Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 251174 entries
IDDescriptionPriorityModified date
CVE-2025-23965 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Kopatheme Kopa Nictitate Toolkit allows Stored XSS.This issue affects Kopa Nictitate Toolkit: from n/a through 1.0.2. -- Jan 16, 2025
CVE-2025-23963 Missing Authorization vulnerability in Sven Hofmann & Michael Schoenrock Mark Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through 2.2.3. -- Jan 16, 2025
CVE-2025-23962 Missing Authorization vulnerability in Goldstar Goldstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Goldstar: from n/a through 2.1.1. -- Jan 16, 2025
CVE-2025-23961 Missing Authorization vulnerability in WP Tasker WordPress Graphs & Charts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through 2.0.8. -- Jan 16, 2025
CVE-2025-23957 Missing Authorization vulnerability in Sur.ly Sur.ly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sur.ly: from n/a through 3.0.3. -- Jan 16, 2025
CVE-2025-23955 Missing Authorization vulnerability in xola.com Xola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through 1.6. -- Jan 16, 2025
CVE-2025-23954 Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11. -- Jan 16, 2025
CVE-2025-23951 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in DivEngine Gallery: Hybrid – Advanced Visual Gallery allows Stored XSS.This issue affects Gallery: Hybrid – Advanced Visual Gallery: from n/a through 1.4.0.2. -- Jan 16, 2025
CVE-2025-23950 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Said Shiripour EZPlayer allows Stored XSS.This issue affects EZPlayer: from n/a through 1.0.10. -- Jan 16, 2025
CVE-2025-23947 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in M.J WP-Player allows Stored XSS.This issue affects WP-Player: from n/a through 2.6.1. -- Jan 16, 2025
CVE-2025-23946 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in le Pixel Solitaire Enhanced YouTube Shortcode allows Stored XSS.This issue affects Enhanced YouTube Shortcode: from n/a through 2.0.1. -- Jan 16, 2025
CVE-2025-23943 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in arul PDF.js Shortcode allows Stored XSS.This issue affects PDF.js Shortcode: from n/a through 1.0. -- Jan 16, 2025
CVE-2025-23941 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Meinturnierplan.de Team MeinTurnierplan.de Widget Viewer allows Stored XSS.This issue affects MeinTurnierplan.de Widget Viewer: from n/a through 1.1. -- Jan 16, 2025
CVE-2025-23940 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 0.1.1. -- Jan 16, 2025
CVE-2025-23939 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 1.1. -- Jan 16, 2025
CVE-2025-23936 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Harun R. Rayhan (Cr@zy Coder) CC Circle Progress Bar allows Stored XSS.This issue affects CC Circle Progress Bar: from n/a through 1.0.0. -- Jan 16, 2025
CVE-2025-23935 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Magic Plugin Factory Magic Google Maps allows Stored XSS.This issue affects Magic Google Maps: from n/a through 1.0.4. -- Jan 16, 2025
CVE-2025-23934 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PromoSimple Giveaways and Contests by PromoSimple allows Stored XSS.This issue affects Giveaways and Contests by PromoSimple: from n/a through 1.24. -- Jan 16, 2025
CVE-2025-23933 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WpFreeware WpF Ultimate Carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through 1.0.11. -- Jan 16, 2025
CVE-2025-23930 Missing Authorization vulnerability in iTechArt-Group PayPal Marketing Solutions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through 1.2. -- Jan 16, 2025
CVE-2025-23929 Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through 1.0.2. -- Jan 16, 2025
CVE-2025-23928 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Aleksandar Arsovski Google Org Chart allows Stored XSS.This issue affects Google Org Chart: from n/a through 1.0.1. -- Jan 16, 2025
CVE-2025-23927 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Massimo Serpilli Incredible Font Awesome allows Stored XSS.This issue affects Incredible Font Awesome: from n/a through 1.0. -- Jan 16, 2025
CVE-2025-23926 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in TC Ajax WP Query Search Filter allows Stored XSS.This issue affects Ajax WP Query Search Filter: from n/a through 1.0.7. -- Jan 16, 2025
CVE-2025-23925 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jimmy Peña Feedburner Optin Form allows Stored XSS.This issue affects Feedburner Optin Form: from n/a through 0.2.8. -- Jan 16, 2025
CVE-2025-23924 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jérémy Heleine WP Photo Sphere allows Stored XSS.This issue affects WP Photo Sphere: from n/a through 3.8. -- Jan 16, 2025
CVE-2025-23922 Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0. -- Jan 16, 2025
CVE-2025-23919 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ella van Durpe Slides & Presentations allows Code Injection.This issue affects Slides & Presentations: from n/a through 0.0.39. -- Jan 16, 2025
CVE-2025-23917 Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.8. -- Jan 16, 2025
CVE-2025-23916 Missing Authorization vulnerability in Nuanced Media WP Meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through 2.3.0. -- Jan 16, 2025
CVE-2025-23915 Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in Roninwp FAT Event Lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through 1.1. -- Jan 16, 2025
CVE-2025-23913 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in pankajpragma, rahulpragma WordPress Google Map Professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through 1.0. -- Jan 16, 2025
CVE-2025-23912 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Typomedia Foundation WordPress Custom Sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through 2.3. -- Jan 16, 2025
CVE-2025-23911 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Solidres Team Solidres – Hotel booking plugin allows SQL Injection.This issue affects Solidres – Hotel booking plugin: from n/a through 0.9.4. -- Jan 16, 2025
CVE-2025-23909 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Common Ninja Compare Ninja allows Stored XSS.This issue affects Compare Ninja: from n/a through 2.1.0. -- Jan 16, 2025
CVE-2025-23908 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Rami Yushuvaev Pastebin allows Stored XSS.This issue affects Pastebin: from n/a through 1.5. -- Jan 16, 2025
CVE-2025-23907 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in closed SOCIAL.NINJA allows Stored XSS. This issue affects SOCIAL.NINJA: from n/a through 0.2. -- Jan 16, 2025
CVE-2025-23902 Cross-Site Request Forgery (CSRF) vulnerability in Taras Dashkevych Error Notification allows Cross Site Request Forgery.This issue affects Error Notification: from n/a through 0.2.7. -- Jan 16, 2025
CVE-2025-23901 Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal GravatarLocalCache allows Cross Site Request Forgery.This issue affects GravatarLocalCache: from n/a through 1.1.2. -- Jan 16, 2025
CVE-2025-23900 Cross-Site Request Forgery (CSRF) vulnerability in Genkisan Genki Announcement allows Cross Site Request Forgery.This issue affects Genki Announcement: from n/a through 1.4.1. -- Jan 16, 2025
CVE-2025-23899 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BnB Select Ltd Bookalet allows Stored XSS.This issue affects Bookalet: from n/a through 1.0.3. -- Jan 16, 2025
CVE-2025-23898 Cross-Site Request Forgery (CSRF) vulnerability in Ivo Brett – ApplyMetrics Apply with LinkedIn buttons allows Stored XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3. -- Jan 16, 2025
CVE-2025-23897 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Ivo Brett – ApplyMetrics Apply with LinkedIn buttons allows DOM-Based XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3. -- Jan 16, 2025
CVE-2025-23896 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Oncle Tom Mindmeister Shortcode allows DOM-Based XSS.This issue affects Mindmeister Shortcode: from n/a through 1.0. -- Jan 16, 2025
CVE-2025-23895 Cross-Site Request Forgery (CSRF) vulnerability in Dan Cameron Add RSS allows Stored XSS.This issue affects Add RSS: from n/a through 1.5. -- Jan 16, 2025
CVE-2025-23893 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Manuel Costales GMap Shortcode allows DOM-Based XSS.This issue affects GMap Shortcode: from n/a through 2.0. -- Jan 16, 2025
CVE-2025-23892 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. -- Jan 16, 2025
CVE-2025-23891 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Vincent Loy Yet Another Countdown allows DOM-Based XSS.This issue affects Yet Another Countdown: from n/a through 1.0.1. -- Jan 16, 2025
CVE-2025-23890 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tom Ewer and Tito Pandu Easy Tweet Embed allows DOM-Based XSS.This issue affects Easy Tweet Embed: from n/a through 1.7. -- Jan 16, 2025
CVE-2025-23887 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Scott Allan Wallick Blog Summary allows Stored XSS.This issue affects Blog Summary: from n/a through 0.1.2 ?. -- Jan 16, 2025
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online