The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2025-23818 | Cross-Site Request Forgery (CSRF) vulnerability in Peggy Kuo More Link Modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through 1.0.3. | -- | Jan 16, 2025 |
CVE-2025-23817 | Cross-Site Request Forgery (CSRF) vulnerability in Mahadir Ahmad MHR-Custom-Anti-Copy allows Stored XSS.This issue affects MHR-Custom-Anti-Copy: from n/a through 2.0. | -- | Jan 16, 2025 |
CVE-2025-23816 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4. | -- | Jan 16, 2025 |
CVE-2025-23815 | Cross-Site Request Forgery (CSRF) vulnerability in linickx root Cookie allows Cross Site Request Forgery. This issue affects root Cookie: from n/a through 1.6. | -- | Jan 16, 2025 |
CVE-2025-23812 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Contact Form 7 Round Robin Lead Distribution allows Reflected XSS. This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through 1.2.1. | -- | Jan 22, 2025 |
CVE-2025-23811 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound WP2APP allows Reflected XSS. This issue affects WP2APP: from n/a through 2.6.2. | -- | Jan 22, 2025 |
CVE-2025-23810 | Cross-Site Request Forgery (CSRF) vulnerability in Igor Sazonov Len Slider allows Reflected XSS.This issue affects Len Slider: from n/a through 2.0.11. | -- | Jan 16, 2025 |
CVE-2025-23809 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Blue Wrench Video Widget allows Reflected XSS. This issue affects Blue Wrench Video Widget: from n/a through 2.1.0. | -- | Jan 22, 2025 |
CVE-2025-23808 | Cross-Site Request Forgery (CSRF) vulnerability in Matt van Andel Custom List Table Example allows Reflected XSS.This issue affects Custom List Table Example: from n/a through 1.4.1. | -- | Jan 16, 2025 |
CVE-2025-23807 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jimmy Hu Spiderpowa Embed PDF allows Stored XSS.This issue affects Spiderpowa Embed PDF: from n/a through 1.0. | -- | Jan 16, 2025 |
CVE-2025-23806 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFarmer Ultimate Subscribe allows Reflected XSS. This issue affects Ultimate Subscribe: from n/a through 1.3. | -- | Jan 22, 2025 |
CVE-2025-23805 | Cross-Site Request Forgery (CSRF) vulnerability in SEOReseller Team SEOReseller Partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through 1.3.15. | -- | Jan 16, 2025 |
CVE-2025-23804 | Cross-Site Request Forgery (CSRF) vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net allows Reflected XSS.This issue affects WP Service Payment Form With Authorize.net: from n/a through 2.6.0. | -- | Jan 16, 2025 |
CVE-2025-23803 | Cross-Site Request Forgery (CSRF) vulnerability in PQINA Snippy allows Reflected XSS. This issue affects Snippy: from n/a through 1.4.1. | -- | Jan 22, 2025 |
CVE-2025-23802 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Steven Soehl WP-Revive Adserver allows Stored XSS.This issue affects WP-Revive Adserver: from n/a through 2.2.1. | -- | Jan 16, 2025 |
CVE-2025-23801 | Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Guy Style Admin allows Stored XSS.This issue affects Style Admin: from n/a through 1.4.3. | -- | Jan 16, 2025 |
CVE-2025-23800 | Cross-Site Request Forgery (CSRF) vulnerability in David Hamilton OrangeBox allows Cross Site Request Forgery.This issue affects OrangeBox: from n/a through 3.0.0. | -- | Jan 16, 2025 |
CVE-2025-23798 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Eliott Robson Mass Messaging in BuddyPress allows Reflected XSS. This issue affects Mass Messaging in BuddyPress: from n/a through 2.2.1. | -- | Jan 22, 2025 |
CVE-2025-23797 | Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through 1.1. | -- | Jan 16, 2025 |
CVE-2025-23796 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tushar Patel Easy Portfolio allows Stored XSS.This issue affects Easy Portfolio: from n/a through 1.3. | -- | Jan 16, 2025 |
CVE-2025-23795 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Gold Plugins Easy FAQs allows Stored XSS.This issue affects Easy FAQs: from n/a through 3.2.1. | -- | Jan 16, 2025 |
CVE-2025-23794 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in rccoder wp_amaps allows Stored XSS.This issue affects wp_amaps: from n/a through 1.7. | -- | Jan 16, 2025 |
CVE-2025-23793 | Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Auto FTP allows Stored XSS. This issue affects Auto FTP: from n/a through 1.0.1. | -- | Jan 16, 2025 |
CVE-2025-23791 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in RocaPress Horizontal Line Shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode: from n/a through 1.0. | -- | Jan 16, 2025 |
CVE-2025-23785 | Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through 1.4. | -- | Jan 16, 2025 |
CVE-2025-23784 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in NotFound Contact Form 7 Round Robin Lead Distribution allows SQL Injection. This issue affects Contact Form 7 Round Robin Lead Distribution: from n/a through 1.2.1. | -- | Jan 22, 2025 |
CVE-2025-23783 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in carrotbits Greek Namedays Widget From Eortologio.Net allows Stored XSS.This issue affects Greek Namedays Widget From Eortologio.Net: from n/a through 20191113. | -- | Jan 16, 2025 |
CVE-2025-23781 | Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WM Options Import Export allows Retrieve Embedded Sensitive Data. This issue affects WM Options Import Export: from n/a through 1.0.1. | -- | Jan 22, 2025 |
CVE-2025-23780 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in AlphaBPO Easy Code Snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through 1.0.2. | -- | Jan 16, 2025 |
CVE-2025-23779 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in web-mv.de ResAds allows SQL Injection.This issue affects ResAds: from n/a through 2.0.5. | -- | Jan 16, 2025 |
CVE-2025-23778 | Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through 1.3.2. | -- | Jan 16, 2025 |
CVE-2025-23777 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Willows Consulting Ltd. GDPR Personal Data Reports allows Stored XSS.This issue affects GDPR Personal Data Reports: from n/a through 1.0.5. | -- | Jan 16, 2025 |
CVE-2025-23776 | Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2. | -- | Jan 16, 2025 |
CVE-2025-23775 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WWP GMAPS for WPBakery Page Builder Free allows Stored XSS.This issue affects GMAPS for WPBakery Page Builder Free: from n/a through 1.2. | -- | Jan 16, 2025 |
CVE-2025-23774 | Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WPDB to Sql allows Retrieve Embedded Sensitive Data. This issue affects WPDB to Sql: from n/a through 1.2. | -- | Jan 22, 2025 |
CVE-2025-23772 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Eugenio Petullà imaGenius allows Stored XSS.This issue affects imaGenius: from n/a through 1.7. | -- | Jan 16, 2025 |
CVE-2025-23770 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Fast Tube allows Reflected XSS. This issue affects Fast Tube: from n/a through 2.3.1. | -- | Jan 22, 2025 |
CVE-2025-23769 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Content Mirror allows Reflected XSS. This issue affects Content Mirror: from n/a through 1.2. | -- | Jan 22, 2025 |
CVE-2025-23768 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound InFunding allows Reflected XSS. This issue affects InFunding: from n/a through 1.0. | -- | Jan 22, 2025 |
CVE-2025-23767 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Revolutionart Marmoset Viewer allows Stored XSS.This issue affects Marmoset Viewer: from n/a through 1.9.3. | -- | Jan 16, 2025 |
CVE-2025-23765 | Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER allows Cross Site Request Forgery.This issue affects W3SPEEDSTER: from n/a through 7.33. | -- | Jan 16, 2025 |
CVE-2025-23764 | Missing Authorization vulnerability in Ujjaval Jani Copy Move Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Copy Move Posts: from n/a through 1.6. | -- | Jan 16, 2025 |
CVE-2025-23761 | Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2. | -- | Jan 16, 2025 |
CVE-2025-23760 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1. | -- | Jan 16, 2025 |
CVE-2025-23758 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Pootle button allows Reflected XSS. This issue affects Pootle button: from n/a through 1.2.0. | -- | Jan 22, 2025 |
CVE-2025-23749 | Cross-Site Request Forgery (CSRF) vulnerability in Mahdi Khaksar mybb Last Topics allows Stored XSS.This issue affects mybb Last Topics: from n/a through 1.0. | -- | Jan 16, 2025 |
CVE-2025-23746 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound CMC MIGRATE allows Reflected XSS. This issue affects CMC MIGRATE: from n/a through 0.0.3. | -- | Jan 22, 2025 |
CVE-2025-23745 | Cross-Site Request Forgery (CSRF) vulnerability in Tussendoor internet & marketing Call me Now allows Stored XSS.This issue affects Call me Now: from n/a through 1.0.5. | -- | Jan 16, 2025 |
CVE-2025-23743 | Cross-Site Request Forgery (CSRF) vulnerability in Martijn Scheybeler Social Analytics allows Stored XSS.This issue affects Social Analytics: from n/a through 0.2. | -- | Jan 16, 2025 |
CVE-2025-23733 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in sayocode SC Simple Zazzle allows Reflected XSS. This issue affects SC Simple Zazzle: from n/a through 1.1.6. | -- | Jan 23, 2025 |