The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2025-23965 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Kopatheme Kopa Nictitate Toolkit allows Stored XSS.This issue affects Kopa Nictitate Toolkit: from n/a through 1.0.2. | -- | Jan 16, 2025 |
CVE-2025-23963 | Missing Authorization vulnerability in Sven Hofmann & Michael Schoenrock Mark Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through 2.2.3. | -- | Jan 16, 2025 |
CVE-2025-23962 | Missing Authorization vulnerability in Goldstar Goldstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Goldstar: from n/a through 2.1.1. | -- | Jan 16, 2025 |
CVE-2025-23961 | Missing Authorization vulnerability in WP Tasker WordPress Graphs & Charts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through 2.0.8. | -- | Jan 16, 2025 |
CVE-2025-23957 | Missing Authorization vulnerability in Sur.ly Sur.ly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sur.ly: from n/a through 3.0.3. | -- | Jan 16, 2025 |
CVE-2025-23955 | Missing Authorization vulnerability in xola.com Xola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through 1.6. | -- | Jan 16, 2025 |
CVE-2025-23954 | Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11. | -- | Jan 16, 2025 |
CVE-2025-23951 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in DivEngine Gallery: Hybrid – Advanced Visual Gallery allows Stored XSS.This issue affects Gallery: Hybrid – Advanced Visual Gallery: from n/a through 1.4.0.2. | -- | Jan 16, 2025 |
CVE-2025-23950 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Said Shiripour EZPlayer allows Stored XSS.This issue affects EZPlayer: from n/a through 1.0.10. | -- | Jan 16, 2025 |
CVE-2025-23947 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in M.J WP-Player allows Stored XSS.This issue affects WP-Player: from n/a through 2.6.1. | -- | Jan 16, 2025 |
CVE-2025-23946 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in le Pixel Solitaire Enhanced YouTube Shortcode allows Stored XSS.This issue affects Enhanced YouTube Shortcode: from n/a through 2.0.1. | -- | Jan 16, 2025 |
CVE-2025-23943 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in arul PDF.js Shortcode allows Stored XSS.This issue affects PDF.js Shortcode: from n/a through 1.0. | -- | Jan 16, 2025 |
CVE-2025-23941 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Meinturnierplan.de Team MeinTurnierplan.de Widget Viewer allows Stored XSS.This issue affects MeinTurnierplan.de Widget Viewer: from n/a through 1.1. | -- | Jan 16, 2025 |
CVE-2025-23940 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 0.1.1. | -- | Jan 16, 2025 |
CVE-2025-23939 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 1.1. | -- | Jan 16, 2025 |
CVE-2025-23936 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Harun R. Rayhan (Cr@zy Coder) CC Circle Progress Bar allows Stored XSS.This issue affects CC Circle Progress Bar: from n/a through 1.0.0. | -- | Jan 16, 2025 |
CVE-2025-23935 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Magic Plugin Factory Magic Google Maps allows Stored XSS.This issue affects Magic Google Maps: from n/a through 1.0.4. | -- | Jan 16, 2025 |
CVE-2025-23934 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PromoSimple Giveaways and Contests by PromoSimple allows Stored XSS.This issue affects Giveaways and Contests by PromoSimple: from n/a through 1.24. | -- | Jan 16, 2025 |
CVE-2025-23933 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WpFreeware WpF Ultimate Carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through 1.0.11. | -- | Jan 16, 2025 |
CVE-2025-23930 | Missing Authorization vulnerability in iTechArt-Group PayPal Marketing Solutions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through 1.2. | -- | Jan 16, 2025 |
CVE-2025-23929 | Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through 1.0.2. | -- | Jan 16, 2025 |
CVE-2025-23928 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Aleksandar Arsovski Google Org Chart allows Stored XSS.This issue affects Google Org Chart: from n/a through 1.0.1. | -- | Jan 16, 2025 |
CVE-2025-23927 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Massimo Serpilli Incredible Font Awesome allows Stored XSS.This issue affects Incredible Font Awesome: from n/a through 1.0. | -- | Jan 16, 2025 |
CVE-2025-23926 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in TC Ajax WP Query Search Filter allows Stored XSS.This issue affects Ajax WP Query Search Filter: from n/a through 1.0.7. | -- | Jan 16, 2025 |
CVE-2025-23925 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jimmy Peña Feedburner Optin Form allows Stored XSS.This issue affects Feedburner Optin Form: from n/a through 0.2.8. | -- | Jan 16, 2025 |
CVE-2025-23924 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jérémy Heleine WP Photo Sphere allows Stored XSS.This issue affects WP Photo Sphere: from n/a through 3.8. | -- | Jan 16, 2025 |
CVE-2025-23922 | Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0. | -- | Jan 16, 2025 |
CVE-2025-23919 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ella van Durpe Slides & Presentations allows Code Injection.This issue affects Slides & Presentations: from n/a through 0.0.39. | -- | Jan 16, 2025 |
CVE-2025-23917 | Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.8. | -- | Jan 16, 2025 |
CVE-2025-23916 | Missing Authorization vulnerability in Nuanced Media WP Meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through 2.3.0. | -- | Jan 16, 2025 |
CVE-2025-23915 | Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in Roninwp FAT Event Lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through 1.1. | -- | Jan 16, 2025 |
CVE-2025-23913 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in pankajpragma, rahulpragma WordPress Google Map Professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through 1.0. | -- | Jan 16, 2025 |
CVE-2025-23912 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Typomedia Foundation WordPress Custom Sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through 2.3. | -- | Jan 16, 2025 |
CVE-2025-23911 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Solidres Team Solidres – Hotel booking plugin allows SQL Injection.This issue affects Solidres – Hotel booking plugin: from n/a through 0.9.4. | -- | Jan 16, 2025 |
CVE-2025-23909 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Common Ninja Compare Ninja allows Stored XSS.This issue affects Compare Ninja: from n/a through 2.1.0. | -- | Jan 16, 2025 |
CVE-2025-23908 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Rami Yushuvaev Pastebin allows Stored XSS.This issue affects Pastebin: from n/a through 1.5. | -- | Jan 16, 2025 |
CVE-2025-23907 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in closed SOCIAL.NINJA allows Stored XSS. This issue affects SOCIAL.NINJA: from n/a through 0.2. | -- | Jan 16, 2025 |
CVE-2025-23902 | Cross-Site Request Forgery (CSRF) vulnerability in Taras Dashkevych Error Notification allows Cross Site Request Forgery.This issue affects Error Notification: from n/a through 0.2.7. | -- | Jan 16, 2025 |
CVE-2025-23901 | Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal GravatarLocalCache allows Cross Site Request Forgery.This issue affects GravatarLocalCache: from n/a through 1.1.2. | -- | Jan 16, 2025 |
CVE-2025-23900 | Cross-Site Request Forgery (CSRF) vulnerability in Genkisan Genki Announcement allows Cross Site Request Forgery.This issue affects Genki Announcement: from n/a through 1.4.1. | -- | Jan 16, 2025 |
CVE-2025-23899 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BnB Select Ltd Bookalet allows Stored XSS.This issue affects Bookalet: from n/a through 1.0.3. | -- | Jan 16, 2025 |
CVE-2025-23898 | Cross-Site Request Forgery (CSRF) vulnerability in Ivo Brett – ApplyMetrics Apply with LinkedIn buttons allows Stored XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3. | -- | Jan 16, 2025 |
CVE-2025-23897 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Ivo Brett – ApplyMetrics Apply with LinkedIn buttons allows DOM-Based XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3. | -- | Jan 16, 2025 |
CVE-2025-23896 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Oncle Tom Mindmeister Shortcode allows DOM-Based XSS.This issue affects Mindmeister Shortcode: from n/a through 1.0. | -- | Jan 16, 2025 |
CVE-2025-23895 | Cross-Site Request Forgery (CSRF) vulnerability in Dan Cameron Add RSS allows Stored XSS.This issue affects Add RSS: from n/a through 1.5. | -- | Jan 16, 2025 |
CVE-2025-23893 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Manuel Costales GMap Shortcode allows DOM-Based XSS.This issue affects GMap Shortcode: from n/a through 2.0. | -- | Jan 16, 2025 |
CVE-2025-23892 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. | -- | Jan 16, 2025 |
CVE-2025-23891 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Vincent Loy Yet Another Countdown allows DOM-Based XSS.This issue affects Yet Another Countdown: from n/a through 1.0.1. | -- | Jan 16, 2025 |
CVE-2025-23890 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tom Ewer and Tito Pandu Easy Tweet Embed allows DOM-Based XSS.This issue affects Easy Tweet Embed: from n/a through 1.7. | -- | Jan 16, 2025 |
CVE-2025-23887 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Scott Allan Wallick Blog Summary allows Stored XSS.This issue affects Blog Summary: from n/a through 0.1.2 ?. | -- | Jan 16, 2025 |