Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 251985 entries
IDDescriptionPriorityModified date
CVE-2025-23818 Cross-Site Request Forgery (CSRF) vulnerability in Peggy Kuo More Link Modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through 1.0.3. -- Jan 16, 2025
CVE-2025-23817 Cross-Site Request Forgery (CSRF) vulnerability in Mahadir Ahmad MHR-Custom-Anti-Copy allows Stored XSS.This issue affects MHR-Custom-Anti-Copy: from n/a through 2.0. -- Jan 16, 2025
CVE-2025-23816 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4. -- Jan 16, 2025
CVE-2025-23815 Cross-Site Request Forgery (CSRF) vulnerability in linickx root Cookie allows Cross Site Request Forgery. This issue affects root Cookie: from n/a through 1.6. -- Jan 16, 2025
CVE-2025-23812 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Contact Form 7 Round Robin Lead Distribution allows Reflected XSS. This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through 1.2.1. -- Jan 22, 2025
CVE-2025-23811 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound WP2APP allows Reflected XSS. This issue affects WP2APP: from n/a through 2.6.2. -- Jan 22, 2025
CVE-2025-23810 Cross-Site Request Forgery (CSRF) vulnerability in Igor Sazonov Len Slider allows Reflected XSS.This issue affects Len Slider: from n/a through 2.0.11. -- Jan 16, 2025
CVE-2025-23809 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Blue Wrench Video Widget allows Reflected XSS. This issue affects Blue Wrench Video Widget: from n/a through 2.1.0. -- Jan 22, 2025
CVE-2025-23808 Cross-Site Request Forgery (CSRF) vulnerability in Matt van Andel Custom List Table Example allows Reflected XSS.This issue affects Custom List Table Example: from n/a through 1.4.1. -- Jan 16, 2025
CVE-2025-23807 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jimmy Hu Spiderpowa Embed PDF allows Stored XSS.This issue affects Spiderpowa Embed PDF: from n/a through 1.0. -- Jan 16, 2025
CVE-2025-23806 Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer Ultimate Subscribe allows Reflected XSS. This issue affects Ultimate Subscribe: from n/a through 1.3. -- Jan 22, 2025
CVE-2025-23805 Cross-Site Request Forgery (CSRF) vulnerability in SEOReseller Team SEOReseller Partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through 1.3.15. -- Jan 16, 2025
CVE-2025-23804 Cross-Site Request Forgery (CSRF) vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net allows Reflected XSS.This issue affects WP Service Payment Form With Authorize.net: from n/a through 2.6.0. -- Jan 16, 2025
CVE-2025-23803 Cross-Site Request Forgery (CSRF) vulnerability in PQINA Snippy allows Reflected XSS. This issue affects Snippy: from n/a through 1.4.1. -- Jan 22, 2025
CVE-2025-23802 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Steven Soehl WP-Revive Adserver allows Stored XSS.This issue affects WP-Revive Adserver: from n/a through 2.2.1. -- Jan 16, 2025
CVE-2025-23801 Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Guy Style Admin allows Stored XSS.This issue affects Style Admin: from n/a through 1.4.3. -- Jan 16, 2025
CVE-2025-23800 Cross-Site Request Forgery (CSRF) vulnerability in David Hamilton OrangeBox allows Cross Site Request Forgery.This issue affects OrangeBox: from n/a through 3.0.0. -- Jan 16, 2025
CVE-2025-23798 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Eliott Robson Mass Messaging in BuddyPress allows Reflected XSS. This issue affects Mass Messaging in BuddyPress: from n/a through 2.2.1. -- Jan 22, 2025
CVE-2025-23797 Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through 1.1. -- Jan 16, 2025
CVE-2025-23796 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tushar Patel Easy Portfolio allows Stored XSS.This issue affects Easy Portfolio: from n/a through 1.3. -- Jan 16, 2025
CVE-2025-23795 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Gold Plugins Easy FAQs allows Stored XSS.This issue affects Easy FAQs: from n/a through 3.2.1. -- Jan 16, 2025
CVE-2025-23794 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in rccoder wp_amaps allows Stored XSS.This issue affects wp_amaps: from n/a through 1.7. -- Jan 16, 2025
CVE-2025-23793 Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Auto FTP allows Stored XSS. This issue affects Auto FTP: from n/a through 1.0.1. -- Jan 16, 2025
CVE-2025-23791 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in RocaPress Horizontal Line Shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode: from n/a through 1.0. -- Jan 16, 2025
CVE-2025-23785 Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through 1.4. -- Jan 16, 2025
CVE-2025-23784 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in NotFound Contact Form 7 Round Robin Lead Distribution allows SQL Injection. This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through 1.2.1. -- Jan 22, 2025
CVE-2025-23783 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in carrotbits Greek Namedays Widget From Eortologio.Net allows Stored XSS.This issue affects Greek Namedays Widget From Eortologio.Net: from n/a through 20191113. -- Jan 16, 2025
CVE-2025-23781 Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WM Options Import Export allows Retrieve Embedded Sensitive Data. This issue affects WM Options Import Export: from n/a through 1.0.1. -- Jan 22, 2025
CVE-2025-23780 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in AlphaBPO Easy Code Snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through 1.0.2. -- Jan 16, 2025
CVE-2025-23779 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in web-mv.de ResAds allows SQL Injection.This issue affects ResAds: from n/a through 2.0.5. -- Jan 16, 2025
CVE-2025-23778 Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through 1.3.2. -- Jan 16, 2025
CVE-2025-23777 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Willows Consulting Ltd. GDPR Personal Data Reports allows Stored XSS.This issue affects GDPR Personal Data Reports: from n/a through 1.0.5. -- Jan 16, 2025
CVE-2025-23776 Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2. -- Jan 16, 2025
CVE-2025-23775 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WWP GMAPS for WPBakery Page Builder Free allows Stored XSS.This issue affects GMAPS for WPBakery Page Builder Free: from n/a through 1.2. -- Jan 16, 2025
CVE-2025-23774 Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WPDB to Sql allows Retrieve Embedded Sensitive Data. This issue affects WPDB to Sql: from n/a through 1.2. -- Jan 22, 2025
CVE-2025-23772 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Eugenio Petullà imaGenius allows Stored XSS.This issue affects imaGenius: from n/a through 1.7. -- Jan 16, 2025
CVE-2025-23770 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Fast Tube allows Reflected XSS. This issue affects Fast Tube: from n/a through 2.3.1. -- Jan 22, 2025
CVE-2025-23769 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Content Mirror allows Reflected XSS. This issue affects Content Mirror: from n/a through 1.2. -- Jan 22, 2025
CVE-2025-23768 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound InFunding allows Reflected XSS. This issue affects InFunding: from n/a through 1.0. -- Jan 22, 2025
CVE-2025-23767 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Revolutionart Marmoset Viewer allows Stored XSS.This issue affects Marmoset Viewer: from n/a through 1.9.3. -- Jan 16, 2025
CVE-2025-23765 Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER allows Cross Site Request Forgery.This issue affects W3SPEEDSTER: from n/a through 7.33. -- Jan 16, 2025
CVE-2025-23764 Missing Authorization vulnerability in Ujjaval Jani Copy Move Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Copy Move Posts: from n/a through 1.6. -- Jan 16, 2025
CVE-2025-23761 Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2. -- Jan 16, 2025
CVE-2025-23760 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1. -- Jan 16, 2025
CVE-2025-23758 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Pootle button allows Reflected XSS. This issue affects Pootle button: from n/a through 1.2.0. -- Jan 22, 2025
CVE-2025-23749 Cross-Site Request Forgery (CSRF) vulnerability in Mahdi Khaksar mybb Last Topics allows Stored XSS.This issue affects mybb Last Topics: from n/a through 1.0. -- Jan 16, 2025
CVE-2025-23746 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound CMC MIGRATE allows Reflected XSS. This issue affects CMC MIGRATE: from n/a through 0.0.3. -- Jan 22, 2025
CVE-2025-23745 Cross-Site Request Forgery (CSRF) vulnerability in Tussendoor internet & marketing Call me Now allows Stored XSS.This issue affects Call me Now: from n/a through 1.0.5. -- Jan 16, 2025
CVE-2025-23743 Cross-Site Request Forgery (CSRF) vulnerability in Martijn Scheybeler Social Analytics allows Stored XSS.This issue affects Social Analytics: from n/a through 0.2. -- Jan 16, 2025
CVE-2025-23733 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in sayocode SC Simple Zazzle allows Reflected XSS. This issue affects SC Simple Zazzle: from n/a through 1.1.6. -- Jan 23, 2025
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online