NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-14050	The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import in all versions up to, and including, 2.2 due to insu...	2025-12-13	4.9	NETWORK	MEDIUM	NVD
CVE-2025-13705	The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all ve...	2025-12-13	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13403	The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to...	2025-12-13	5.3	NETWORK	MEDIUM	NVD
CVE-2025-13094	The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_import_fil...	2025-12-13	8.8	NETWORK	HIGH	NVD
CVE-2025-13093	The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missin...	2025-12-13	5.3	NETWORK	MEDIUM	NVD
CVE-2025-13092	The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized access of data due to a missing capa...	2025-12-13	5.3	NETWORK	MEDIUM	NVD
CVE-2025-13089	The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hide_fields' and the 'attr_search' parameter in all versions up to, ...	2025-12-13	7.5	NETWORK	HIGH	NVD
CVE-2025-13077	The افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'col...	2025-12-13	7.5	NETWORK	HIGH	NVD
CVE-2025-12512	The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and ...	2025-12-13	4.3	NETWORK	MEDIUM	NVD
CVE-2025-12362	The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization...	2025-12-13	5.3	NETWORK	MEDIUM	NVD
CVE-2025-12109	The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script...	2025-12-13	6.4	NETWORK	MEDIUM	NVD
CVE-2025-12077	The WP to LinkedIn Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and includ...	2025-12-13	6.1	NETWORK	MEDIUM	NVD
CVE-2025-12076	The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, an...	2025-12-13	6.1	NETWORK	MEDIUM	NVD
CVE-2025-11970	The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking \| SEO Optimized \| Fully Automated plugin for WordPress is vulnerable...	2025-12-13	4.4	NETWORK	MEDIUM	NVD
CVE-2025-11707	The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unbl...	2025-12-13	5.3	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.