CVE-2025-31xxx

There are 762 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-31000 WordPress Payment QR WooCommerce <= 1.1.6 - Broken Access Control Vulnerability
CVE-2025-31001 WordPress GTM Kit plugin <= 2.3.1 - Sensitive Data Exposure vulnerability
CVE-2025-31002 WordPress Squeeze plugin <= 1.6 - Arbitrary File Upload vulnerability
S
CVE-2025-31003 WordPress Squeeze plugin <= 1.6 - Full Path Disclosure (FPD) vulnerability
S
CVE-2025-31004 WordPress Rich Table of Contents plugin <= 1.4.0 - Broken Access Control vulnerability
CVE-2025-31005 WordPress Easyfonts plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-31006 WordPress Activity Reactions For Buddypress plugin <= 1.0.22 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31008 WordPress YouTube Embed <= 5.3.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-31009 WordPress IndieBlocks <= 0.13.1 - Server Side Request Forgery (SSRF) Vulnerability
S
CVE-2025-31010 WordPress SimplyRETS Real Estate IDX plugin <= 3.0.3 - CSRF to Multiple Admin Actions vulnerability
CVE-2025-31011 WordPress SimplyRETS Real Estate IDX plugin <= 3.0.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31012 WordPress Age Gate <= 3.5.4 - Broken Access Control Vulnerability
S
CVE-2025-31014 WordPress Material Dashboard <= 1.4.5 - Local File Inclusion Vulnerability
S
CVE-2025-31015 WordPress WordPress SMTP Service, Email Delivery Solved! — MailHawk <= 1.3.1 - Local File Inclusion Vulnerability
CVE-2025-31016 WordPress JetWooBuilder plugin <= 2.1.18 - Local File Inclusion vulnerability
S
CVE-2025-31017 WordPress Nav Menu Manager <= 3.2.5 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-31018 WordPress FireDrum Email Marketing plugin <= 1.64 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31019 WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability
S
CVE-2025-31020 WordPress Simple Spoiler <= 1.4 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-31021 WordPress Mobile Smart plugin <= v1.3.16 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31022 WordPress PayU India plugin < 3.8.8 - Account Takeover vulnerability
S
CVE-2025-31023 WordPress Seo Meta Tags plugin <= 1.4 - CSRF to Privilege Escalation vulnerability
CVE-2025-31024 WordPress RJ Quickcharts plugin <= 0.6.1 - SQL Injection vulnerability
CVE-2025-31025 WordPress Image Hover Effects Block <= 1.4.5 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-31026 WordPress Comment Validation Reloaded plugin <= 0.5 - CSRF to Stored XSS vulnerability
CVE-2025-31027 WordPress Tiger theme <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31028 WordPress WP Hide Categories <= 1.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-31030 WordPress Ray Enterprise Translation <= 1.7.0 - Local File Inclusion Vulnerability
S
CVE-2025-31031 WordPress Job Colors for WP Job Manager plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-31032 WordPress Pagopar – WooCommerce Gateway plugin <= 2.7.1 - CSRF to Stored XSS vulnerability
CVE-2025-31033 WordPress Buddypress Humanity plugin <= 1.2 - CSRF to Privilege Escalation vulnerability
CVE-2025-31034 WordPress Customize Login Page plugin <= 1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
CVE-2025-31035 WordPress WP Editor.md – The Perfect WordPress Markdown Editor <= 10.2.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-31036 WordPress WPSolr plugin <= 24.0 - CSRF to Privilege Escalation vulnerability
CVE-2025-31037 WordPress Homey theme <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31038 WordPress Essential Breadcrumbs plugin <= 1.1.1 - CSRF to Privilege Escalation vulnerability
CVE-2025-31039 WordPress Category Icon plugin <= 1.0.2 - XML External Entity (XXE) vulnerability
CVE-2025-31040 WordPress WP Food ordering and Restaurant Menu <= 1.1 - Local File Inclusion Vulnerability
CVE-2025-31041 WordPress AnyTrack Affiliate Link Manager <= 1.0.4 - Broken Access Control Vulnerability
CVE-2025-31042 WordPress Sandwich Adsense <= 4.0.2 - Broken Access Control Vulnerability
CVE-2025-31043 WordPress JetSearch plugin <= 3.5.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-31045 WordPress elfsight Contact Form widget <= 2.3.1 - Sensitive Data Exposure Vulnerability
CVE-2025-31049 WordPress Dash <= 1.3 - PHP Object Injection Vulnerability
CVE-2025-31050 WordPress Apptha Slider Gallery plugin <= 2.5 - Arbitrary File Read vulnerability
CVE-2025-31052 WordPress The Fashion - Model Agency One Page Beauty Theme <= 1.4.4 - Deserialization of untrusted data Vulnerability
CVE-2025-31053 WordPress KBx Pro Ultimate < 8.0.5 - Arbitrary File Deletion Vulnerability
S
CVE-2025-31056 WordPress WhatsCart plugin <= 1.1.0 - SQL Injection vulnerability
CVE-2025-31057 WordPress Universal Video Player plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31058 WordPress Revolution Video Player plugin <= 2.9.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31059 WordPress WBW Product Table PRO <= 2.1.3 - SQL Injection Vulnerability
CVE-2025-31060 WordPress Capie <= 1.0.40 - Local File Inclusion Vulnerability
CVE-2025-31061 WordPress Wishlist plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-31062 WordPress Wishlist <= 2.1.0 - Sensitive Data Exposure Vulnerability
CVE-2025-31063 WordPress Wishlist <= 2.1.0 - Broken Access Control Vulnerability
CVE-2025-31064 WordPress Vizeon - Business Consulting <= 1.1.7 - Local File Inclusion Vulnerability
CVE-2025-31065 WordPress Rozario <= 1.4 - Broken Access Control Vulnerability
CVE-2025-31066 WordPress Acerola <= 1.6.5 - Broken Access Control Vulnerability
CVE-2025-31067 WordPress Seven Stars theme <= 1.4.4 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-31068 WordPress Seven Stars <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-31069 WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - PHP Object Injection Vulnerability
CVE-2025-31071 WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - Broken Access Control Vulnerability
CVE-2025-31073 WordPress Unlimited <= 1.45 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-31074 WordPress MDJM Event Management plugin <= 1.7.5.2 - PHP Object Injection vulnerability
S
CVE-2025-31075 WordPress MicroPayments plugin <= 2.9.29 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-31076 WordPress WP Compress for MainWP plugin <= 6.30.03 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2025-31077 WordPress Ultimate Blocks plugin <= 3.2.7 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-31078 WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.18 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-31079 WordPress Usermaven plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2025-31080 WordPress HTML Forms plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2025-31081 WordPress Enable Media Replace plugin <= 4.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-31082 WordPress News & Blog Designer Pack plugin <= 4.0 - Local File Inclusion vulnerability
S
CVE-2025-31083 WordPress Leaky Paywall <= 4.21.7 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-31084 WordPress Sunshine Photo Cart <= 3.4.10 - PHP Object Injection Vulnerability
S
CVE-2025-31085 WordPress xili-language plugin <= 2.21.2 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-31086 WordPress Product Table by WBW plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-31087 WordPress Multiple Shipping And Billing Address For Woocommerce <= 1.5 - PHP Object Injection Vulnerability
S
CVE-2025-31088 WordPress Paid Member Subscriptions <= 2.14.3 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-31089 WordPress Order Splitter for WooCommerce <= 5.3.0 - SQL Injection Vulnerability
S
CVE-2025-31090 WordPress Dropdown Multisite selector < 0.9.4 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-31091 WordPress CM Header and Footer <= 1.2.4 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-31092 WordPress Click to Chat – WP Support All-in-One Floating Widget plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-31093 WordPress RPS Include Content <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-31094 WordPress WP Posts Carousel <= 1.3.8 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-31095 WordPress Material Dashboard <= 1.4.5 - Privilege Escalation Vulnerability
S
CVE-2025-31096 WordPress PostX <= 4.1.25 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-31097 WordPress Material Dashboard <= 1.4.5 - Local File Inclusion Vulnerability
S
CVE-2025-31098 WordPress DeBounce Email Validator <= 5.7 - Local File Inclusion Vulnerability
S
CVE-2025-31099 WordPress Slider by BestWebSoft <= 1.1.0 - SQL Injection Vulnerability
S
CVE-2025-31101 WordPress VaultRE Contact Form 7 plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-31102 WordPress Hostel plugin <= 1.1.5.5 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-31103 Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted re...
CVE-2025-31104 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulner...
S
CVE-2025-31105 Rejected reason: Not used...
R
CVE-2025-31106 Rejected reason: Not used...
R
CVE-2025-31107 Rejected reason: Not used...
R
CVE-2025-31108 Rejected reason: Not used...
R
CVE-2025-31109 Rejected reason: Not used...
R
CVE-2025-31110 Rejected reason: Not used...
R
CVE-2025-31111 Rejected reason: Not used...
R
CVE-2025-31112 Rejected reason: Not used...
R
CVE-2025-31113 Rejected reason: Not used...
R
CVE-2025-31115 XZ has a heap-use-after-free bug in threaded .xz decoder
CVE-2025-31116 Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding
E S
CVE-2025-31117 OpenEMR Out-of-Band Server-Side Request Forgery (OOB SSRF) Vulnerability
E S
CVE-2025-31118 NamelessMC Has Forum Reply Submission Time Limit Bypass
E S
CVE-2025-31119 CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework
CVE-2025-31120 NamelessMC Vulnerable to Cookie-Based View Count Manipulation
E S
CVE-2025-31121 OpenEMR allows XSS in Patient Image feature
E
CVE-2025-31122 scratch-coding-hut.github.io Login Links Generation vulnerability
CVE-2025-31123 Zitadel Expired JWT Keys Usable for Authorization Grants
CVE-2025-31124 Zitadel allows User Enumeration by loginname attribute normalization
CVE-2025-31125 Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
E
CVE-2025-31126 Element X iOS allows the entity in control of the well-known file to break the confidentiality of embedded Element Call
CVE-2025-31127 Element X Android allows the entity in control of the well-known file to break the confidentiality embedded Element Call
CVE-2025-31128 gifplayer XSS vulnerability
CVE-2025-31129 jooby-pac4j: deserialization of untrusted data
CVE-2025-31130 gitoxide does not detect SHA-1 collision attacks
E
CVE-2025-31131 Path Traversal allowing arbitrary read of files in Yeswiki
E S
CVE-2025-31132 Raven allows Remote Code Execution due to improper validation
CVE-2025-31134 FreshRSS vulnerable to directory enumeration via ext.php
E S
CVE-2025-31135 Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
CVE-2025-31136 FreshRSS vulnerable to Cross-site Scripting by