407	Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSess...	2025-12-12	5.1	NETWORK	MEDIUM	NVD
CVE-2025-53523	Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSes...	2025-12-12	4.8	NETWORK	MEDIUM	NVD
CVE-2025-14467	The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.3.9. This is due to the pl...	2025-12-12	4.4	NETWORK	MEDIUM	NVD
CVE-2025-14393	The Wpik WordPress Basic Ajax Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dname' parameter in all versions up to, ...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-14392	The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user_theme_a...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14391	The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missin...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14354	The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. T...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14344	The Multi Uploader for Gravity Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'pl...	2025-12-12	9.8	NETWORK	CRITICAL	NVD
CVE-2025-14170	The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing ...	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-14166	The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.13.0. This is due to the plugin a...	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-14165	The Kirim.Email WooCommerce Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9. ...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14162	The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missi...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14161	The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing ...	2025-12-12	4.3	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.