NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-63070	Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager download-manager allows Retrieve...	2025-12-09	4.3	NETWORK	MEDIUM	NVD
CVE-2025-63069	Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Le...	2025-12-09	5.3	NETWORK	MEDIUM	NVD
CVE-2025-63068	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contac...	2025-12-09	5.3	NETWORK	MEDIUM	NVD
CVE-2025-63067	Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Contro...	2025-12-09	4.3	NETWORK	MEDIUM	NVD
CVE-2025-63066	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in p-themes Porto Theme - Functionality porto-funct...	2025-12-09	6.5	NETWORK	MEDIUM	NVD
CVE-2025-63065	Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media Library Assistant media-library-assistant allows Exploiting Inco...	2025-12-09	5.4	NETWORK	MEDIUM	NVD
CVE-2025-63064	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ashanjay EventON eventon allows Stored XSS.This ...	2025-12-09	6.5	NETWORK	MEDIUM	NVD
CVE-2025-63063	Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Securit...	2025-12-09	6.5	NETWORK	MEDIUM	NVD
CVE-2025-63062	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AndonDesign UDesign Core u-de...	2025-12-09	7.6	NETWORK	HIGH	NVD
CVE-2025-63061	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hogash Kallyas kallyas allows DOM-Based XSS.This...	2025-12-09	6.5	NETWORK	MEDIUM	NVD
CVE-2025-63060	Cross-Site Request Forgery (CSRF) vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through <= 4.2.	2025-12-09	4.3	NETWORK	MEDIUM	NVD
CVE-2025-63059	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arscode Ninja Popups arscode-ninja-popups allows...	2025-12-09	6.5	NETWORK	MEDIUM	NVD
CVE-2025-63058	Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Hiroaki Miyashita Custom Field Template custom-field-templ...	2025-12-09	4.4	LOCAL	MEDIUM	NVD
CVE-2025-63057	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review all...	2025-12-09	8.2	NETWORK	HIGH	NVD
CVE-2025-63056	Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Con...	2025-12-09	4.3	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.