CVE-2025-23xxx

There are 842 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-23001 A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to proper...
CVE-2025-23006 Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA100...
KEV
CVE-2025-23007 A vulnerability in the NetExtender Windows client log export function allows unauthorized access to ...
CVE-2025-23008 An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) ...
CVE-2025-23009 A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client w...
CVE-2025-23010 An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExte...
CVE-2025-23011 Fedora Repository archive extraction path traversal
CVE-2025-23012 Fedora Repository fedoraIntCallUser default credentials
CVE-2025-23013 In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product impleme...
CVE-2025-23015 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
CVE-2025-23016 FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer ...
E
CVE-2025-23017 WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a ...
CVE-2025-23018 IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of ...
CVE-2025-23019 IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed netwo...
CVE-2025-23020 An issue was discovered in Kwik before 0.10.1. A hash collision vulnerability (in the hash table use...
CVE-2025-23022 FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c....
E
CVE-2025-23023 Anonymous cache poisoning via request headers in Discourse
CVE-2025-23024 GLPI: Plugins are disabled accessing one page
CVE-2025-23025 Privilege escalation (PR) through realtime WYSIWYG editing in XWiki
CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte
E
CVE-2025-23027 BASEHUB_TOKEN commited in next-forge
CVE-2025-23028 DoS in Cilium agent DNS proxy from crafted DNS responses
CVE-2025-23030 Cross-Site Scripting (XSS) Reflected endpoint 'cadastro_funcionario.php' parameter 'cpf' in WeGIA
E S
CVE-2025-23031 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_alergia.php' parameter 'nome' in WeGIA
E S
CVE-2025-23032 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_escala.php' parameter 'escala' in WeGIA
E S
CVE-2025-23033 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_situacao.php' parameter 'situacao' in WeGIA
E S
CVE-2025-23034 Cross-Site Scripting (XSS) Reflected endpoint 'tags.php' parameter 'msg_e' in WeGIA
E S
CVE-2025-23035 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_tipo_quadro_horario.php' parameter 'tipo' in WeGIA
E S
CVE-2025-23036 Cross-Site Scripting (XSS) Reflected endpoint 'pre_cadastro_funcionario.php' parameter 'msg_e' in WeGIA
E S
CVE-2025-23037 Cross-Site Scripting (XSS) Stored endpoint 'control.php' parameter 'cargo' in WeGIA
E S
CVE-2025-23038 Cross-Site Scripting (XSS) Stored endpoint 'remuneracao.php ' parameter 'descricao' in WeGIA
E S
CVE-2025-23039 Cross Site Scripting on URL decode Tooltip in Caido
CVE-2025-23040 Maliciously crafted remote URLs could lead to credential leak in GitHub Desktop
CVE-2025-23041 Short and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.Forms
CVE-2025-23042 Gradio Blocked Path ACL Bypass Vulnerability
CVE-2025-23044 Cross-Site Request Forgery (CSRF) allows creating admin account with POST request
E S
CVE-2025-23045 CVAT allows remote code execution via tracker Nuclio functions
CVE-2025-23046 GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin
CVE-2025-23047 Cilium vulnerable to information leakage via insecure default Hubble UI CORS header
CVE-2025-23048 Apache HTTP Server: mod_ssl access control bypass with session resumption
CVE-2025-23049 Meridian Technique Materialise OrthoView through 7.5.1 allows OS Command Injection when servlet shar...
CVE-2025-23051 Authenticated Remote Code Execution in AOS Web-based Management Interface
CVE-2025-23052 Authenticated Command Injection Vulnerability allows Unauthorized Command Execution in CLI Interface
CVE-2025-23053 Authenticated privilege escalation via broken access control
CVE-2025-23054 Authenticated Response Manipulation allows Unauthorized Actions in Management Interface
CVE-2025-23055 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface
CVE-2025-23056 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface
CVE-2025-23057 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface
CVE-2025-23058 Authenticated Broken Access Control Vulnerability in ClearPass Policy Manager Web-Based Management Interface
CVE-2025-23059 Sensitive Information Disclosure in HPE Aruba Networking ClearPass Policy Manager
CVE-2025-23060 Sensitive Data Exposure Vulnerability in HPE Aruba Networking ClearPass Policy Manager (CPPM)
CVE-2025-23061 Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to ...
CVE-2025-23072 XSS in Special:RefreshSpecial
CVE-2025-23073 API list=globalblocks can reveal IP of autoblock if username and IP are included in the bgtargets parameter
CVE-2025-23074 Special:EditProfile exposes the contents of profile fields marked "hidden"/friends or "friends of friends" when the privileged user isn't a friend of the user whose profile they edit(ed)
CVE-2025-23078 XSS in BreadCrumbs2
CVE-2025-23079 XSSes in Extension:ArticleFeedbackv5
CVE-2025-23080 XSSes in Special:BadgeView
CVE-2025-23081 Various security vulnerabilities in Extension:DataTransfer
CVE-2025-23082 Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow...
CVE-2025-23083 With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker threa...
CVE-2025-23084 A vulnerability has been identified in Node.js, specifically affecting the handling of drive names i...
CVE-2025-23085 A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY not...
CVE-2025-23086 On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's ...
CVE-2025-23087 Rejected reason: This Record was REJECTED after determining it is not in compliance with CVE Program...
R
CVE-2025-23088 Rejected reason: This Record was REJECTED after determining it is not in compliance with CVE Program...
R
CVE-2025-23089 Rejected reason: This Record was REJECTED after determining it is not in compliance with CVE Program...
R
CVE-2025-23090 With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker threa...
CVE-2025-23091 An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could a...
CVE-2025-23092 Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an authenticated attacker with a...
CVE-2025-23093 The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V1...
CVE-2025-23094 The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0...
CVE-2025-23095 An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Fr...
CVE-2025-23096 An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Fr...
CVE-2025-23097 An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads to...
CVE-2025-23098 An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380. A...
CVE-2025-23099 An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check...
CVE-2025-23100 An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence...
CVE-2025-23101 An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile proc...
CVE-2025-23102 An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380, 1...
CVE-2025-23103 An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check...
CVE-2025-23104 An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile proc...
CVE-2025-23105 An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in...
CVE-2025-23106 An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in...
CVE-2025-23107 An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check...
CVE-2025-23108 Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a mal...
CVE-2025-23109 Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the web...
CVE-2025-23110 An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in th...
CVE-2025-23111 An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposi...
CVE-2025-23112 An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability allows a...
CVE-2025-23113 An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the ale...
CVE-2025-23114 A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary c...
CVE-2025-23115 A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE) by...
CVE-2025-23116 An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge Devices e...
CVE-2025-23117 An Insufficient Firmware Update Validation vulnerability could allow an authenticated malicious acto...
CVE-2025-23118 An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with a...
CVE-2025-23119 An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass wi...
CVE-2025-23120 A vulnerability allowing remote code execution (RCE) for domain users....
E
CVE-2025-23121 A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain...
CVE-2025-23122 Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23165....
R
CVE-2025-23123 A malicious actor with access to the management network could execute a remote code execution (RCE) ...
CVE-2025-23124 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-23125 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-23126 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-23127 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-23128 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-23129 wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path
CVE-2025-23130 f2fs: fix to avoid panic once fallocation fails for pinfile
CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done
CVE-2025-23132 f2fs: quota: fix to avoid warning in dquot_writeback_dquots()
CVE-2025-23133 wifi: ath11k: update channel list in reg notifier instead reg worker
CVE-2025-23134 ALSA: timer: Don't take register_mutex with copy_from/to_user()
S
CVE-2025-23135 RISC-V: KVM: Teardown riscv specific bits after kvm_exit
CVE-2025-23136 thermal: int340x: Add NULL check for adev
S
CVE-2025-23137 cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update
S
CVE-2025-23138 watch_queue: fix pipe accounting mismatch
CVE-2025-23139 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2025-23140 misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error
CVE-2025-23141 KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
CVE-2025-23142 sctp: detect and prevent references to a freed transport in sendmsg
CVE-2025-23143 net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
CVE-2025-23144 backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
CVE-2025-23145 mptcp: fix NULL pointer in can_accept_new_subflow
CVE-2025-23146 mfd: ene-kb3930: Fix a potential NULL pointer dereference
CVE-2025-23147 i3c: Add NULL pointer check in i3c_master_queue_ibi()
CVE-2025-23148 soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()
CVE-2025-23149 tpm: do not start chip while suspended
CVE-2025-23150 ext4: fix off-by-one error in do_split
CVE-2025-23151 bus: mhi: host: Fix race between unprepare and queue_buf
CVE-2025-23152 arm64/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch()
CVE-2025-23153 arm/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch()
CVE-2025-23154 io_uring/net: fix io_req_post_cqe abuse by send bundle
CVE-2025-23155 net: stmmac: Fix accessing freed irq affinity_hint
CVE-2025-23156 media: venus: hfi_parser: refactor hfi packet parsing logic
CVE-2025-23157 media: venus: hfi_parser: add check to avoid out of bound access
CVE-2025-23158 media: venus: hfi: add check to handle incorrect queue size
CVE-2025-23159 media: venus: hfi: add a check to handle OOB in sfr region
CVE-2025-23160 media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization
CVE-2025-23161 PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
CVE-2025-23162 drm/xe/vf: Don't try to trigger a full GT reset if VF
CVE-2025-23163 net: vlan: don't propagate flags on open
CVE-2025-23164 A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier)...
CVE-2025-23165 In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s....
CVE-2025-23166 The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied...
CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` ins...
CVE-2025-23168 The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using On...
CVE-2025-23169 The Versa Director SD-WAN orchestration platform allows customization of the user interface, includi...
CVE-2025-23170 The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to ...
CVE-2025-23171 The Versa Director SD-WAN orchestration platform provides an option to upload various types of files...
CVE-2025-23172 The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notification...
CVE-2025-23173 The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual ma...
CVE-2025-23174 Yoel Geva - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
S
CVE-2025-23175 Tecnick - Multiple XSS (CWE-79)
S
CVE-2025-23176 Tecnick – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
S
CVE-2025-23177 Ribbon Communications - CWE-427: Uncontrolled Search Path Element
S
CVE-2025-23178 Ribbon Communications - CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
S
CVE-2025-23179 Ribbon Communications - CWE-798: Use of Hard-coded Credentials
S
CVE-2025-23180 Ribbon Communications - CWE-250: Execution with Unnecessary Privileges
S
CVE-2025-23181 Ribbon Communications - CWE-250: Execution with Unnecessary Privileges
S
CVE-2025-23182 UBtech – CWE-203: Observable Discrepancy
CVE-2025-23183 UBtech – CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-23184 Apache CXF: Denial of Service vulnerability with temporary files
CVE-2025-23185 Information Disclosure in SAP Business Objects Business Intelligence Platform
CVE-2025-23186 Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
CVE-2025-23187 Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)
CVE-2025-23188 Missing Authorization check in SAP S/4HANA (RBD)
CVE-2025-23189 Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)
CVE-2025-23190 Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)
CVE-2025-23191 Cache Poisoning through header manipulation vulnerability in SAP Fiori for SAP ERP
CVE-2025-23192 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace)
CVE-2025-23193 Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP
CVE-2025-23194 Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)
CVE-2025-23195 Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie
CVE-2025-23196 Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition
CVE-2025-23197 matrix-hookshot has a Potential Denial of Service when Hookshot is configured with GitHub support
CVE-2025-23198 Stored-XSS-LibreNMS-Display-Name in librenms
E
CVE-2025-23199 Stored XSS-LibreNMS-Ports in librenms
E
CVE-2025-23200 Stored XSS-LibreNMS-Misc Section in librenms
E
CVE-2025-23201 Reflected Cross-site Scripting on error alert in librenms
E
CVE-2025-23202 Improper Input Validation in Bible Module for ROBLOX
CVE-2025-23203 Icinga has rest API endpoints accessible to restricted users
CVE-2025-23204 GraphQl securityAfterResolver not called
CVE-2025-23205 `frame-ancestors: self` grants all users access to formgrader in nbgrader
CVE-2025-23206 IAM OIDC custom resource allows connection to unauthorized OIDC provider in aws-cdk
CVE-2025-23207 \htmlData does not validate attribute names in KaTeX
CVE-2025-23208 IdP group membership revocation ignored in zot
E S
CVE-2025-23209 Potential RCE with a compromised security key in craft/cms
KEV S
CVE-2025-23210 Bypass XSS sanitizer using the javascript protocol and special characters in phpoffice/phpspreadsheet
CVE-2025-23211 Tandoor Recipes - SSTI - Remote Code Execution
E S
CVE-2025-23212 Tandoor Recipes - Local file disclosure - Users can read the content of any file on the server
E S
CVE-2025-23213 Tandoor Recipes - Stored XSS through Unrestricted File Upload
E S
CVE-2025-23214 Cosmos userbase checking vulnerability
CVE-2025-23215 PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext
CVE-2025-23216 Argo CD does not scrub secret values from patch errors
S
CVE-2025-23217 Mitmweb API Authentication Bypass Using Proxy Server
CVE-2025-23218 WeGIA has a SQL Injection endpoint 'adicionar_especie.php' parameter 'especie'
E S
CVE-2025-23219 WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor'
E S
CVE-2025-23220 WeGIA has a SQL Injection endpoint 'adicionar_raca.php' parameter 'raca'
E S
CVE-2025-23221 Fedify has an Infinite loop and Blind SSRF found inside the Webfinger mechanism
CVE-2025-23222 An issue was discovered in Deepin dde-api-proxy through 1.0.19 in which unprivileged users can acces...
CVE-2025-23225 IBM MQ denial of service
CVE-2025-23227 IBM Tivoli Application Dependency Discovery Manager cross-site scripting
CVE-2025-23233 Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edg...
CVE-2025-23234 Arkcompiler Ets Runtime has a buffer overflow vulnerability
CVE-2025-23235 arkcompiler_ets_runtime has an out-of-bounds write vulnerability
CVE-2025-23236 Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If a...
CVE-2025-23237 Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exi...
CVE-2025-23239 BIG-IP iControl REST vulnerability
CVE-2025-23240 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
CVE-2025-23242 NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A su...
CVE-2025-23243 NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A su...
CVE-2025-23244 NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attac...
CVE-2025-23245 NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU...
CVE-2025-23246 NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU...
CVE-2025-23247 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a fail...
CVE-2025-23249 NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrust...
CVE-2025-23250 NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation ...
CVE-2025-23251 NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of gener...
CVE-2025-23252 The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricte...
CVE-2025-23253 NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an at...
CVE-2025-23254 NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker m...
CVE-2025-23260 NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s clust...
CVE-2025-23264 NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacke...
CVE-2025-23265 NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacke...
CVE-2025-23359 NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when ...
E M
CVE-2025-23360 NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal is...
CVE-2025-23362 The old versions of EXIF Viewer Classic contain a cross-site scripting vulnerability caused by impro...
CVE-2025-23363 A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versio...
CVE-2025-23364 A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected appli...
CVE-2025-23365 A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected appli...
CVE-2025-23366 Org.jboss.hal:hal-console: wildfly hal console cross-site scripting
CVE-2025-23367 Org.wildfly.core:wildfly-server: wildfly improper rbac permission
M
CVE-2025-23368 Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli
M
CVE-2025-23369 Improper Verification of Cryptographic Signature in GitHub Enterprise Server Allows Signature Spoofing by Improper Validation
CVE-2025-23374 Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s...
CVE-2025-23375 Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privilege...
CVE-2025-23376 Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neu...
CVE-2025-23377 Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or...
CVE-2025-23378 Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an exposure of information throug...
CVE-2025-23379 Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralizatio...
CVE-2025-23382 Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Se...
CVE-2025-23383 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used...
CVE-2025-23384 A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version...
CVE-2025-23385 In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and...
CVE-2025-23386 gerbera: Privilege escalation from user gerbera to root because of insecure %post script
CVE-2025-23387 Rancher's SAML-based login via CLI can be denied by unauthenticated users
CVE-2025-23388 Unauthenticated stack overflow in /v3-public/authproviders API
CVE-2025-23389 Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
CVE-2025-23391 Rancher: Restricted Administrator can change Administrator's passwords
CVE-2025-23392 Reflected XSS in SystemsController.java in spacewalk-java
CVE-2025-23393 Reflected XSS in spacewalk-java
CVE-2025-23394 daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root
CVE-2025-23395 Local root exploit via `logfile_reopen()` in screen 5.0.0 with setuid-root bit set
E
CVE-2025-23396 A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), T...
CVE-2025-23397 A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), T...
CVE-2025-23398 A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), T...
CVE-2025-23399 A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), T...
CVE-2025-23400 A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), T...
CVE-2025-23401 A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), T...
CVE-2025-23402 A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), T...
CVE-2025-23403 A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor ...
CVE-2025-23405 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Improper Output Neutralization For Logs
S
CVE-2025-23406 Out-of-bounds read vulnerability caused by improper checking of TCP MSS option values exists in Cent...
CVE-2025-23407 Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNI...
CVE-2025-23409 Communication Dsoftbus has an UAF vulnerability
CVE-2025-23410 GMOD Apollo Relative Path Traversal
S
CVE-2025-23411 mySCADA myPRO Manager Cross-Site Request Forgery
S
CVE-2025-23412 BIG-IP APM access profile vulnerability
CVE-2025-23413 BIG-IP Next Central Manager vulnerability
CVE-2025-23414 Arkcompiler Ets Runtime has an UAF vulnerability
CVE-2025-23415 BIG-IP APM Endpoint Inspection vulnerability
CVE-2025-23416 Keysight Ixia Vision Product Family Path Traversal
S
CVE-2025-23418 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability
CVE-2025-23419 TLS Session Resumption Vulnerability
CVE-2025-23420 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
CVE-2025-23421 Qardio iOS and Android applications Files or Directories Accessible to External Parties
M
CVE-2025-23422 WordPress Store Locator plugin <= 3.98.10 - Local File Inclusion vulnerability
CVE-2025-23423 WordPress SendGrid for WordPress plugin <= 1.4 - Broken Access Control vulnerability
CVE-2025-23424 WordPress Marquee Style RSS News Ticker plugin <= 3.2.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23425 WordPress Marekkis Watermark plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23426 WordPress go Social plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23427 WordPress Redux Converter plugin <= 1.1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23428 WordPress QMean plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23429 WordPress Altima Lookbook Free for WooCommerce plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23430 WordPress Mass Custom Fields Manager plugin <= 1.5 - CSRF to Cross Site Scripting (XSS) vulnerability
CVE-2025-23431 WordPress Envato Affiliater plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23432 WordPress AlT Report plugin <= 1.12.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23433 WordPress vcOS plugin <=1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23434 WordPress Easy EU Cookie law plugin <= 1.3.3.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23435 WordPress Password Protect Plugin for WordPress plugin <= 0.8.1.0 - CSRF to Stored XSS vulnerability
CVE-2025-23436 WordPress Wp-Scribd-List plugin <= 1.2 - CSRF to XSS vulnerability
CVE-2025-23437 WordPress ntp-header-images plugin <=1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23438 WordPress WP PT-Viewer plugin <= 2.0.2 - Reflected XSS vulnerability
CVE-2025-23439 WordPress TinyMCE Extended Config plugin <= 0.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23440 WordPress radSLIDE plugin <= 2.1 - Broken Access Control to Stored Cross-Site Scripting vulnerability
CVE-2025-23441 WordPress Attach Gallery Posts plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23442 WordPress Shockingly Big IE6 Warning plugin <= 1.6.3 - CSRF to Stored XSS vulnerability
CVE-2025-23443 WordPress Author Showcase plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23444 WordPress Scroll Top Advanced plugin <= 2.5 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23445 WordPress Easy Tynt plugin <= 0.2.5.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23446 WordPress WP SpaceContent plugin <= 0.4.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23447 WordPress Smooth Dynamic Slider plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23448 WordPress visualslider Sldier plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23449 WordPress Simple shortcode buttons plugin <= 1.3.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23450 WordPress AW WooCommerce Kode Pembayaran plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23451 WordPress Awesome Twitter Feeds plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23452 WordPress EditionGuard for WooCommerce plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23453 WordPress Stars SMTP Mailer plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23454 WordPress Nature FlipBook WordPress Plugin plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23455 WordPress WP VTiger Synchronization plugin <= 1.1.1 - CSRF to Stored XSS vulnerability
CVE-2025-23456 WordPress EmailShroud plugin <= 2.2.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23457 WordPress Shipdeo plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23459 WordPress NS Simple Intro Loader plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23460 WordPress RWS Enquiry And Lead Follow-up plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23461 WordPress Social2Blog plugin <= 0.2.990 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23462 WordPress FWD Slider plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23463 WordPress MD Custom content after or before of post plugin <= 1.0 - CSRF to Stored XSS vulnerability
CVE-2025-23464 WordPress Twitter News Feed plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23465 WordPress Vampire Character Manager plugin <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23466 WordPress Site Editor Google Map plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23467 WordPress RSS News Scroller plugin <= 2.0.0 - CSRF to Stored XSS vulnerability
CVE-2025-23468 WordPress Essay Wizard (wpCRES) plugin <= 1.0.6.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23470 WordPress Visit Site Link enhanced plugin <= 1.0 - CSRF to Stored XSS vulnerability
CVE-2025-23471 WordPress ECT Add to Cart Button plugin <= 1.4 - CSRF to Stored XSS vulnerability
CVE-2025-23472 WordPress Flexo Slider plugin <= 1.0013 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23473 WordPress Killer Theme Options plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23474 WordPress Live Dashboard plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23475 WordPress History timeline plugin <= 0.7.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23476 WordPress my-related-posts plugin <= 1.1 - CSRF to Stored XSS vulnerability
CVE-2025-23477 WordPress Realty Workstation plugin <= 1.0.45 - Broken Access Control vulnerability
CVE-2025-23478 WordPress Photo Video Store plugin <= 21.07 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23479 WordPress melascrivi plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23480 WordPress RSVP ME plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23481 WordPress Ni WooCommerce Sales Report Email plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23482 WordPress azurecurve Floating Featured Image plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23483 WordPress Universal Analytics Injector plugin <= 1.0.3 - CSRF to Stored XSS vulnerability
CVE-2025-23484 WordPress Predict When plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23485 WordPress RS Survey plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23486 WordPress Database Sync plugin <= 0.5.1 - Sensitive Data Exposure vulnerability
CVE-2025-23487 WordPress Easy Gallery plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23488 WordPress rng-refresh plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23489 WordPress WP-Announcements plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23490 WordPress Browser-Update-Notify plugin <= 0.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23491 WordPress VSTEMPLATE Creator plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23492 WordPress 淘宝客插件 plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23493 WordPress Google Transliteration plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23494 WordPress Quizzin plugin <= 1.01.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23495 WordPress WooCommerce Order Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23496 WordPress WP FPO plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23497 WordPress Simple Project Manager plugin <= 1.2.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23498 WordPress Translation.Pro plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23499 WordPress Board Election plugin <= 1.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23500 WordPress Simple Custom post type custom field plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23501 WordPress Cookie Consent & Autoblock for GDPR/CCPA plugin <= 1.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23502 WordPress Curated Search plugin <= 1.2 - CSRF to Stored XSS vulnerability
CVE-2025-23503 WordPress Customizable Captcha and Contact us plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23505 WordPress Pit Login Welcome plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23506 WordPress WP IMAP Auth plugin <= 4.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23507 WordPress Blrt WP Embed plugin <= 1.6.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23508 WordPress Extra Options – Favicons plugin <= 1.1.0 - CSRF to Stored XSS vulnerability
CVE-2025-23509 WordPress HyperComments plugin <= 0.9.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23510 WordPress WordPress Logging Service plugin <= 1.5.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23511 WordPress WP-BlackCheck plugin <= 2.7.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23512 WordPress Team 118GROUP Agent plugin <= 1.6.0 - Arbitrary Content Deletion vulnerability
CVE-2025-23513 WordPress Bible Embed plugin <= 0.0.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23514 WordPress Loginplus plugin <= 1.2 - Broken Access Control vulnerability
CVE-2025-23515 WordPress ts-tree plugin 0.1.1 - <= Arbitrary Content Deletion vulnerability
CVE-2025-23516 WordPress Sale with Razorpay plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23517 WordPress Google Map on Post/Page plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23518 WordPress GoogleMapper plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23519 WordPress G Web Pro Store Locator plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23520 WordPress Heartland Management Terminal plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-23521 WordPress Goodlayers Blocks plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23522 WordPress HM Portfolio plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23523 WordPress HSS Embed Streaming Video plugin <= 3.23 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23524 WordPress ClickBank Storefront WordPress Plugin plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23525 WordPress Kv Compose Email From Dashboard plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23526 WordPress Swift Calendar Online Appointment Scheduling plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23527 WordPress WC Wallet plugin <= 2.2.0 - Arbitrary Content Deletion vulnerability
CVE-2025-23528 WordPress DD Roles plugin <= 4.1 - Privilege Escalation vulnerability
CVE-2025-23529 WordPress Minterpress plugin <= 1.0.5 - Arbitrary Content Deletion vulnerability
CVE-2025-23530 WordPress Custom Post Type Lockdown plugin <= 1.11 - CSRF to Privilege Escalation vulnerability
CVE-2025-23531 WordPress RSVPMaker Volunteer Roles plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23532 WordPress MyAnime Widget plugin <= 1.0 - CSRF to Privilege Escalation vulnerability
CVE-2025-23533 WordPress WP Lyrics plugin <= 0.4.1 - CSRF to Stored XSS vulnerability
CVE-2025-23534 WordPress WPLingo plugin <= 1.1.2 - Arbitrary Content Deletion vulnerability
CVE-2025-23535 WordPress REAL WordPress Sidebar plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23536 WordPress Track Page Scroll plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23537 WordPress add custom google tag manager plugin <= 1.0.3 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2025-23538 WordPress WP Contest plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23539 WordPress Awesome Hooks plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23540 WordPress WP Front-end login and register plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23541 WordPress Download, Downloads plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23542 WordPress RDP Linkedin Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23543 WordPress FOMO Pay Chinese Payment Solution plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23544 WordPress StatPressCN plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23545 WordPress WP Social Broadcast plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23546 WordPress RDP inGroups+ plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23547 WordPress LH Login Page plugin <= 2.14 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23548 WordPress Responsivity plugin <= 0.0.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23549 WordPress Maniac SEO plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23551 WordPress SexBundle plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23552 WordPress Texteller plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23553 WordPress Userbase Access Control plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23555 WordPress Ui Slider Filter By Price plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23556 WordPress Push Envoy Notifications plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23557 WordPress Find Your Reps plugin <= 1.2 - CSRF to Stored XSS vulnerability
CVE-2025-23558 WordPress Geotagged Media plugin <= 0.3.0 - CSRF to Stored XSS vulnerability
CVE-2025-23559 WordPress MemeOne plugin <= 2.0.5 - CSRF to Stored XSS vulnerability
CVE-2025-23560 WordPress Web Testimonials plugin <= 1.2 - CSRF to Stored XSS vulnerability
CVE-2025-23561 WordPress MLL Audio Player MP3 Ajax plugin <= 0.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23562 WordPress XLSXviewer plugin <= 2.1.1 - Arbitrary File Deletion vulnerability
CVE-2025-23563 WordPress Explore pages plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23564 WordPress WP FixTag plugin <= v2.0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23565 WordPress Wibstats plugin <= 0.5.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23566 WordPress Custom Post plugin <= 1.0 - CSRF to Stored XSS vulnerability
CVE-2025-23567 WordPress GDReseller plugin <= 1.6 - CSRF to Stored XSS vulnerability
CVE-2025-23568 WordPress WP Login Attempt Log plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23569 WordPress Shortcode in Comment plugin <= 1.1.1 - CSRF to Stored XSS vulnerability
CVE-2025-23570 WordPress WP Social Links plugin <= 0.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23571 WordPress Internal Links Generator plugin <= 3.51 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23572 WordPress UpDownUpDown plugin <= 1.1 - CSRF to Stored XSS vulnerability
CVE-2025-23573 WordPress WP Background Tile plugin <= 1.0 - CSRF to Stored XSS vulnerability
CVE-2025-23574 WordPress CubePM plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23575 WordPress DX Sales CRM plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23576 WordPress WP Intro.JS Plugin plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23577 WordPress Word Freshener plugin <= 1.3 - CSRF to Stored XSS vulnerability
CVE-2025-23578 WordPress Custom CSS Addons plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23579 WordPress DZS Ajaxer Lite plugin <= 1.04 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23580 WordPress BizLibrary plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23581 WordPress Demo User DZS plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23582 WordPress Bulk Categories Assign plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23583 WordPress Explara Membership plugin <= 0.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23584 WordPress Pin Locations on Map plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23585 WordPress Goo.gl Url Shorter plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23586 WordPress WP Post Category Notifications plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23587 WordPress all-in-one-box-login plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23588 WordPress WOW Best CSS Compiler plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23589 WordPress ContentOptin Lite plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23590 WordPress Dezdy plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23591 WordPress blu Logistics plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23592 WordPress dForms plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23593 WordPress EmailPress plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23594 WordPress Google Map With Fancybox plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23595 WordPress Page Health-O-Meter plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23596 WordPress Notifikácie.sk plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23597 WordPress Rio Photo Gallery plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23598 WordPress Recip.ly plugin <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23599 WordPress eMarksheet plugin <= 5.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23600 WordPress Send to a Friend Addon plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23601 WordPress Tab My Content plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23602 WordPress EELV Newsletter plugin <= 4.8.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23603 WordPress Group category creator plugin <= 1.3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23604 WordPress Rezdy Reloaded plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23605 WordPress Call To Action Popup plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23606 WordPress Calendi plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23607 WordPress CAMOO SMS plugin <= 3.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23609 WordPress Tagesteller plugin <= v.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23610 WordPress Ultimate Events plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23611 WordPress WH Cache & Security plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23612 WordPress Pixobe Cartography plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23613 WordPress WP Journal plugin <= 1.1 - Broken Access Control vulnerability
CVE-2025-23614 WordPress WordPress Additional Logins plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23615 WordPress Interactive Page Hierarchy plugin <= 1.0.1 - Broken Access Control vulnerability
CVE-2025-23616 WordPress Canalplan plugin <= 5.31 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23617 WordPress Floatbox Plus plugin <= 1.4.4 - CSRF to Stored XSS vulnerability
CVE-2025-23618 WordPress Twitter Shortcode plugin <= 0.9 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2025-23619 WordPress Catch Duplicate Switcher plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23620 WordPress Captchelfie – Captcha by Selfie plugin <= 1.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23621 WordPress Causes – Donation plugin <= 1.0.01 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23622 WordPress CBX Accounting & Bookkeeping plugin <= 1.3.14 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23623 WordPress Contact Form 7 – CCAvenue Add-on plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23624 WordPress WpDevTool plugin <= 0.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23625 WordPress Unique UX plugin <= 0.9.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23626 WordPress Kumihimo plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23627 WordPress Comment-Emailer plugin <= 1.0.5 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2025-23628 WordPress GeoDigs plugin <= 3.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23629 WordPress Gallerio plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23630 WordPress Cyber Slider plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23631 WordPress Content Planner plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23632 WordPress CG Button plugin <= 1.0.5.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23633 WordPress WP Database Audit plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23634 WordPress Youtube Video Grid plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23635 WordPress ePermissions plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23636 WordPress My Favorite Car plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23637 WordPress 新淘客WordPress插件 plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23638 WordPress Frontend Post Submission plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23639 WordPress MDC YouTube Downloader plugin <= 3.0.0 - CSRF to Stored XSS vulnerability
CVE-2025-23640 WordPress Rename Author Slug plugin <= 1.2.0 - CSRF to Stored XSS vulnerability
CVE-2025-23641 WordPress Powie's pLinks PagePeeker plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23642 WordPress Sidebar-Content from Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23643 WordPress ReadMe Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23644 WordPress QuoteMedia Tools plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23645 WordPress Find Content IDs plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23646 WordPress Library Instruction Recorder plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23647 WordPress WP-Clap plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23648 WordPress AdsMiddle plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23649 WordPress Auphonic Importer plugin <= 1.5.1 - CSRF to Stored XSS vulnerability
CVE-2025-23650 WordPress Tidy.ro plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23651 WordPress Scroll Top plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23652 WordPress Add custom content after post plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23653 WordPress Form To Online Booking plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23654 WordPress Twitter Post plugin <= 0.1 - CSRF to Stored XSS vulnerability
CVE-2025-23655 WordPress Contact Form 7 – Paystack Add-on plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23656 WordPress Donate visa plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23657 WordPress WordPress-to-candidate for Salesforce CRM plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23658 WordPress Advanced Angular Contact Form plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23659 WordPress MercadoLibre Integration plugin <= 1.1 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2025-23660 WordPress MFPlugin plugin <= 1.3 - CSRF to Cross-Site Scripting vulnerability
CVE-2025-23661 WordPress NV Slider plugin <= 1.6 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2025-23662 WordPress WP Panoramio plugin <= 1.5.0 - CSRF to Cross-Site Scripting vulnerability
CVE-2025-23663 WordPress Contexto plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23664 WordPress Real Seguro Viagem plugin <= 2.0.5 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2025-23665 WordPress RSV GMaps plugin <= 1.5 - CSRF to Stored XSS vulnerability
CVE-2025-23666 WordPress Management-screen-droptiles plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23668 WordPress ChatGPT Open AI Images & Content for WooCommerce plugin <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23669 WordPress WP Smart Tooltip plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23670 WordPress 4 author cheer up donate plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23671 WordPress WP OpenSearch plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23672 WordPress Instant Appointment plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23673 WordPress Email on Publish plugin <= 1.5 - CSRF to Stored XSS vulnerability
CVE-2025-23674 WordPress Bit.ly linker plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23675 WordPress Import Users to MailChimp plugin <= 1.0 - CSRF to Stored XSS vulnerability
CVE-2025-23676 WordPress LH Email plugin <= 1.12 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23677 WordPress HTTP to HTTPS link changer by Eyga.net plugin <= 0.2.4 - CSRF to Stored XSS vulnerability
CVE-2025-23678 WordPress LocalGrid plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23679 WordPress FP RSS Category Excluder plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23680 WordPress Narnoo Operator plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23681 WordPress REDIRECTION PLUS plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23682 WordPress Preloader Quotes plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23683 WordPress MACME plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23684 WordPress Debug Tool plugin <= 2.2 - Broken Access Control vulnerability
CVE-2025-23685 WordPress RomanCart On WordPress plugin <= 0.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23686 WordPress Admin Menu Organizer plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23687 WordPress Woo Store Mode plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23688 WordPress Cobwebo URL Plugin plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23689 WordPress Blogger Image Import plugin <= 2.1 - CSRF to Stored XSS vulnerability
CVE-2025-23690 WordPress Book a Place plugin <= 0.7.1 - CSRF to Stored XSS vulnerability
CVE-2025-23691 WordPress Send to Twitter plugin <= 1.7.2 - CSRF to Stored XSS vulnerability
CVE-2025-23692 WordPress Slider for Writers plugin <= 1.3 - CSRF to Stored XSS vulnerability
CVE-2025-23693 WordPress Secure CAPTCHA plugin <= 1.2 - CSRF to Stored XSS vulnerability
CVE-2025-23694 WordPress Shabbos and Yom Tov plugin <= 1.9 - CSRF to Stored XSS vulnerability
CVE-2025-23695 WordPress CtyGrid Hyp3rL0cal Search plugin <= 0.1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23696 WordPress Staging CDN plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23697 WordPress Podčlánková inzerce plugin <= 2.4.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23698 WordPress WP Custom Google Search plugin <= 1.0 - CSRF to Stored XSS vulnerability
CVE-2025-23699 WordPress Event Countdown Timer Plugin by TechMix plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23700 WordPress yCyclista plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23701 WordPress Lime Developer Login plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23702 WordPress Anonymize Links plugin <= 1.1 - CSRF to Stored XSS vulnerability
CVE-2025-23703 WordPress Free MailClient FMC plugin <= 1.0 - CSRF to Stored XSS vulnerability
CVE-2025-23704 WordPress Your Lightbox plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23706 WordPress Jet Skinner for BuddyPress plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23708 WordPress DF Draggable plugin <= 1.13.2 - CSRF to Stored XSS vulnerability
CVE-2025-23709 WordPress Formatted post plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23710 WordPress Flying Twitter Birds plugin <= 1.8 - CSRF to Stored XSS vulnerability
CVE-2025-23711 WordPress Quote me plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23712 WordPress Kapost plugin <= 2.2.9 - CSRF to Stored XSS vulnerability
CVE-2025-23713 WordPress Hack me if you can plugin <= 1.2 - CSRF to Stored XSS vulnerability
CVE-2025-23714 WordPress AppReview plugin <= 0.2.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23715 WordPress Post & Page Notes plugin <= 0.1.1 - CSRF to Stored XSS vulnerability
CVE-2025-23716 WordPress Login Watchdog plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23717 WordPress Theme My Ontraport Smartform plugin <= 1.2.11 - CSRF to Stored XSS vulnerability
CVE-2025-23718 WordPress Mancx AskMe Widget plugin <= 0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23720 WordPress Web Push plugin <= 1.4.0 - CSRF to Stored XSS vulnerability
CVE-2025-23721 WordPress Mobigate plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23722 WordPress Mind3doM RyeBread Widgets plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23723 WordPress Plestar Directory Listing plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23724 WordPress University Quizzes Online plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23725 WordPress Accessibility Task Manager plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23726 WordPress ComparePress plugin <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23727 WordPress AZ Content Finder plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23728 WordPress AuMenu plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23729 WordPress XTRA Settings plugin <= 2.1.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23730 WordPress FLX Dashboard Groups plugin <= 0.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23731 WordPress Tax Report for WooCommerce plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23732 WordPress Easy Filtering plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23733 WordPress SC Simple Zazzle plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23734 WordPress Gigaom Sphinx plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23735 WordPress Infugrator plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23736 WordPress Form To JSON plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23737 WordPress Network-Favorites plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23738 WordPress Ps Ads Pro plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23739 WordPress WP Ultimate Reviews FREE plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23740 WordPress Easy School Registration plugin <= 3.9.8 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23741 WordPress Notifications Center plugin <= 1.5.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23742 WordPress Podamibe Twilio Private Call plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23743 WordPress Social Analytics plugin <= 0.2 - CSRF to Stored XSS vulnerability
CVE-2025-23744 WordPress Random Posts, Mp3 Player + ShareButton plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23745 WordPress Call me Now plugin <= 1.0.5 - CSRF to Stored XSS vulnerability
CVE-2025-23746 WordPress CMC MIGRATE plugin <= 0.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23747 WordPress Awesome Timeline plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23748 WordPress Singsys -Awesome Gallery plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23749 WordPress mybb Last Topics plugin <= 1.0 - CSRF to Stored XSS vulnerability
CVE-2025-23750 WordPress Custom Widget Creator plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23751 WordPress Data Dash plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23752 WordPress CGD Arrange Terms plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23753 WordPress DN Sitemap Control plugin <= 1.0.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23754 WordPress The Loops plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23755 WordPress PAFacile plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23756 WordPress LawPress plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23758 WordPress pootle button plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23759 WordPress Affiliate Tools Việt Nam plugin <= 0.3.17 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23760 WordPress Chatter plugin <= 1.0.1 - CSRF to Stored XSS vulnerability
CVE-2025-23761 WordPress Woo Tuner plugin <= 0.1.2 - Broken Access Control vulnerability
CVE-2025-23762 WordPress DsgnWrks Twitter Importer plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23763 WordPress WAH Forms plugin <= 1.0 - Sensitive Data Exposure vulnerability
CVE-2025-23764 WordPress Copy Move Posts plugin <= 1.6 - Broken Access Control vulnerability
CVE-2025-23765 WordPress W3SPEEDSTER plugin <= 7.33 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-23766 WordPress OPSI Israel Domestic Shipments plugin <= 2.6.6 - Broken Access Control vulnerability
CVE-2025-23767 WordPress Marmoset Viewer plugin <= 1.9.3 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23768 WordPress InFunding plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23769 WordPress Content Mirror plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23770 WordPress Fast Tube plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23771 WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability
CVE-2025-23772 WordPress imaGenius Plugin <= 1.7 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23773 WordPress Delete All Posts plugin <= 1.1.1 - Broken Access Control vulnerability
CVE-2025-23774 WordPress WPDB to Sql plugin <= 1.2 - Sensitive Data Exposure vulnerability
CVE-2025-23775 WordPress GMAPS for WPBakery Page Builder Free Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23776 WordPress Cache Sniper for Nginx plugin <= 1.0.4.2 - Broken Access Control vulnerability
CVE-2025-23777 WordPress GDPR Personal Data Reports Plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23778 WordPress User Sync ActiveCampaign plugin <= 1.3.2 - Broken Access Control vulnerability
CVE-2025-23779 WordPress ResAds Plugin <= 2.0.5 - SQL Injection vulnerability
CVE-2025-23780 WordPress Easy Code Snippets Plugin <= 1.0.2 - SQL Injection vulnerability
CVE-2025-23781 WordPress WM Options Import Export plugin <= 1.0.1 - Sensitive Data Exposure vulnerability
CVE-2025-23782 WordPress TotalContest Lite Plugin <= 2.8.1 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-23783 WordPress Greek Namedays Widget Plugin <= 20191113 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23784 WordPress Contact Form 7 Round Robin Lead Distribution Plugin <= 1.2.1 - SQL Injection vulnerability
CVE-2025-23785 WordPress AI Responsive Gallery Album plugin <= 1.4 - Broken Access Control vulnerability
CVE-2025-23786 WordPress Email to Download Plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23787 WordPress Easy Bet Plugin <= 1.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23788 WordPress Easy Filter Plugin <= 1.10 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23789 WordPress URL Shortener WooCommerce Plugin <= 9.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23790 WordPress Easy Code Placement Plugin <= 18.11 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23791 WordPress Horizontal Line Shortcode Plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23792 WordPress Passwordless WP – Login with your glance or fingerprint Plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23793 WordPress Auto FTP plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2025-23794 WordPress wp_amaps Plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23795 WordPress Easy FAQs plugin <= 3.2.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23796 WordPress Easy Portfolio plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23797 WordPress WP Options Editor plugin <= 1.1 - CSRF to Privilege Escalation vulnerability
CVE-2025-23798 WordPress Mass Messaging in BuddyPress Plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23799 WordPress .TUBE Video Curator Plugin <= 1.1.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23800 WordPress OrangeBox plugin <= 3.0.0 - CSRF to Stored XSS vulnerability
CVE-2025-23801 WordPress Style Admin Plugin <= 1.4.3 - CSRF to Stored XSS vulnerability
CVE-2025-23802 WordPress WP-Revive Adserver Plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23803 WordPress Snippy Plugin <= 1.4.1 - CSRF to Cross Site Scripting (XSS) vulnerability
CVE-2025-23804 WordPress WP Service Payment Form With Authorize.net Plugin <= 2.6.0 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23805 WordPress SEOReseller Partner plugin <= 1.3.15 - CSRF to Stored XSS vulnerability
CVE-2025-23806 WordPress Ultimate Subscribe Plugin <=1.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23807 WordPress Spiderpowa Embed PDF plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23808 WordPress Custom List Table Example Plugin <=1.4.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23809 WordPress Blue Wrench Video Widget Plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23810 WordPress Len Slider Plugin <= 2.0.11 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23811 WordPress WP2APP Plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23812 WordPress Contact Form 7 Round Robin Lead Distribution Plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23813 WordPress Guten Free Options Plugin <= 0.9.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23814 WordPress CRUDLab Like Box Plugin <= 2.0.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23815 WordPress root Cookie plugin <= 1.6 - CSRF to Stored XSS vulnerability
CVE-2025-23816 WordPress Metaphor Widgets plugin <= 2.4 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23817 WordPress MHR-Custom-Anti-Copy plugin <= 2.0 - CSRF to Stored Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-23818 WordPress More Link Modifier plugin <= 1.0.3 - CSRF to Cross-Site Scripting vulnerability
CVE-2025-23819 WordPress WP Cloud plugin <= 1.4.3 - Arbitrary File Deletion vulnerability
CVE-2025-23820 WordPress Content Security Policy Pro plugin <= 1.3.5 - CSRF to Stored XSS vulnerability
CVE-2025-23821 WordPress WP Cookies Alert plugin <= 1.1.1 - CSRF to Stored XSS vulnerability
CVE-2025-23822 WordPress Category Custom Fields plugin <= 1.0 - CSRF to Stored XSS vulnerability
CVE-2025-23823 WordPress CNZZ&51LA for WordPress plugin <= 1.0.1 - CSRF to Stored XSS vulnerability
CVE-2025-23824 WordPress FontAwesome.io ShortCodes plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23825 WordPress Easy Shortcode Buttons plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23826 WordPress Stop Comment Spam plugin <= 0.5.3 - CSRF to Stored XSS vulnerability
CVE-2025-23827 WordPress Strx Magic Floating Sidebar Maker plugin <= 1.4.1 - CSRF to Stored XSS vulnerability
CVE-2025-23828 WordPress WordPress Data Guard [Website Security] plugin <= 8 - CSRF to Stored XSS vulnerability
CVE-2025-23829 WordPress Woo Update Variations In Cart plugin <= 0.0.9 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23830 WordPress JB Horizontal Scroller News Ticker plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23831 WordPress QR Code Generator plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23832 WordPress Admin Cleanup plugin <= 1.0.2 - CSRF to Stored XSS vulnerability
CVE-2025-23833 WordPress Links/Problem Reporter plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23834 WordPress Links/Problem Reporter plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23835 WordPress Legal + Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23836 WordPress Custom Coming Soon Plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23837 WordPress One Backend Language Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23838 WordPress Bauernregeln Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23839 WordPress Sticky Button plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23840 WordPress WP-NOTCAPTCHA Plugin <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23841 WordPress Top Flash Embed plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23842 WordPress WordPress Gallery Plugin plugin <= 1.4 - CSRF to Stored XSS vulnerability
CVE-2025-23843 WordPress WP-HR Manager plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23844 WordPress Custom Widget Classes plugin <= 1.1 - CSRF to Stored XSS vulnerability
CVE-2025-23845 WordPress ImageMeta Plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23846 WordPress Flexible Blogtitle Plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23847 WordPress Site Launcher Plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23848 WordPress Hotspots Analytics plugin <= 4.0.12 - CSRF to Stored XSS vulnerability
CVE-2025-23849 WordPress PAPERCITE plugin <= 0.5.18 - Broken Access Control vulnerability
CVE-2025-23850 WordPress Mojo Under Construction Plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23851 WordPress Coronavirus (COVID-19) Outbreak Data Widgets Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23852 WordPress First Comment Redirect plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23853 WordPress NoFollow Free plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23854 WordPress Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23855 WordPress SpiderDisplay plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23856 WordPress Simple Vertical Timeline plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23857 WordPress Essential WP Real Estate Plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23858 WordPress Custom Users Order Plugin <= 4.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23859 WordPress Daily Proverb plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23860 WordPress Charity-thermometer plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23861 WordPress Debt Calculator plugin <= 1.0.1 - CSRF to Stored XSS vulnerability
CVE-2025-23862 WordPress Contact Form 7 Anti Spambot plugin <= 1.0.1 - Broken Access Control vulnerability
CVE-2025-23863 WordPress Rollover Tab plugin <= 1.3.2 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23864 WordPress WCS QR Code Generator plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23865 WordPress Winning Portfolio plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23866 WordPress EU DSGVO Helper Plugin <= 1.0.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23867 WordPress WordPress File Search Plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23868 WordPress Chess Tempo Viewer plugin <= 0.9.5 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23869 WordPress CJ Custom Content plugin <= 2.0 - CSRF to Cross-Site Scripting vulnerability
CVE-2025-23870 WordPress Copyright Safeguard Footer Notice plugin <= 3.0 - CSRF to Stored Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-23871 WordPress LSD Google Maps Embedder plugin <= 1.1 - CSRF to Stored XSS vulnerability
CVE-2025-23872 WordPress PayForm plugin <= 2.0 - CSRF to Stored XSS vulnerability
CVE-2025-23873 WordPress Category D3 Tree plugin <= 1.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23874 WordPress WP Block Pack plugin <= 1.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23875 WordPress Better Protected Pages plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-23876 WordPress WP krpano plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23877 WordPress Nite Shortcodes plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23878 WordPress Post-to-Post Links plugin <= 4.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23879 WordPress Easy Automatic Newsletter Lite Plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23880 WordPress amr personalise plugin <= 2.10 - CSRF to Stored XSS vulnerability
CVE-2025-23881 WordPress LJ Custom Menu Links Plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23882 WordPress WP Download Codes Plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23883 WordPress Stray Random Quotes Plugin <= 1.9.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23884 WordPress Annie plugin <= 2.1.1 - CSRF to Stored XSS vulnerability
CVE-2025-23885 WordPress MJ Contact us Plugin <= 5.2.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23886 WordPress Annie plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23887 WordPress Blog Summary plugin <= 0.1.2 β - Cross Site Scripting (XSS) vulnerability
CVE-2025-23888 WordPress Custom Page Extensions Plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23889 WordPress FooGallery Captions Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23890 WordPress Easy Tweet Embed plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23891 WordPress Yet Another Countdown Plugin plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23892 WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23893 WordPress GMap Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23894 WordPress wp-flickr-press Plugin <= 2.6.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23895 WordPress Add RSS plugin <= 1.5 - CSRF to Stored XSS vulnerability
CVE-2025-23896 WordPress Mindmeister Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23897 WordPress Apply with LinkedIn buttons plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23898 WordPress Apply with LinkedIn buttons plugin <= 2.3 - CSRF to Stored XSS vulnerability
CVE-2025-23899 WordPress Bookalet plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23900 WordPress Genki Announcement plugin <= 1.4.1 - CSRF to Stored XSS vulnerability
CVE-2025-23901 WordPress GravatarLocalCache plugin <= 1.1.2 - CSRF to Stored XSS vulnerability
CVE-2025-23902 WordPress Error Notification plugin <= 0.2.7 - CSRF to Stored XSS vulnerability
CVE-2025-23903 WordPress Local Shipping Labels for WooCommerce Plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23904 WordPress Rebrand Fluent Forms Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23905 WordPress Admin Options Pages plugin <= 0.9.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23906 WordPress WordPress Dashboard Tweeter plugin <= 1.3.2 - Settings Change vulnerability
CVE-2025-23907 WordPress SOCIAL.NINJA plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23908 WordPress Pastebin plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23909 WordPress Compare Ninja plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23910 WordPress Menus Plus+ Plugin <= 1.9.6 - SQL Injection vulnerability
CVE-2025-23911 WordPress Solidres – Hotel booking plugin for WordPress Plugin <= 0.9.4 - SQL Injection vulnerability
CVE-2025-23912 WordPress WordPress Custom Sidebar Plugin <= 2.3 - SQL Injection vulnerability
CVE-2025-23913 WordPress Google Map Professional Plugin <= 1.0 - SQL Injection vulnerability
CVE-2025-23914 WordPress Muzaara Google Ads Report Plugin <= 3.1 - PHP Object Injection vulnerability
CVE-2025-23915 WordPress FAT Event Lite plugin <= 1.1 - Authenticated Non-Arbitrary Local File Inclusion vulnerability
CVE-2025-23916 WordPress WP Meetup plugin <= 2.3.0 - Settings Change vulnerability
CVE-2025-23917 WordPress Chamber Dashboard Business Directory Plugin <= 3.3.8 - Broken Access Control vulnerability
CVE-2025-23918 WordPress Smallerik File Browser plugin <= 1.1 - Arbitrary File Upload vulnerability
CVE-2025-23919 WordPress Slides & Presentations Plugin <= 0.0.39 - Content Injection vulnerability
CVE-2025-23920 WordPress ApplicantPro Plugin <= 1.3.9 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23921 WordPress Multi Uploader for Gravity Forms plugin <= 1.1.3 - Arbitrary File Upload vulnerability
CVE-2025-23922 WordPress iSpring Embedder plugin <= 1.0 - CSRF to Arbitrary File Upload vulnerability
CVE-2025-23923 WordPress Lockets Plugin <= 0.999 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23924 WordPress WP Photo Sphere plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23925 WordPress Feedburner Optin Form plugin <= 0.2.8 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23926 WordPress Ajax WP Query Search Filter plugin <= 1.0.7 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23927 WordPress Incredible Font Awesome plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23928 WordPress Google Org Chart plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23929 WordPress Email Capture & Lead Generation Plugin <= 1.0.2 - Broken Access Control vulnerability
CVE-2025-23930 WordPress PayPal Marketing Solutions plugin <= 1.2 - Broken Access Control vulnerability
CVE-2025-23931 WordPress WordPress Local SEO plugin <= 2.3 - SQL Injection vulnerability
CVE-2025-23932 WordPress Quick Count Plugin <= 3.00 - PHP Object Injection vulnerability
CVE-2025-23933 WordPress WpF Ultimate Carousel plugin <= 1.0.11 - Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23934 WordPress Giveaways and Contests by PromoSimple plugin <= 1.24 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23935 WordPress Magic Google Maps plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23936 WordPress CC Circle Progress Bar plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23937 WordPress LinkedIn Lite Plugin <= 1.0 - Local File Inclusion vulnerability
CVE-2025-23938 WordPress Image Gallery Box by CRUDLab Plugin <= 1.0.3 - Local File Inclusion vulnerability
CVE-2025-23939 WordPress Image Switcher plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23940 WordPress jupdf pdf viewer plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23941 WordPress MeinTurnierplan.de Widget Viewer plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23942 WordPress WP Load Gallery Plugin <= 2.1.6 - Arbitrary File Upload vulnerability
CVE-2025-23943 WordPress PDF.js Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23944 WordPress WOOEXIM Plugin <= 5.0.0 - PHP Object Injection vulnerability
CVE-2025-23945 WordPress Popliup Plugin <= 1.1.1 - Local File Inclusion vulnerability
CVE-2025-23946 WordPress Enhanced YouTube Shortcode plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23947 WordPress WP-Player plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23948 WordPress Background animation blocks Plugin <= 2.1.5 - Local File Inclusion vulnerability
CVE-2025-23949 WordPress Improved Sale Badges – Free Version Plugin <= 1.0.1 - Local File Inclusion vulnerability
CVE-2025-23950 WordPress EZPlayer plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23951 WordPress Gallery: Hybrid – Advanced Visual Gallery plugin <= 1.4.0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23952 WordPress Custom Field List Widget Plugin <= 1.5.1 - Local File Inclusion vulnerability
CVE-2025-23953 WordPress user files plugin <= 2.4.2 - Arbitrary File Upload vulnerability
CVE-2025-23954 WordPress Salvador – AI Image Generator plugin <= 1.0.11 - Broken Access Control vulnerability
CVE-2025-23955 WordPress Xola plugin <= 1.6 - Broken Access Control vulnerability
CVE-2025-23956 WordPress WP Easy Post Mailer Plugin <= 0.64 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23957 WordPress Sur.ly plugin <= 3.0.3 - Broken Access Control vulnerability
CVE-2025-23958 WordPress Editor Wysiwyg Background Color plugin <= 1.0 - Broken Access Control vulnerability
CVE-2025-23959 WordPress Good Old Gallery Plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23960 WordPress Save & Import Image from URL Plugin <= 0.7 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23961 WordPress WordPress Graphs & Charts Plugin <= 2.0.8 - Broken Access Control vulnerability
CVE-2025-23962 WordPress Goldstar plugin <= 2.1.1 - Broken Access Control vulnerability
CVE-2025-23963 WordPress Mark Posts plugin <= 2.2.3 - Broken Access Control vulnerability
CVE-2025-23964 WordPress Google Plus Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23965 WordPress Kopa Nictitate Toolkit plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23966 WordPress a Gateway for Pasargad Bank on WooCommerce Plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23967 WordPress GG Bought Together for WooCommerce plugin <= 1.0.2 - SQL Injection Vulnerability
CVE-2025-23968 WordPress AiBud WP plugin <= 1.8.5 - Arbitrary File Upload vulnerability
E
CVE-2025-23969 WordPress KI Live Video Conferences <= 5.5.15 - Sensitive Data Exposure Vulnerability
CVE-2025-23970 WordPress Service Finder Booking <= 6.0 - Privilege Escalation Vulnerability
CVE-2025-23971 WordPress KI Live Video Conferences <= 5.5.15 - Broken Access Control Vulnerability
CVE-2025-23972 WordPress Contact Form 7 reCAPTCHA plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-23973 WordPress SpecFit-Virtual Try On Woocommerce plugin <= 7.0.6 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-23974 WordPress One-Login <= 1.4 - Privilege Escalation Vulnerability
CVE-2025-23975 WordPress Botnet Attack Blocker plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23976 WordPress Issuu Panel plugin <= 2.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23977 WordPress Post Carousel Slider plugin <= 2.0.1 - CSRF to Stored XSS vulnerability
CVE-2025-23978 WordPress FlashCounter plugin <= 1.1.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23979 WordPress Flashy theme <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23980 WordPress Full Circle plugin <= 0.5.7.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CVE-2025-23981 WordPress CarZine theme <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23982 WordPress Fare Calculator plugin <= 1.1 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2025-23983 WordPress Tijaji theme <= 1.43 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23984 WordPress Dynamic URL SEO plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-23985 WordPress Dynamic URL SEO plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-23986 WordPress Tiki Time theme <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23987 WordPress Designer plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23988 WordPress ghostwriter theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23989 WordPress Internal Link Builder plugin <= 1.0 - CSRF to Stored XSS vulnerability
CVE-2025-23990 WordPress Scroll Styler plugin <= 1.1 - CSRF to Stored XSS vulnerability
CVE-2025-23991 WordPress Product Size Charts Plugin for WooCommerce plugin <= 2.4.5 - Broken Access Control vulnerability
CVE-2025-23992 WordPress Toocheke Companion plugin <= 1.166 - Stored Cross Site Scripting (XSS) vulnerability
S
CVE-2025-23994 WordPress Estatebud – Properties & Listings plugin <= 5.5.0 - CSRF to Stored XSS vulnerability
CVE-2025-23995 WordPress Tantyyellow theme <= 1.0.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23996 WordPress AnyRoad plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-23997 WordPress Tamara Checkout plugin <= 1.9.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-23998 WordPress UltraLight theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-23999 WordPress Breeze plugin <= 2.2.13 - Broken Access Control vulnerability
S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.