NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-14062	The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery via the 'marquee' parameter in all versions up to,...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14048	The SimplyConvert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplyconvert_hash' option in all versions up to, and inc...	2025-12-12	4.4	NETWORK	MEDIUM	NVD
CVE-2025-14045	The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url_media_uploade...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14044	The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.3 via deserialization of u...	2025-12-12	8.1	NETWORK	HIGH	NVD
CVE-2025-14035	The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color options in the plugin settings in all versions up to,...	2025-12-12	4.4	NETWORK	MEDIUM	NVD
CVE-2025-14032	The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'bold_timeline_group' shortc...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13989	The WP Dropzone plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callback' shortcode attribute in all versions up to, and in...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13988	The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and incl...	2025-12-12	6.1	NETWORK	MEDIUM	NVD
CVE-2025-13987	The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-13975	The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_token' and 'roomid' settings in all ve...	2025-12-12	4.4	NETWORK	MEDIUM	NVD
CVE-2025-13972	The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht_download_big_object_origin' parameter in all versions up to, a...	2025-12-12	4.9	NETWORK	MEDIUM	NVD
CVE-2025-13971	The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and inclu...	2025-12-12	4.4	NETWORK	MEDIUM	NVD
CVE-2025-13969	The Reviews Sorted plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'space' parameter of the [reviews-slider] shortcode in al...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13966	The Paypal Payment Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttom_image' parameter of the [paypal-shortco...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13963	The FX Currency Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fxcc_convert' shortcode in all versions ...	2025-12-12	6.4	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.