NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-14397	The Postem Ipsum plugin for WordPress is vulnerable to unauthorized modification of data to Privilege Escalation due to a missing capability check on ...	2025-12-13	8.8	NETWORK	HIGH	NVD
CVE-2025-14395	The Popover Windows plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax actions...	2025-12-13	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14394	The Popover Windows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or ...	2025-12-13	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14378	The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 ...	2025-12-13	4.4	NETWORK	MEDIUM	NVD
CVE-2025-14367	The Easy Theme Options plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0. This is due to missing a...	2025-12-13	5.3	NETWORK	MEDIUM	NVD
CVE-2025-14366	The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to ...	2025-12-13	5.3	NETWORK	MEDIUM	NVD
CVE-2025-14365	The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to ...	2025-12-13	5.3	NETWORK	MEDIUM	NVD
CVE-2025-14288	The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is ...	2025-12-13	4.3	NETWORK	MEDIUM	NVD
CVE-2025-14278	The HT Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slide_title' parameter in all versions up to, a...	2025-12-13	6.4	NETWORK	MEDIUM	NVD
CVE-2025-14056	The Custom Post Type UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'label' parameter during custom post type import in ...	2025-12-13	4.4	NETWORK	MEDIUM	NVD
CVE-2025-14050	The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import in all versions up to, and including, 2.2 due to insu...	2025-12-13	4.9	NETWORK	MEDIUM	NVD
CVE-2025-13705	The Custom Frames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter of the 'customframe' shortcode in all ve...	2025-12-13	6.4	NETWORK	MEDIUM	NVD
CVE-2025-13403	The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to...	2025-12-13	5.3	NETWORK	MEDIUM	NVD
CVE-2025-13094	The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_import_fil...	2025-12-13	8.8	NETWORK	HIGH	NVD
CVE-2025-13093	The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missin...	2025-12-13	5.3	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.