CVE-2025-47xxx

There are 612 CVE in this subgroup.
Last updated: 
← Back to 2025
ID Summary Flags Max Score
CVE-2025-47000 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47002 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47003 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47004 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47005 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47006 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47007 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47008 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47010 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47011 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47012 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47013 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47014 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47015 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47016 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47017 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47019 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47020 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47021 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47022 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47025 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47026 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47027 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47029 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47030 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47031 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47032 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47033 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47034 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47035 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47036 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47037 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47038 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47039 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47040 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47041 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47042 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47044 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47045 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47047 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47048 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47049 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47050 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47051 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47052 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47055 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47056 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47057 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47060 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47062 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47063 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47065 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47066 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47067 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47068 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47069 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47070 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47071 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47072 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47073 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47074 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47075 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47076 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47077 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47078 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47079 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47080 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47081 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47082 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47083 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47084 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47085 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47086 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47087 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47088 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47089 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47090 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47091 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47092 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47093 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47094 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2025-47095 Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represe...
R
CVE-2025-47096 Adobe Experience Manager | Improper Input Validation (CWE-20)
CVE-2025-47097 InCopy | Integer Underflow (Wrap or Wraparound) (CWE-191)
CVE-2025-47098 InCopy | Access of Uninitialized Pointer (CWE-824)
CVE-2025-47099 InCopy | Heap-based Buffer Overflow (CWE-122)
CVE-2025-47102 Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represe...
R
CVE-2025-47103 InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
CVE-2025-47104 InDesign Desktop | Out-of-bounds Read (CWE-125)
CVE-2025-47105 InDesign Desktop | Out-of-bounds Read (CWE-125)
CVE-2025-47106 InDesign Desktop | Use After Free (CWE-416)
CVE-2025-47107 InCopy | Heap-based Buffer Overflow (CWE-122)
CVE-2025-47108 Substance3D - Painter | Out-of-bounds Write (CWE-787)
CVE-2025-47109 After Effects | NULL Pointer Dereference (CWE-476)
CVE-2025-47110 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47111 Acrobat Reader | NULL Pointer Dereference (CWE-476)
CVE-2025-47112 Acrobat Reader | Out-of-bounds Read (CWE-125)
CVE-2025-47113 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47114 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47115 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47116 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2025-47117 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2025-47119 Adobe Framemaker | NULL Pointer Dereference (CWE-476)
CVE-2025-47120 Adobe Framemaker | Stack-based Buffer Overflow (CWE-121)
CVE-2025-47121 Adobe Framemaker | Access of Uninitialized Pointer (CWE-824)
CVE-2025-47122 Adobe Framemaker | Heap-based Buffer Overflow (CWE-122)
CVE-2025-47123 Adobe Framemaker | Heap-based Buffer Overflow (CWE-122)
CVE-2025-47124 Adobe Framemaker | Out-of-bounds Write (CWE-787)
CVE-2025-47125 Adobe Framemaker | Heap-based Buffer Overflow (CWE-122)
CVE-2025-47126 Adobe Framemaker | Out-of-bounds Write (CWE-787)
CVE-2025-47127 Adobe Framemaker | Out-of-bounds Write (CWE-787)
CVE-2025-47128 Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)
CVE-2025-47129 Adobe Framemaker | Out-of-bounds Write (CWE-787)
CVE-2025-47130 Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)
CVE-2025-47131 Adobe Framemaker | Heap-based Buffer Overflow (CWE-122)
CVE-2025-47132 Adobe Framemaker | Out-of-bounds Write (CWE-787)
CVE-2025-47133 Adobe Framemaker | Out-of-bounds Write (CWE-787)
CVE-2025-47134 InDesign Desktop | Heap-based Buffer Overflow (CWE-122)
CVE-2025-47135 Dimension | Out-of-bounds Read (CWE-125)
CVE-2025-47136 InDesign Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191)
CVE-2025-47149 The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file...
CVE-2025-47153 Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary pack...
CVE-2025-47154 LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references...
E
CVE-2025-47159 Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability
CVE-2025-47160 Windows Shortcut Files Security Feature Bypass Vulnerability
CVE-2025-47161 Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
CVE-2025-47162 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47163 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-47164 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47165 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-47166 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-47167 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47168 Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47169 Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47170 Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47171 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-47172 Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-47173 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47174 Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-47175 Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2025-47176 Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-47178 Microsoft Configuration Manager Remote Code Execution Vulnerability
CVE-2025-47181 Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
CVE-2025-47182 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2025-47201 In Intrexx Portal Server before 12.0.4, multiple Velocity-Scripts are susceptible to the execution o...
CVE-2025-47202 In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, ...
CVE-2025-47203 dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument,...
CVE-2025-47204 An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PH...
S
CVE-2025-47226 Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information....
E S
CVE-2025-47227 In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrat...
E
CVE-2025-47228 In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection...
E
CVE-2025-47229 libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a denial of service (var_set_leav...
CVE-2025-47240 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2025-47241 In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because...
CVE-2025-47244 Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C...
CVE-2025-47245 In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a p...
CVE-2025-47256 Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via ...
CVE-2025-47268 ping in iputils through 20240905 allows a denial of service (application error or incorrect data col...
E S
CVE-2025-47269 code-server session cookie can be extracted by having user visit specially crafted proxy URL
CVE-2025-47270 nimiq-network-libp2p Uncontrolled Resource Consumption vulnerability
CVE-2025-47271 OZI-Project/ozi-publish Code Injection vulnerability
CVE-2025-47272 PhoenixCart Vulnerable to Account Deletion Without Password Confirmation
CVE-2025-47273 setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
E S
CVE-2025-47274 ToolHive stores secrets in the state store with no encryption
CVE-2025-47275 Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK
CVE-2025-47276 Actualizer Uses OpenSSL's "-passwd" Function Which Uses SHA512 Under The Hood Instead of Proper Password Hasher like Yescript/Argon2i
CVE-2025-47277 vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
CVE-2025-47278 Flask uses fallback key instead of current signing key
CVE-2025-47279 undici Denial of Service attack via bad certificate data
CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow
E
CVE-2025-47282 Malicious google credential in DNS secret can lead to privilege escalation
CVE-2025-47283 Bypassing project secret validation can lead to privilege escalation
CVE-2025-47284 Gardener vulnerable to metadata injection for a project secret that can lead to privilege escalation
CVE-2025-47285 Vyper's `concat()` builtin may elide side-effects for zero-length arguments
CVE-2025-47287 Tornado vulnerable to excessive logging caused by malformed multipart form data
CVE-2025-47288 Discourse Policy plugin private group members visible
CVE-2025-47289 Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag
E
CVE-2025-47290 Containerd vulnerable to host filesystem access during image unpack
CVE-2025-47291 containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods.
CVE-2025-47292 Cap Collectif vulnerable to insecure deserialization leading to remote code execution
CVE-2025-47293 PowSyBl Core XML Reader allows XXE and SSRF
CVE-2025-47294 A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 th...
S
CVE-2025-47295 A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, a...
S
CVE-2025-47296 Rejected reason: Not used...
R
CVE-2025-47297 Rejected reason: Not used...
R
CVE-2025-47298 Rejected reason: Not used...
R
CVE-2025-47299 Rejected reason: Not used...
R
CVE-2025-47300 Rejected reason: Not used...
R
CVE-2025-47301 Rejected reason: Not used...
R
CVE-2025-47302 Rejected reason: Not used...
R
CVE-2025-47303 Rejected reason: Not used...
R
CVE-2025-47417 Enable Debug Images
S
CVE-2025-47418 Recording
S
CVE-2025-47419 Non-Secure Access
S
CVE-2025-47420 User Permissions on Network API
S
CVE-2025-47422 Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vu...
CVE-2025-47423 Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary ...
CVE-2025-47424 Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment v...
CVE-2025-47436 Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression
CVE-2025-47438 WordPress WP Job Portal plugin <= 2.3.1 - Local File Inclusion vulnerability
S
CVE-2025-47439 WordPress Download Monitor <= 5.0.22 - Local File Inclusion Vulnerability
S
CVE-2025-47440 WordPress WPAdverts <= 2.2.2 - Local File Inclusion Vulnerability
S
CVE-2025-47441 WordPress Progress Bar <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47442 WordPress CC BMI Calculator <= 2.1.0 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47443 WordPress Widget Countdown <= 2.7.4 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47445 WordPress Eventin <= 4.0.26 - Arbitrary File Download Vulnerability
S
CVE-2025-47446 WordPress Listamester <= 2.3.6 - Cross Site Request Forgery (CSRF) Vulnerability
S
CVE-2025-47447 WordPress Cool Author Box <= 3.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
S
CVE-2025-47448 WordPress WP Hotel Booking <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability
S
CVE-2025-47449 WordPress Meow Gallery <= 5.2.7 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47450 WordPress Simple File List <= 6.1.13 - Settings Change Vulnerability
S
CVE-2025-47451 WordPress Product Quantity Dropdown For Woocommerce plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
S
CVE-2025-47452 WordPress WP VR <= 8.5.26 - Arbitrary File Upload Vulnerability
S
CVE-2025-47453 WordPress WP Smart Import <= 1.1.3 - Local File Inclusion Vulnerability
S
CVE-2025-47454 WordPress WP Gravity Forms Dynamics CRM <= 1.1.4 - Open Redirection Vulnerability
S
CVE-2025-47455 WordPress Integration for WooCommerce and Salesforce <= 1.7.5 - Open Redirection Vulnerability
S
CVE-2025-47456 WordPress WP Gravity Forms Zendesk <= 1.1.2 - Open Redirection Vulnerability
S
CVE-2025-47457 WordPress LocateAndFilter <= 1.6.16 - Broken Access Control Vulnerability
S
CVE-2025-47458 WordPress B2i Investor Tools plugin <= 1.0.7.9 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-47459 WordPress WP Fundraising Donation and Crowdfunding Platform <= 1.7.3 - Cross Site Request Forgery (CSRF) Vulnerability
S
CVE-2025-47460 WordPress TrackShip for WooCommerce <= 1.9.1 - SQL Injection Vulnerability
S
CVE-2025-47461 WordPress Subaccounts for WooCommerce plugin <= 1.6.6 - Account Takeover vulnerability
S
CVE-2025-47462 WordPress Challan plugin <= 3.7.58 - CSRF to Privilege Escalation vulnerability
S
CVE-2025-47463 WordPress Stock Locations for WooCommerce <= 2.8.6 - Broken Access Control Vulnerability
S
CVE-2025-47464 WordPress Solace Extra <= 1.3.1 - Server Side Request Forgery (SSRF) Vulnerability
S
CVE-2025-47465 WordPress Blocksy <= 2.0.97 - Broken Access Control Vulnerability
S
CVE-2025-47466 WordPress Ultimate WP Mail <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability
S
CVE-2025-47467 WordPress GS Testimonial Slider <= 3.3.0 - Broken Access Control Vulnerability
S
CVE-2025-47468 WordPress Hash Form <= 1.2.8 - Cross Site Request Forgery (CSRF) Vulnerability
S
CVE-2025-47469 WordPress Media Hygiene <= 4.0.0 - Broken Access Control Vulnerability
S
CVE-2025-47470 WordPress GPT3 AI Content Writer plugin <= 1.9.14 - Cross Site Request Forgery (CSRF) to Prompt Generation vulnerability
S
CVE-2025-47471 WordPress Envo Extra <= 1.9.9 - Broken Access Control Vulnerability
S
CVE-2025-47472 WordPress Music Player for WooCommerce <= 1.5.1 - Broken Access Control Vulnerability
S
CVE-2025-47473 WordPress PW WooCommerce Bulk Edit <= 2.134 - Cross Site Request Forgery (CSRF) Vulnerability
S
CVE-2025-47475 WordPress JupiterX Core <= 4.8.11 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47476 WordPress Cost Calculator for Elementor <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47477 WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.23 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-47478 WordPress ProfileGrid <= 5.9.5.0 - SQL Injection Vulnerability
S
CVE-2025-47479 WordPress WP Compress <= 6.30.30 - Broken Authentication Vulnerability
S
CVE-2025-47480 WordPress Graphina <= 3.0.4 - Broken Access Control Vulnerability
S
CVE-2025-47481 WordPress GS Testimonial Slider plugin <= 3.2.9 - Content Injection vulnerability
S
CVE-2025-47482 WordPress SKT Skill Bar <= 2.4 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47483 WordPress Easy Replace Image <= 3.5.0 - Server Side Request Forgery (SSRF) Vulnerability
S
CVE-2025-47484 WordPress Display Remote Posts Block <= 1.1.0 - Server Side Request Forgery (SSRF) Vulnerability
S
CVE-2025-47485 WordPress Cozy Blocks <= 2.1.22 - Broken Access Control Vulnerability
S
CVE-2025-47486 WordPress Gutenberg & Elementor Templates Importer For Responsive <= 3.1.9 - Broken Access Control Vulnerability
S
CVE-2025-47487 WordPress MC Woocommerce Wishlist <= 1.9.1 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47488 WordPress Bold Page Builder <= 5.3.2 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47489 WordPress Beds24 Online Booking <= 2.0.29 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47490 WordPress Ultimate WP Mail <= 1.3.4 - SQL Injection Vulnerability
S
CVE-2025-47491 WordPress Contact Form Widget <= 1.4.6 - Cross Site Request Forgery (CSRF) Vulnerability
S
CVE-2025-47492 WordPress Drag and Drop File Upload for Elementor Forms <= 1.4.3 - Arbitrary File Deletion Vulnerability
S
CVE-2025-47493 WordPress Ultimate Blocks <= 3.2.9 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47494 WordPress EventON <= 2.4.1 - Local File Inclusion Vulnerability
S
CVE-2025-47495 WordPress Blockspare <= 3.2.9 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47496 WordPress PublishPress Authors <= 4.7.5 - Local File Inclusion Vulnerability
S
CVE-2025-47497 WordPress Logo Showcase <= 3.0.4 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47498 WordPress Hotel Booking <= 3.6 - Local File Inclusion Vulnerability
S
CVE-2025-47499 WordPress Simple Blog Stats <= 20250416 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47501 WordPress Content Control <= 2.6.1 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47502 WordPress Mollie Forms <= 2.7.12 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47503 WordPress NGG Smart Image Search <= 3.3.3 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47504 WordPress Custom Checkout Fields for WooCommerce <= 1.8.3 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47505 WordPress Product Time Countdown for WooCommerce <= 1.6.2 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47506 WordPress Contextual Related Posts <= 4.0.2 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47507 WordPress Better Search <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47508 WordPress GamiPress <= 7.3.7 - Local File Inclusion Vulnerability
S
CVE-2025-47509 WordPress Top 10 <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47510 WordPress Display Eventbrite Events < 6.3 - Local File Inclusion Vulnerability
S
CVE-2025-47511 WordPress Welcart e-Commerce <= 2.11.13 - Arbitrary File Deletion Vulnerability
S
CVE-2025-47512 WordPress Tainacan plugin <= 0.21.14 - Arbitrary File Deletion vulnerability
S
CVE-2025-47513 WordPress Infocob CRM Forms plugin <= 2.4.0 - Arbitrary File Download vulnerability
S
CVE-2025-47514 WordPress ELI's Related Posts Footer Links and Widget plugin <= 1.2.04.20 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
S
CVE-2025-47515 WordPress WP DPE-GES <= 1.6 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47516 WordPress Time Clock <= 1.2.3 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47517 WordPress Accept Donations with PayPal plugin <= 1.4.5 - CSRF to Stored XSS vulnerability
S
CVE-2025-47518 WordPress Contact Form 7 – PayPal & Stripe Add-on <= 2.3.4 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47519 WordPress Easy PayPal Events <= 1.2.2 - Cross Site Request Forgery (CSRF) Vulnerability
S
CVE-2025-47520 WordPress Charitable <= 1.8.5.1 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47521 WordPress Robo Gallery <= 5.0.2 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47522 WordPress AWEOS WP Lock <= 1.4.8 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47523 WordPress Seznam Webmaster <= 1.4.7 - Cross Site Request Forgery (CSRF) Vulnerability
S
CVE-2025-47524 WordPress Quran multilanguage Text & Audio <= 2.3.23 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47525 WordPress Bold Page Builder <= 5.3.0 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47526 WordPress GS Variation Swatches for WooCommerce <= 3.0.4 - Broken Access Control Vulnerability
S
CVE-2025-47527 WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Broken Access Control Vulnerability
S
CVE-2025-47528 WordPress Ovation Elements <= 1.1.2 - Broken Access Control Vulnerability
S
CVE-2025-47529 WordPress Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Settings Change Vulnerability
S
CVE-2025-47530 WordPress WPFunnels <= 3.5.18 - PHP Object Injection Vulnerability
S
CVE-2025-47531 WordPress XT Event Widget for Social Events <= 1.1.7 - Local File Inclusion Vulnerability
S
CVE-2025-47532 WordPress CoinPayments.net Payment Gateway for WooCommerce <= 1.0.17 - PHP Object Injection Vulnerability
S
CVE-2025-47533 WordPress Graphina plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) to Local File Inclusion vulnerability
S
CVE-2025-47534 WordPress Wordpress Auto Spinner <= 3.25.0 - Broken Access Control Vulnerability
CVE-2025-47535 WordPress Opal Woo Custom Product Variation <= 1.2.0 - Arbitrary File Deletion Vulnerability
S
CVE-2025-47537 WordPress PDF Invoices for WooCommerce + Drag and Drop Template Builder <= 5.3.8 - SQL Injection Vulnerability
S
CVE-2025-47538 WordPress Cart tracking for WooCommerce <= 1.0.17 - SQL Injection Vulnerability
S
CVE-2025-47539 WordPress Eventin <= 4.0.26 - Privilege Escalation Vulnerability
S
CVE-2025-47540 WordPress weMail <= 1.14.13 - Sensitive Data Exposure Vulnerability
S
CVE-2025-47541 WordPress Mail Mint <= 1.17.7 - Sensitive Data Exposure Vulnerability
S
CVE-2025-47542 WordPress Simple calendar for Elementor <= 1.6.5 - Cross Site Request Forgery (CSRF) Vulnerability
S
CVE-2025-47543 WordPress TrueBooker <= 1.0.7 - Cross Site Request Forgery (CSRF) Vulnerability
S
CVE-2025-47544 WordPress Dynamic Pricing With Discount Rules for WooCommerce <= 4.5.8 - SQL Injection Vulnerability
S
CVE-2025-47545 WordPress Poll Maker <= 5.7.7 - Race Condition Vulnerability
S
CVE-2025-47546 WordPress WP Compress <= 6.30.30 - Cross Site Request Forgery (CSRF) Vulnerability
S
CVE-2025-47547 WordPress SendPulse Email Marketing Newsletter <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47548 WordPress Wbcom Designs - Activity Link Preview For BuddyPress <= 1.4.4 - Server Side Request Forgery (SSRF) Vulnerability
S
CVE-2025-47549 WordPress BEAF <= 4.6.10 - Arbitrary File Upload Vulnerability
E S
CVE-2025-47550 WordPress Instantio <= 3.3.16 - Arbitrary File Upload Vulnerability
E S
CVE-2025-47551 WordPress Wiki Embed plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
S
CVE-2025-47556 WordPress CSS3 Compare Pricing Tables for WordPress <= 11.5 - Broken Access Control Vulnerability
CVE-2025-47557 WordPress MapSVG plugin <= 8.5.31 - Cross Site Scripting (XSS) vulnerability
CVE-2025-47558 WordPress MapSVG plugin < 8.6.13 - Broken Access Control vulnerability
S
CVE-2025-47559 WordPress MapSVG plugin <= 8.5.32 - Arbitrary File Upload vulnerability
CVE-2025-47560 WordPress MapSVG plugin < 8.6.13 - Broken Access Control Vulnerability
S
CVE-2025-47561 WordPress MapSVG plugin < 8.6.13 - Privilege Escalation Vulnerability
S
CVE-2025-47562 WordPress MapSVG <= 8.5.34 - Content Injection Vulnerability
CVE-2025-47563 WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability
CVE-2025-47564 WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability
CVE-2025-47565 WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability
CVE-2025-47567 WordPress Video Player & FullScreen Video Background plugin <= 2.4.1 - SQL Injection vulnerability
CVE-2025-47568 WordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerability
CVE-2025-47572 WordPress School Management <= 93.0.0 - Local File Inclusion Vulnerability
CVE-2025-47573 WordPress School Management System Plugin <= 92.0.0 - SQL Injection vulnerability
CVE-2025-47574 WordPress School Management System Plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47575 WordPress School Management plugin <= 92.0.0 - SQL Injection vulnerability
CVE-2025-47576 WordPress Bimber - Viral Magazine WordPress Theme theme <= 9.2.5 - Local File Inclusion vulnerability
CVE-2025-47577 WordPress TI WooCommerce Wishlist < 2.10.0 - Arbitrary File Upload Vulnerability
S
CVE-2025-47578 WordPress BNS Twitter Follow Button plugin <= 0.3.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-47580 WordPress Front End Users plugin <= 3.2.32 - Sensitive Data Exposure vulnerability
CVE-2025-47581 WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - PHP Object Injection vulnerability
CVE-2025-47582 WordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection Vulnerability
CVE-2025-47583 WordPress Salon booking system plugin <= 10.16 - CSRF to Arbitrary Content Deletion vulnerability
CVE-2025-47584 WordPress Photography theme <= 7.5.2 - PHP Object Injection vulnerability
CVE-2025-47585 WordPress Booking and Rental Manager <= 2.3.8 - Broken Access Control Vulnerability
S
CVE-2025-47586 WordPress Motors - Events plugin <= 1.4.7 - Unauthenticated Local File Inclusion vulnerability
CVE-2025-47587 WordPress YaySMTP <= 2.6.4 - SQL Injection Vulnerability
CVE-2025-47589 WordPress Ebook Store <= 5.8007 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47590 WordPress WPSpeed <= 2.6.5 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47591 WordPress Bulk Featured Image <= 1.2.1 - Broken Access Control Vulnerability
CVE-2025-47592 WordPress Legal Terms and Conditions Popup for User Login and WooCommerce Checkout – TPUL <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47593 WordPress Really Simple Under Construction Page <= 1.4.6 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47594 WordPress Soccer Live Scores <= 1.0.5 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47595 WordPress Color Your Bar <= 2.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47596 WordPress Beacon Lead Magnets and Lead Capture <= 1.5.8 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47597 WordPress WP Podcasts Manager <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47598 WordPress History Log by click5 <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47599 WordPress Facturante <= 1.11 - SQL Injection Vulnerability
CVE-2025-47601 WordPress MaxiBlocks plugin <= 2.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2025-47602 WordPress Calculate Prices based on Distance For WooCommerce <= 1.3.5 - Broken Access Control Vulnerability
CVE-2025-47603 WordPress belingoGeo <= 1.12.0 - Arbitrary File Download Vulnerability
CVE-2025-47604 WordPress Inline Related Posts <= 3.8.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47605 WordPress WP jQuery DataTable <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47606 WordPress Simple Giveaways <= 2.48.2 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47607 WordPress Show All Comments <= 7.0.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47608 WordPress Recover abandoned cart for WooCommerce <= 2.5 - SQL Injection Vulnerability
CVE-2025-47609 WordPress EasyMe Connect <= 3.0.3 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47611 WordPress User Meta plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47612 WordPress ClickWhale <= 2.4.6 - Broken Access Control Vulnerability
CVE-2025-47613 WordPress School Management System for Wordpress plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47614 WordPress LessButtons Social Sharing and Statistics plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
CVE-2025-47615 WordPress Amazon Product in a Post <= 5.2.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47616 WordPress aBlocks <= 1.9.2 - Cross Site Scripting (XSS) Vulnerability
S
CVE-2025-47617 WordPress WP Front User Submit / Front Editor <= 4.9.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47618 WordPress BMI Adult & Kid Calculator plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47619 WordPress 6Storage Rentals <= 2.19.4 - Broken Access Control Vulnerability
CVE-2025-47620 WordPress Martins Free Monetized Ad Exchange Network plugin <= 1.0.5 - CSRF to XSS vulnerability
CVE-2025-47621 WordPress Meks Flexible Shortcodes <= 1.3.6 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47622 WordPress Email Notification on Login <= 1.6.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47623 WordPress Easy PayPal Buy Now Button <= 2.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47624 WordPress DoFollow Case by Case <= 3.5.1 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47625 WordPress DoFollow Case by Case <= 3.5.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47626 WordPress Submission DOM tracking for Contact Form 7 <= 2.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47627 WordPress PrivateContent - Mail Actions plugin <= 2.3.2 - Local File Inclusion vulnerability
CVE-2025-47628 WordPress QS Dark Mode <= 3.0 - Broken Access Control Vulnerability
CVE-2025-47629 WordPress WP-CRM System <= 3.4.1 - PHP Object Injection Vulnerability
CVE-2025-47630 WordPress Ajax Load More <= 7.3.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47631 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Privilege Escalation vulnerability
CVE-2025-47632 WordPress Awesome Gallery <= 1.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47633 WordPress Awin – Advertiser Tracking for WooCommerce plugin <= 2.0.0 - CSRF to Product Feed Regeneration vulnerability
CVE-2025-47634 WordPress WC Pickup Store <= 1.8.9 - Settings Change Vulnerability
CVE-2025-47635 WordPress WebinarPress <= 1.33.27 - Server Side Request Forgery (SSRF) Vulnerability
CVE-2025-47636 WordPress List category posts <= 0.90.3 - Local File Inclusion Vulnerability
CVE-2025-47637 WordPress STAGGS <= 2.11.0 - Arbitrary File Upload Vulnerability
S
CVE-2025-47638 WordPress WP Discord Invite <= 2.5.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47639 WordPress Supertext Translation and Proofreading plugin <= 4.25 - CSRF to Stored XSS vulnerability
CVE-2025-47640 WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - SQL Injection Vulnerability
CVE-2025-47641 WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - Arbitrary File Upload Vulnerability
CVE-2025-47642 WordPress Ajar in5 Embed <= 3.1.5 - Arbitrary File Upload Vulnerability
CVE-2025-47643 WordPress ELEX Product Feed for WooCommerce <= 3.1.2 - SQL Injection Vulnerability
CVE-2025-47644 WordPress Integrations of Zoho CRM with Elementor form <= 1.0.7 - Open Redirection Vulnerability
CVE-2025-47646 WordPress PSW Front-end Login & Registration <= 1.13 - Broken Authentication Vulnerability
CVE-2025-47647 WordPress Sidebar Manager Light <= 1.18 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47648 WordPress Pays – WooCommerce Payment Gateway <= 2.6 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47649 WordPress Open Close WooCommerce Store <= 4.9.5 - Local File Inclusion Vulnerability
CVE-2025-47651 WordPress Infility Global <= 2.12.4 - SQL Injection Vulnerability
CVE-2025-47653 WordPress WP-Recall <= 16.26.14 - Local File Inclusion Vulnerability
CVE-2025-47654 WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.20 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47655 WordPress theMarketer plugin <= 1.4.7 - CSRF to Stored XSS vulnerability
CVE-2025-47656 WordPress Spiraclethemes Site Library <= 1.4.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47657 WordPress Productive Commerce <= 1.1.22 - SQL Injection Vulnerability
CVE-2025-47658 WordPress ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.7 - Arbitrary File Upload Vulnerability
CVE-2025-47659 WordPress WPBakery Visual Composer WHMCS Elements <= 1.0.4.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47660 WordPress WC Affiliate <= 2.9.1 - PHP Object Injection Vulnerability
CVE-2025-47661 WordPress 워드프레스 결제 심플페이 <= 5.2.11 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47662 WordPress Woobox <= 1.6 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47663 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability
CVE-2025-47664 WordPress WP Pipes <= 1.4.2 - Server Side Request Forgery (SSRF) Vulnerability
CVE-2025-47665 WordPress N360 | Splash Screen <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47667 WordPress LiveAgent <= 4.4.7 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47668 WordPress CookieCode <= 2.4.4 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47669 WordPress CBX Map for Google Map & OpenStreetMap <= 1.1.12 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47670 WordPress WordPress Social Login and Register <= 7.6.10 - Local File Inclusion Vulnerability
CVE-2025-47671 WordPress Binary MLM Plan <= 3.0 - SQL Injection Vulnerability
CVE-2025-47672 WordPress miniOrange Discord Integration <= 2.2.2 - Local File Inclusion Vulnerability
CVE-2025-47673 WordPress Arconix Shortcodes plugin <= 2.1.16 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2025-47674 WordPress Credova_Financial <= 2.5.0 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47675 WordPress Woobox <= 1.6 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47676 WordPress User Login History <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47677 WordPress Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.25 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47678 WordPress FunnelCockpit plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47679 WordPress RS WP Book Showcase <= 6.7.40 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47680 WordPress xili-tidy-tags plugin <= 1.12.06 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-47681 WordPress Web Accessibility with Max Access <= 2.0.9 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47682 WordPress SMS Alert Order Notifications – WooCommerce <= 3.8.2 - SQL Injection Vulnerability
CVE-2025-47683 WordPress WP Maintenance <= 6.1.9.7 - PHP Object Injection Vulnerability
CVE-2025-47684 WordPress Smaily for WP <= 3.1.6 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-47685 WordPress Contribuinte Checkout plugin <= 2.0.02 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
CVE-2025-47686 WordPress DELUCKS SEO <= 2.5.9 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-47687 WordPress StoreKeeper for WooCommerce <= 14.4.4 - Arbitrary File Upload Vulnerability
CVE-2025-47688 WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerability
CVE-2025-47690 WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2025-47691 WordPress Ultimate Member plugin <= 2.10.3 - Arbitrary Function Call vulnerability
CVE-2025-47692 WordPress ContentStudio <= 1.3.3 - Broken Access Control Vulnerability
CVE-2025-47693 WordPress Fat Services Booking plugin <= 5.5 - Local File Inclusion vulnerability
CVE-2025-47697 Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, ...
CVE-2025-47701 Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047
CVE-2025-47702 oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048
CVE-2025-47703 COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-049
CVE-2025-47704 Klaro Cookie & Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-050
CVE-2025-47705 IFrame Remove Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-051
CVE-2025-47706 Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052
CVE-2025-47707 Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053
CVE-2025-47708 Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054
CVE-2025-47709 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055
CVE-2025-47710 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056
CVE-2025-47711 Nbdkit: nbdkit-server: off-by-one error when processing block status may lead to a denial of service
CVE-2025-47712 Nbd: nbdkit: integer overflow triggers an assertion resulting in denial of service
CVE-2025-47713 Apache CloudStack: Domain Admin can reset Admin password in Root Domain
CVE-2025-47724 Out-of-bounds Write in CNCSoft
CVE-2025-47725 Out-of-bounds Write in CNCSoft
CVE-2025-47726 Out-of-bounds Write in CNCSoft
CVE-2025-47727 Out-of-bounds Write in CNCSoft
CVE-2025-47728 File Parsing Memory Corruption in CNCSoft-G2
CVE-2025-47729 The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL...
KEV
CVE-2025-47730 The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication...
CVE-2025-47732 Microsoft Dataverse Remote Code Execution Vulnerability
CVE-2025-47733 Microsoft Power Apps Information Disclosure Vulnerability
CVE-2025-47735 inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronizati...
E
CVE-2025-47736 dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash i...
E
CVE-2025-47737 lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero....
E
CVE-2025-47748 Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded passwor...
CVE-2025-47749 V-SFT v6.2.5.0 and earlier contains an issue with free of pointer not at start of buffer in VS6EditD...
CVE-2025-47750 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6MemInIF!set_temp_type_de...
CVE-2025-47751 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6EditData!CDataRomErrorCh...
CVE-2025-47752 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6ComFile!MakeItemGlidZahy...
CVE-2025-47753 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CDrawSLine::GetR...
CVE-2025-47754 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!Conv_Macro_Data ...
CVE-2025-47755 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!VS4_SaveEnvFile ...
CVE-2025-47756 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CGamenDataRom::s...
CVE-2025-47757 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6MemInIF.dll!set_plc_type_...
CVE-2025-47758 V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6File!CTxSubFile:...
CVE-2025-47759 V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6ComFile!CV7BaseM...
CVE-2025-47760 V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6MemInIF!set_temp...
CVE-2025-47762 Rejected reason: Not used...
R
CVE-2025-47763 Rejected reason: Not used...
R
CVE-2025-47764 Rejected reason: Not used...
R
CVE-2025-47765 Rejected reason: Not used...
R
CVE-2025-47766 Rejected reason: Not used...
R
CVE-2025-47767 Rejected reason: Not used...
R
CVE-2025-47768 Rejected reason: Not used...
R
CVE-2025-47769 Rejected reason: Not used...
R
CVE-2025-47770 Rejected reason: Not used...
R
CVE-2025-47771 PowSyBl Core allows deserialization of untrusted SparseMatrix data
CVE-2025-47774 Vyper's `slice()` may elide side-effects when output length is 0
CVE-2025-47775 Bullfrog's DNS over TCP bypasses domain filtering
E S
CVE-2025-47777 5ire Client Vulnerable to Cross-Site Scripting (XSS) and Remote Code Execution (RCE)
CVE-2025-47778 Sulu vulnerable to XXE in SVG File upload Inspector
CVE-2025-47779 Using malformed From header can forge identity with ";" or NULL in name portion
CVE-2025-47780 cli_permissions.conf: deny option does not work for disallowing shell commands
CVE-2025-47781 Rallly Insufficient Password Login Token Entropy Leads to Account Takeover
E
CVE-2025-47782 motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
E
CVE-2025-47783 label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.
CVE-2025-47784 Emlog vulnerable to Deserialization of Untrusted Data
CVE-2025-47785 EMLOG SQL Injection Vulnerability
E
CVE-2025-47786 Emlog vulnerable to Stored Cross-site Scripting
E
CVE-2025-47787 Emlog Pro Contains a File Upload Vulnerability
E S
CVE-2025-47788 Missing Path Validation Enables Path Traversal in Controller.php
E
CVE-2025-47789 Horilla Open Redirect Vulnerability in Login
CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout
CVE-2025-47791 Nextcloud Server's test remote endpoint is not rate limited
CVE-2025-47792 Nextcloud Desktop 3rdparty applications can create share links via socket API
CVE-2025-47793 Nextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text file
CVE-2025-47794 Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission
CVE-2025-47809 Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (be...
CVE-2025-47811 In Wing FTP Server through 7.4.4, the administrative web interface (listening by default on port 546...
CVE-2025-47812 In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately ...
CVE-2025-47813 loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the appli...
E
CVE-2025-47814 libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in i...
E
CVE-2025-47815 libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in i...
E
CVE-2025-47816 libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_...
E
CVE-2025-47817 In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parame...
CVE-2025-47818 Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection....
CVE-2025-47819 Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper acce...
CVE-2025-47820 Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code....
CVE-2025-47821 Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system....
CVE-2025-47822 Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug inte...
CVE-2025-47823 Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password ...
CVE-2025-47824 Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of ...
CVE-2025-47827 In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly ve...
E
CVE-2025-47828 Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings....
CVE-2025-47849 Apache CloudStack: Insecure access of user's API/Secret Keys in the same domain
CVE-2025-47850 In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cl...
CVE-2025-47851 In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible...
CVE-2025-47852 In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible...
CVE-2025-47853 In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible...
CVE-2025-47854 In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page...
CVE-2025-47858 Rejected reason: Not used...
R
CVE-2025-47859 Rejected reason: Not used...
R
CVE-2025-47860 Rejected reason: Not used...
R
CVE-2025-47861 Rejected reason: Not used...
R
CVE-2025-47862 Rejected reason: Not used...
R
CVE-2025-47863 Rejected reason: Not used...
R
CVE-2025-47864 Rejected reason: Not used...
R
CVE-2025-47865 A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 cou...
CVE-2025-47866 An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.695...
CVE-2025-47867 A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955...
CVE-2025-47868 Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition.
S
CVE-2025-47869 Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size.
S
CVE-2025-47871 Mattermost Playbooks exposes private channel metadata to unauthorized users via run metadata API
S
CVE-2025-47884 In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID To...
CVE-2025-47885 Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses ...
CVE-2025-47886 A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25...
CVE-2025-47887 Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier ...
CVE-2025-47888 Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname ...
CVE-2025-47889 In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation ...
CVE-2025-47891 Rejected reason: Not used...
R
CVE-2025-47892 Rejected reason: Not used...
R
CVE-2025-47893 Rejected reason: Not used...
R
CVE-2025-47894 Rejected reason: Not used...
R
CVE-2025-47895 Rejected reason: Not used...
R
CVE-2025-47896 Rejected reason: Not used...
R
CVE-2025-47897 Rejected reason: Not used...
R
CVE-2025-47898 Rejected reason: Not used...
R
CVE-2025-47899 Rejected reason: Not used...
R
CVE-2025-47905 Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow clie...
CVE-2025-47916 Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to t...
E
CVE-2025-47928 Spotipy repo vulnerable to secrets exfiltration via `pull_request_target`
CVE-2025-47929 DumbDrop vulnerable to DOM XSS via file upload
CVE-2025-47930 Zulip Server has access control bypass for restrictions on creation of specific channel types
CVE-2025-47931 LibreNMS stored Cross-site Scripting vulnerability in poller group name
E S
CVE-2025-47933 Argo CD allows cross-site scripting on repositories page
CVE-2025-47934 OpenPGP.js's message signature verification can be spoofed
CVE-2025-47935 Multer vulnerable to Denial of Service via memory leaks from unclosed streams
CVE-2025-47936 TYPO3 Vulnerable to Server Side Request Forgery via Webhooks
CVE-2025-47937 TYPO3 Vulnerable to Information Disclosure via DBAL Restriction Handling
CVE-2025-47938 TYPO3 Vulnerable to Unverified Password Change for Backend Users
CVE-2025-47939 TYPO3 CMS Vulnerable to Unrestricted File Upload in File Abstraction Layer
CVE-2025-47940 TYPO3 CMS Vulnerable to Privilege Escalation to System Maintainer
CVE-2025-47941 TYPO3 Has Broken Authentication in Backend MFA
CVE-2025-47942 Learners on edX Platform can download python_lib.zip
CVE-2025-47943 Gogs stored XSS in PDF renderer
E
CVE-2025-47944 Multer vulnerable to Denial of Service from maliciously crafted requests
CVE-2025-47945 Donetick Has Weak Default JWT Secret
E S
CVE-2025-47946 symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute injection via ComponentAttributes
CVE-2025-47947 ModSecurity Has Possible DoS Vulnerability
E S
CVE-2025-47948 Cocotais Bot has builtin .echo command injection
E
CVE-2025-47949 samlify SAML Signature Wrapping attack
CVE-2025-47950 CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification
CVE-2025-47951 Weblate lacks rate limiting when verifying second factor
CVE-2025-47952 Traefik allows path traversal using url encoding
CVE-2025-47953 Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47955 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2025-47956 Windows Security App Spoofing Vulnerability
CVE-2025-47957 Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47959 Visual Studio Remote Code Execution Vulnerability
CVE-2025-47962 Windows SDK Elevation of Privilege Vulnerability
CVE-2025-47963 Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2025-47964 Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2025-47966 Power Automate Elevation of Privilege Vulnerability
CVE-2025-47968 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2025-47969 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
CVE-2025-47971 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2025-47972 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
CVE-2025-47973 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
CVE-2025-47975 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2025-47976 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2025-47977 Nuance Digital Engagement Platform Spoofing Vulnerability
CVE-2025-47978 Windows Kerberos Denial of Service Vulnerability
CVE-2025-47980 Windows Imaging Component Information Disclosure Vulnerability
CVE-2025-47981 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVE-2025-47982 Windows Storage VSP Driver Elevation of Privilege Vulnerability
CVE-2025-47984 Windows GDI Information Disclosure Vulnerability
CVE-2025-47985 Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2025-47986 Universal Print Management Service Elevation of Privilege Vulnerability
CVE-2025-47987 Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
CVE-2025-47988 Azure Monitor Agent Remote Code Execution Vulnerability
CVE-2025-47991 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability
CVE-2025-47993 Microsoft PC Manager Elevation of Privilege Vulnerability
CVE-2025-47994 Microsoft Office Elevation of Privilege Vulnerability
CVE-2025-47996 Windows MBT Transport Driver Elevation of Privilege Vulnerability
CVE-2025-47998 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-47999 Windows Hyper-V Denial of Service Vulnerability
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.