General-Purpose System Vulnerabilities
Vulnerabilities related to traditional IT systems, servers, and desktop applications.
| CVE ID | Description | Severity | Published | Type |
|---|---|---|---|---|
| CVE-2025-13134 | The AuthorSure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2… | Medium (6.1) | 2025-11-21 | General-Purpose |
| CVE-2025-12894 | The Import WP – Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Inform… | Medium (5.3) | 2025-11-21 | General-Purpose |
| CVE-2025-12881 | The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference i… | Medium (5.4) | 2025-11-21 | General-Purpose |
| CVE-2025-12746 | The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in all ver… | Medium (6.1) | 2025-11-21 | General-Purpose |
| CVE-2025-12661 | The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter i… | Medium (6.4) | 2025-11-21 | General-Purpose |