| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2025-28009 | A SQL Injection vulnerability exists in the `u` parameter of the progress-body-weight.php endpoint o... | | |
| CVE-2025-28010 | A cross-site scripting (XSS) vulnerability has been identified in MODX prior to 3.1.0. The vulnerabi... | E | |
| CVE-2025-28011 | A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login... | E | |
| CVE-2025-28015 | A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Regi... | E | |
| CVE-2025-28017 | TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via th... | E | |
| CVE-2025-28018 | TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downl... | E | |
| CVE-2025-28019 | TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the d... | E | |
| CVE-2025-28020 | TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downl... | E | |
| CVE-2025-28021 | TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the d... | E | |
| CVE-2025-28022 | TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downl... | E | |
| CVE-2025-28024 | TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the c... | E | |
| CVE-2025-28025 | TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128... | E | |
| CVE-2025-28026 | TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128... | E | |
| CVE-2025-28027 | TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128... | E | |
| CVE-2025-28028 | TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128... | E | |
| CVE-2025-28029 | TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128... | E | |
| CVE-2025-28030 | TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime ... | E | |
| CVE-2025-28031 | TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a hardcoded password for the telnet... | E | |
| CVE-2025-28032 | TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102... | E | |
| CVE-2025-28033 | TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102... | E | |
| CVE-2025-28034 | TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R V4.1.2cu.5182_B20201026, A830R V4.1.2cu.5182_B20201102... | E | |
| CVE-2025-28035 | TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a pre-auth remote command execution vuln... | E | |
| CVE-2025-28036 | TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a pre-auth remote command execution vul... | E | |
| CVE-2025-28037 | TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pr... | E | |
| CVE-2025-28038 | TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vu... | E | |
| CVE-2025-28039 | TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain a pre-auth remote command execution vu... | E | |
| CVE-2025-28055 | upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit... | E | |
| CVE-2025-28056 | rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /admin/admin-cli/exec component.... | E | |
| CVE-2025-28057 | owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_or... | E | |
| CVE-2025-28059 | An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain... | | |
| CVE-2025-28062 | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The... | E | |
| CVE-2025-28072 | PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php.... | E | |
| CVE-2025-28073 | phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php en... | | |
| CVE-2025-28074 | phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization... | | |
| CVE-2025-28076 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows rem... | | |
| CVE-2025-28087 | Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.... | E | |
| CVE-2025-28089 | maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task ... | E | |
| CVE-2025-28090 | maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custo... | E | |
| CVE-2025-28091 | maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.... | E | |
| CVE-2025-28092 | ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.... | E | |
| CVE-2025-28093 | ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.... | E | |
| CVE-2025-28094 | shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.... | E | |
| CVE-2025-28096 | OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.... | E | |
| CVE-2025-28097 | OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers.... | E | |
| CVE-2025-28099 | opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.js... | E | |
| CVE-2025-28100 | A SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a attacker to execute arbitrary code via ... | E | |
| CVE-2025-28101 | An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allo... | E | |
| CVE-2025-28102 | A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary... | E | |
| CVE-2025-28103 | Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via... | | |
| CVE-2025-28104 | Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted i... | E | |
| CVE-2025-28121 | code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedba... | E | |
| CVE-2025-28128 | An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification... | E | |
| CVE-2025-28131 | A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege use... | | |
| CVE-2025-28132 | A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session ... | | |
| CVE-2025-28135 | TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downl... | E | |
| CVE-2025-28136 | TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the d... | | |
| CVE-2025-28137 | The TOTOLINK A810R V4.1.2cu.5182_B20201026 were found to contain a pre-auth remote command execution... | E | |
| CVE-2025-28138 | The TOTOLINK A800R V4.1.2cu.5137_B20200730 were found to contain a pre-auth remote command execution... | E | |
| CVE-2025-28142 | Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a comman... | E | |
| CVE-2025-28143 | Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a comman... | E | |
| CVE-2025-28144 | Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack ... | E | |
| CVE-2025-28145 | Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a comman... | E | |
| CVE-2025-28146 | Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a comman... | E | |
| CVE-2025-28168 | The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Up... | | |
| CVE-2025-28169 | BYD QIN PLUS DM-i Dilink OS v3.0_13.1.7.2204050.1 to v3.0_13.1.7.2312290.1_0 was discovered to cend ... | | |
| CVE-2025-28197 | Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.... | | |
| CVE-2025-28198 | A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive in... | E | |
| CVE-2025-28200 | Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes... | E | |
| CVE-2025-28201 | An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arb... | E | |
| CVE-2025-28202 | Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and T... | E | |
| CVE-2025-28203 | Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability.... | | |
| CVE-2025-28219 | Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows ... | | |
| CVE-2025-28220 | Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows rem... | | |
| CVE-2025-28221 | Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which al... | | |
| CVE-2025-28228 | A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09,... | E | |
| CVE-2025-28229 | Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers... | E | |
| CVE-2025-28230 | Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access hardcoded a... | E | |
| CVE-2025-28231 | Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to exe... | E | |
| CVE-2025-28232 | Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows attack... | E | |
| CVE-2025-28233 | Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, ... | E | |
| CVE-2025-28235 | An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Se... | E | |
| CVE-2025-28236 | Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code executi... | E | |
| CVE-2025-28237 | An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to... | E | |
| CVE-2025-28238 | Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4AS... | E | |
| CVE-2025-28242 | Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers t... | E | |
| CVE-2025-28243 | An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages co... | | |
| CVE-2025-28244 | Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote... | | |
| CVE-2025-28245 | Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to i... | E | |
| CVE-2025-28253 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2025-28254 | Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to... | S | |
| CVE-2025-28256 | An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary co... | E | |
| CVE-2025-28354 | An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows att... | | |
| CVE-2025-28355 | Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowin... | E | |
| CVE-2025-28361 | Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker... | | |
| CVE-2025-28367 | mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - Im... | E S | |
| CVE-2025-28371 | EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password cha... | E | |
| CVE-2025-28380 | A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbit... | E M | |
| CVE-2025-28381 | A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environm... | E M | |
| CVE-2025-28382 | An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a dire... | E M | |
| CVE-2025-28384 | An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a d... | E M | |
| CVE-2025-28386 | A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0... | E | |
| CVE-2025-28388 | OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account.... | E M | |
| CVE-2025-28389 | Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a br... | E M | |
| CVE-2025-28395 | D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the ho... | E | |
| CVE-2025-28398 | D-LINK DI-8100 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the rem... | E | |
| CVE-2025-28399 | An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the upd... | E | |
| CVE-2025-28400 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter i... | E | |
| CVE-2025-28401 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter... | E | |
| CVE-2025-28402 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter... | E | |
| CVE-2025-28403 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method do... | E | |
| CVE-2025-28405 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus metho... | E | |
| CVE-2025-28406 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter... | E | |
| CVE-2025-28407 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the... | E | |
| CVE-2025-28408 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree met... | E | |
| CVE-2025-28409 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the ... | E | |
| CVE-2025-28410 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll ... | E | |
| CVE-2025-28411 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in... | E | |
| CVE-2025-28412 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method i... | E | |
| CVE-2025-28413 | An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeControl... | E | |
| CVE-2025-28855 | WordPress Teleport plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28856 | WordPress W3Counter Free Real-Time Web Stats plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28857 | WordPress Rankchecker.io Integration plugin <= 1.0.9 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28858 | WordPress Arrow Maps plugin <= 1.0.9 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28859 | WordPress Maintenance Notice plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28860 | WordPress Google News Editors Picks Feed Generator plugin <= 2.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28861 | WordPress WP jQuery Persian Datepicker plugin <= 0.1.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28862 | WordPress Comment Date and Gravatar remover plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28863 | WordPress Delete Original Image plugin <= 0.4 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28864 | WordPress Builder for Contact Form 7 by Webconstruct plugin <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28865 | WordPress WP Colorful Tag Cloud plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28866 | WordPress Login Logger plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28867 | WordPress Frontpage category filter plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28868 | WordPress ZipList Recipe plugin <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28869 | WordPress NextGEN Gallery Voting plugin <= 2.7.6 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28870 | WordPress amoCRM WebForm plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28871 | WordPress Block Spam By Math Reloaded plugin <= 2.2.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28872 | WordPress Block Spam By Math Reloaded plugin <= 2.2.4 - Broken Access Control vulnerability | | |
| CVE-2025-28873 | WordPress Shuffle plugin <= 0.5 - SQL Injection vulnerability | | |
| CVE-2025-28874 | WordPress BP Email Assign Templates By shanebp plugin <= 1.6 - Arbitrary Content Deletion vulnerability | | |
| CVE-2025-28875 | WordPress BP Email Assign Templates By shanebp plugin <= 1.6 - Cross-Site Scripting vulnerability | | |
| CVE-2025-28876 | WordPress Skrill Official plugin <= 1.0.65 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28877 | WordPress Key4ce osTicket Bridge plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28878 | WordPress Awesome Surveys plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28879 | WordPress Bee Layer Slider plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28880 | WordPress Blue Captcha plugin <= 1.7.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28881 | WordPress Mobile Themes plugin <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28882 | WordPress Omnify plugin <= 2.0.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28883 | WordPress WP Compare Tables plugin <= 1.0.5 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28884 | WordPress WP Bulk Post Duplicator plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28885 | WordPress Fiverr.com Official Search Box plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28886 | WordPress REST API TO MiniProgram plugin <= 4.7.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28887 | WordPress Plugins Last Updated Column plugin <= 0.1.3 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28888 | WordPress GiftXtore <= 1.7.4 - Local File Inclusion Vulnerability | | |
| CVE-2025-28889 | WordPress Custom Product Stickers for Woocommerce plugin <= 1.9.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28890 | WordPress Lightview Plus plugin <= 3.1.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28891 | WordPress price-calc plugin <= 0.6.3 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28892 | WordPress FTP Sync plugin <= 1.1.6 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28893 | WordPress Visual Text Editor plugin <= 1.2.1 - Remote Code Execution (RCE) vulnerability | | |
| CVE-2025-28894 | WordPress List of Posts from each Category plugin for WordPress plugin <= 2.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28895 | WordPress Custom top bar plugin <= 2.0.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28896 | WordPress AS English Admin plugin <= 1.0.0 - Open Redirection vulnerability | | |
| CVE-2025-28897 | WordPress Domain Theme plugin <= 1.3 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28898 | WordPress WP Multistore Locator plugin <= 2.5.2 - SQL Injection vulnerability | | |
| CVE-2025-28899 | WordPress WP Event Ticketing plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28900 | WordPress TabGarb Pro plugin <= 2.6 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28901 | WordPress Members page only for logged in users plugin <= 1.4.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28902 | WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28903 | WordPress Driving Directions plugin <= 1.4.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28904 | WordPress Web Directory Free plugin <= 1.7.6 - SQL Injection vulnerability | S | |
| CVE-2025-28905 | WordPress Featured Posts Grid plugin <= 1.7 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28906 | WordPress Skitter Slideshow plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28907 | WordPress WP Last Modified plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28908 | WordPress pipDisqus plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28909 | WordPress WP No-Bot Question plugin <= 0.1.7 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28910 | WordPress WP Hide Admin Bar plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28911 | WordPress Gravity 2 PDF plugin <= 3.1.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28912 | WordPress Custom Dashboard Page plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28913 | WordPress WP Add Active Class To Menu Item plugin <=1.0 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28914 | WordPress wordpress login form to anywhere plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28915 | WordPress ThemeEgg ToolKit plugin <= 1.2.9 - Arbitrary File Upload vulnerability | | |
| CVE-2025-28916 | WordPress Docpro plugin <= 2.0.1 - Local File Inclusion vulnerability | | |
| CVE-2025-28917 | WordPress Custom Smilies plugin <= 2.9.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28918 | WordPress Featured Image Thumbnail Grid plugin <= 6.6.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28919 | WordPress Easy Image Display plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28920 | WordPress Responsive Google Map plugin <= 3.1.5 - Broken Access Control vulnerability | | |
| CVE-2025-28921 | WordPress SpatialMatch IDX plugin <= 3.0.9 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28922 | WordPress Go To Top plugin <= 0.0.8 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28923 | WordPress No Disposable Email plugin <= 2.5.1 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28924 | WordPress ZenphotoPress plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28925 | WordPress WATI Chat and Notification plugin <= 1.1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28926 | WordPress Post Read Time plugin <= 1.2.6 - Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28927 | WordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28928 | WordPress Are you robot google recaptcha for Wordpress plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28929 | WordPress Tabbed Login Widget plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28930 | WordPress List Mixcloud plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28931 | WordPress WordPress Hashtags plugin <= 0.3.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28932 | WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28933 | WordPress MaxA/B plugin <= 2.2.2 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28934 | WordPress Simple Post Series plugin <= 2.4.4 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28935 | WordPress Fancybox Plus plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28936 | WordPress Lunar plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28937 | WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28938 | WordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerability | | |
| CVE-2025-28939 | WordPress WP Google Calendar Manager plugin <= 2.1 - SQL Injection vulnerability | | |
| CVE-2025-28940 | WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28941 | WordPress SPAM-BYBYE Plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28942 | WordPress Trust Payments Gateway for WooCommerce plugin <= 1.1.4 - SQL Injection vulnerability | | |
| CVE-2025-28943 | WordPress DP ALTerminator - Missing ALT manager Plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28944 | WordPress Avaz <= 2.8 - Local File Inclusion Vulnerability | | |
| CVE-2025-28945 | WordPress Valen - Sport, Fashion WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability | | |
| CVE-2025-28946 | WordPress PrintXtore theme <= 1.7.5 - Local File Inclusion Vulnerability | | |
| CVE-2025-28947 | WordPress MBStore - Digital WooCommerce WordPress Theme <= 2.3 - Local File Inclusion Vulnerability | | |
| CVE-2025-28948 | WordPress Mediabay - WordPress Media Library Folders plugin <= 1.4 - CSRF to Reflected XSS vulnerability | | |
| CVE-2025-28950 | WordPress Post Author <= 1.1.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-28951 | WordPress Bulk Featured Image plugin <= 1.2.1 - Arbitrary File Upload Vulnerability | | |
| CVE-2025-28952 | WordPress CubePoints <= 3.2.1 - Cross Site Request Forgery (CSRF) Vulnerability | | |
| CVE-2025-28954 | WordPress Backwp plugin <= 2.0.2 - CSRF to Arbitrary File Deletion vulnerability | | |
| CVE-2025-28956 | WordPress Backwp plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28957 | WordPress OwnerRez plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-28958 | WordPress Bg Orthodox Calendar plugin <= 0.13.10 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28960 | WordPress Evangelische Termine plugin <= 3.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-28963 | WordPress URL Shortener plugin <= 3.0.7 - Server Side Request Forgery (SSRF) Vulnerability | | |
| CVE-2025-28964 | WordPress Personal Favicon plugin <= 2.0 - CSRF to Stored XSS vulnerability | | |
| CVE-2025-28966 | WordPress Recent Posts Slider Responsive plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2025-28967 | WordPress Contact Us page - Contact people LITE plugin <= 3.7.4 - SQL Injection Vulnerability | | |
| CVE-2025-28968 | WordPress WP Wall plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28969 | WordPress Gallery Widget plugin <= 1.2.1 - SQL Injection Vulnerability | | |
| CVE-2025-28970 | WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability | | |
| CVE-2025-28971 | WordPress Easy Elements Hider plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-28972 | WordPress WP Employee Attendance System <= 3.5 - SQL Injection Vulnerability | | |
| CVE-2025-28974 | WordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-28976 | WordPress Email Address Security by WebEmailProtector <= 3.3.6 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-28978 | WordPress SB Breadcrumbs plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2025-28980 | WordPress Aviation Weather from NOAA <= 0.7.2 - Arbitrary File Deletion Vulnerability | | |
| CVE-2025-28981 | WordPress WP Mail Options plugin <= 0.2.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability | | |
| CVE-2025-28983 | WordPress Click & Pledge Connect plugin <= 25.04010101-WP6.8 - Privilege Escalation via SQL Injection vulnerability | | |
| CVE-2025-28984 | WordPress Subscription Renewal Reminders for WooCommerce plugin <= 1.3.7 - Cross Site Request Forgery to Notice Dismissal vulnerability | | |
| CVE-2025-28985 | WordPress Elastic Email Subscribe Form <= 1.2.2 - Broken Access Control Vulnerability | | |
| CVE-2025-28986 | WordPress Epicwin Plugin plugin <= 1.5 - CSRF to SQL Injection vulnerability | | |
| CVE-2025-28988 | WordPress WP Front User Submit / Front Editor plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2025-28989 | WordPress Read More Login <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability | | |
| CVE-2025-28990 | WordPress SNS Vicky theme <= 3.7 - Local File Inclusion Vulnerability | | |
| CVE-2025-28991 | WordPress Evon <= 3.4 - Local File Inclusion Vulnerability | | |
| CVE-2025-28992 | WordPress SNS Anton <= 4.1 - Local File Inclusion Vulnerability | | |
| CVE-2025-28993 | WordPress Content No Cache plugin <= 0.1.3 - Arbitrary Function Call vulnerability | | |
| CVE-2025-28994 | WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability | | |
| CVE-2025-28995 | WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability | | |
| CVE-2025-28996 | WordPress GPP Slideshow <= 1.3.5 - Broken Access Control Vulnerability | | |
| CVE-2025-28997 | WordPress WP AutoKeyword <= 1.0 - Broken Access Control Vulnerability | | |
| CVE-2025-28998 | WordPress SERPed.net plugin <= 4.6 - Local File Inclusion Vulnerability | |