NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-13408	The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in a...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-13366	The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or ...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-13363	The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing non...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-13334	The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the ...	2025-12-12	8.1	NETWORK	HIGH	NVD
CVE-2025-13320	The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insuffi...	2025-12-12	6.8	NETWORK	MEDIUM	NVD
CVE-2025-13314	The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification o...	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-12968	The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all vers...	2025-12-12	8.8	NETWORK	HIGH	NVD
CVE-2025-12963	The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for WordPress is vulnerable to privilege escalation via ac...	2025-12-12	9.8	NETWORK	CRITICAL	NVD
CVE-2025-12883	The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment Bypass in all versions up to, and including, 1.2....	2025-12-12	5.3	NETWORK	MEDIUM	NVD
CVE-2025-12834	The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failure_message' paramet...	2025-12-12	6.1	NETWORK	MEDIUM	NVD
CVE-2025-12830	The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Slider widget in all versions up to, and includi...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-12824	The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.2 via the 'player_leaderbo...	2025-12-12	8.8	NETWORK	HIGH	NVD
CVE-2025-12783	The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ...	2025-12-12	4.3	NETWORK	MEDIUM	NVD
CVE-2025-12650	The Simple post listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_name' parameter in the postlist shortcode in ...	2025-12-12	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13886	The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'template' parameter i...	2025-12-12	7.5	NETWORK	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.