Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 253568 entries
IDDescriptionPriorityModified date
CVE-2025-24659 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in WordPress Download Manager Premium Packages allows Blind SQL Injection. This issue affects Premium Packages: from n/a through 5.9.6. -- Jan 24, 2025
CVE-2025-24658 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Joe Hawes Auction Nudge – Your eBay on Your Site allows Stored XSS. This issue affects Auction Nudge – Your eBay on Your Site: from n/a through 7.2.0. -- Jan 24, 2025
CVE-2025-24657 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WebToffee Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 2.1.2. -- Jan 24, 2025
CVE-2025-24656 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Realtyna Realtyna Provisioning allows Reflected XSS. This issue affects Realtyna Provisioning: from n/a through 1.2.2. -- Feb 3, 2025
CVE-2025-24653 Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1. -- Jan 27, 2025
CVE-2025-24652 Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6. -- Jan 24, 2025
CVE-2025-24650 Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3. -- Jan 24, 2025
CVE-2025-24649 Missing Authorization vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2. -- Jan 24, 2025
CVE-2025-24648 Incorrect Privilege Assignment vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.1. -- Feb 4, 2025
CVE-2025-24647 Cross-Site Request Forgery (CSRF) vulnerability in datafeedr.com WooCommerce Cloak Affiliate Links allows Cross Site Request Forgery. This issue affects WooCommerce Cloak Affiliate Links: from n/a through 1.0.35. -- Jan 24, 2025
CVE-2025-24646 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Maxim Glazunov XML for Avito allows Reflected XSS. This issue affects XML for Avito: from n/a through 2.5.2. -- Feb 3, 2025
CVE-2025-24644 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Stored XSS. This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.7.1. -- Jan 24, 2025
CVE-2025-24643 Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0. -- Feb 3, 2025
CVE-2025-24642 Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Setup Default Featured Image: from n/a through 1.2. -- Feb 3, 2025
CVE-2025-24639 Insertion of Sensitive Information Into Sent Data vulnerability in GREYS Korea for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Korea for WooCommerce: from n/a through 1.1.11. -- Feb 3, 2025
CVE-2025-24638 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pete Dring Create with Code allows DOM-Based XSS. This issue affects Create with Code: from n/a through 1.4. -- Jan 24, 2025
CVE-2025-24636 Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologies LLC MachForm Shortcode allows Stored XSS. This issue affects MachForm Shortcode: from n/a through 1.4.1. -- Jan 24, 2025
CVE-2025-24635 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Paytm Paytm Payment Donation allows Reflected XSS. This issue affects Paytm Payment Donation: from n/a through 2.3.1. -- Jan 31, 2025
CVE-2025-24634 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Svetoslav Marinov (Slavi) Orbisius Simple Notice allows Stored XSS. This issue affects Orbisius Simple Notice: from n/a through 1.1.3. -- Jan 24, 2025
CVE-2025-24633 Missing Authorization vulnerability in silverplugins217 Build Private Store For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Build Private Store For Woocommerce: from n/a through 1.0. -- Jan 24, 2025
CVE-2025-24632 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce allows Reflected XSS. This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.9.0. -- Jan 31, 2025
CVE-2025-24631 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PhiloPress BP Email Assign Templates allows Reflected XSS. This issue affects BP Email Assign Templates: from n/a through 1.5. -- Feb 3, 2025
CVE-2025-24630 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in MantraBrain Sikshya LMS allows Reflected XSS. This issue affects Sikshya LMS: from n/a through 0.0.21. -- Feb 3, 2025
CVE-2025-24629 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPGear Import Excel to Gravity Forms allows Reflected XSS. This issue affects Import Excel to Gravity Forms: from n/a through 1.18. -- Feb 3, 2025
CVE-2025-24628 Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78. -- Jan 27, 2025
CVE-2025-24627 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Linnea Huxford, LinSoftware Blur Text allows Stored XSS. This issue affects Blur Text: from n/a through 1.0.0. -- Jan 24, 2025
CVE-2025-24626 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CodePeople Music Store allows Reflected XSS. This issue affects Music Store: from n/a through 1.1.19. -- Jan 27, 2025
CVE-2025-24625 Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/a through 5.1. -- Jan 24, 2025
CVE-2025-24623 Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Security Really Simple SSL allows Cross Site Request Forgery. This issue affects Really Simple SSL: from n/a through 9.1.4. -- Jan 24, 2025
CVE-2025-24622 Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Job Board Manager allows Cross Site Request Forgery. This issue affects Job Board Manager: from n/a through 2.1.59. -- Jan 24, 2025
CVE-2025-24620 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound AIO Shortcodes allows Stored XSS. This issue affects AIO Shortcodes: from n/a through 1.3. -- Feb 3, 2025
CVE-2025-24618 Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1. -- Jan 24, 2025
CVE-2025-24613 Missing Authorization vulnerability in Foliovision FV Thoughtful Comments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FV Thoughtful Comments: from n/a through 0.3.5. -- Jan 24, 2025
CVE-2025-24612 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in MORKVA Shipping for Nova Poshta allows SQL Injection. This issue affects Shipping for Nova Poshta: from n/a through 1.19.6. -- Jan 27, 2025
CVE-2025-24611 Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Smackcoders WP Ultimate Exporter allows Absolute Path Traversal. This issue affects WP Ultimate Exporter: from n/a through 2.9. -- Jan 24, 2025
CVE-2025-24610 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Christian Leuenberg, L.net Web Solutions Restrict Anonymous Access allows Stored XSS. This issue affects Restrict Anonymous Access: from n/a through 1.2. -- Jan 24, 2025
CVE-2025-24609 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PortOne PORTONE ???? ?? allows Reflected XSS. This issue affects PORTONE ???? ??: from n/a through 3.2.4. -- Jan 31, 2025
CVE-2025-24608 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Milan Petrovic GD Mail Queue allows Reflected XSS. This issue affects GD Mail Queue: from n/a through 4.3. -- Jan 31, 2025
CVE-2025-24606 Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.1. -- Jan 27, 2025
CVE-2025-24605 Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in realmag777 WOLF allows Path Traversal. This issue affects WOLF: from n/a through 1.0.8.5. -- Feb 3, 2025
CVE-2025-24604 Missing Authorization vulnerability in Vikas Ratudi VForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VForm: from n/a through 3.0.5. -- Jan 24, 2025
CVE-2025-24603 Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce products/orders. This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.10. -- Jan 27, 2025
CVE-2025-24602 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP24 WP24 Domain Check allows Reflected XSS. This issue affects WP24 Domain Check: from n/a through 1.10.14. -- Feb 4, 2025
CVE-2025-24601 Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection. This issue affects FundPress: from n/a through 2.0.6. -- Jan 27, 2025
CVE-2025-24600 Missing Authorization vulnerability in David F. Carr RSVPMarker . This issue affects RSVPMarker : from n/a through 11.4.5. -- Jan 27, 2025
CVE-2025-24599 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tribulant Newsletters allows Reflected XSS. This issue affects Newsletters: from n/a through 4.9.9.6. -- Feb 4, 2025
CVE-2025-24598 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.17.0. -- Feb 4, 2025
CVE-2025-24597 Insertion of Sensitive Information Into Sent Data vulnerability in UkrSolution Barcode Generator for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.2. -- Jan 31, 2025
CVE-2025-24596 Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.8.7. -- Jan 24, 2025
CVE-2025-24595 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in bPlugins All Embed – Elementor Addons allows Stored XSS. This issue affects All Embed – Elementor Addons: from n/a through 1.1.3. -- Jan 24, 2025
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online