The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2025-24659 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in WordPress Download Manager Premium Packages allows Blind SQL Injection. This issue affects Premium Packages: from n/a through 5.9.6. | -- | Jan 24, 2025 |
CVE-2025-24658 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Joe Hawes Auction Nudge – Your eBay on Your Site allows Stored XSS. This issue affects Auction Nudge – Your eBay on Your Site: from n/a through 7.2.0. | -- | Jan 24, 2025 |
CVE-2025-24657 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WebToffee Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 2.1.2. | -- | Jan 24, 2025 |
CVE-2025-24656 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Realtyna Realtyna Provisioning allows Reflected XSS. This issue affects Realtyna Provisioning: from n/a through 1.2.2. | -- | Feb 3, 2025 |
CVE-2025-24653 | Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1. | -- | Jan 27, 2025 |
CVE-2025-24652 | Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6. | -- | Jan 24, 2025 |
CVE-2025-24650 | Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3. | -- | Jan 24, 2025 |
CVE-2025-24649 | Missing Authorization vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2. | -- | Jan 24, 2025 |
CVE-2025-24648 | Incorrect Privilege Assignment vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.1. | -- | Feb 4, 2025 |
CVE-2025-24647 | Cross-Site Request Forgery (CSRF) vulnerability in datafeedr.com WooCommerce Cloak Affiliate Links allows Cross Site Request Forgery. This issue affects WooCommerce Cloak Affiliate Links: from n/a through 1.0.35. | -- | Jan 24, 2025 |
CVE-2025-24646 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Maxim Glazunov XML for Avito allows Reflected XSS. This issue affects XML for Avito: from n/a through 2.5.2. | -- | Feb 3, 2025 |
CVE-2025-24644 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Stored XSS. This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.7.1. | -- | Jan 24, 2025 |
CVE-2025-24643 | Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0. | -- | Feb 3, 2025 |
CVE-2025-24642 | Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Setup Default Featured Image: from n/a through 1.2. | -- | Feb 3, 2025 |
CVE-2025-24639 | Insertion of Sensitive Information Into Sent Data vulnerability in GREYS Korea for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Korea for WooCommerce: from n/a through 1.1.11. | -- | Feb 3, 2025 |
CVE-2025-24638 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pete Dring Create with Code allows DOM-Based XSS. This issue affects Create with Code: from n/a through 1.4. | -- | Jan 24, 2025 |
CVE-2025-24636 | Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologies LLC MachForm Shortcode allows Stored XSS. This issue affects MachForm Shortcode: from n/a through 1.4.1. | -- | Jan 24, 2025 |
CVE-2025-24635 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Paytm Paytm Payment Donation allows Reflected XSS. This issue affects Paytm Payment Donation: from n/a through 2.3.1. | -- | Jan 31, 2025 |
CVE-2025-24634 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Svetoslav Marinov (Slavi) Orbisius Simple Notice allows Stored XSS. This issue affects Orbisius Simple Notice: from n/a through 1.1.3. | -- | Jan 24, 2025 |
CVE-2025-24633 | Missing Authorization vulnerability in silverplugins217 Build Private Store For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Build Private Store For Woocommerce: from n/a through 1.0. | -- | Jan 24, 2025 |
CVE-2025-24632 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce allows Reflected XSS. This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.9.0. | -- | Jan 31, 2025 |
CVE-2025-24631 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PhiloPress BP Email Assign Templates allows Reflected XSS. This issue affects BP Email Assign Templates: from n/a through 1.5. | -- | Feb 3, 2025 |
CVE-2025-24630 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in MantraBrain Sikshya LMS allows Reflected XSS. This issue affects Sikshya LMS: from n/a through 0.0.21. | -- | Feb 3, 2025 |
CVE-2025-24629 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPGear Import Excel to Gravity Forms allows Reflected XSS. This issue affects Import Excel to Gravity Forms: from n/a through 1.18. | -- | Feb 3, 2025 |
CVE-2025-24628 | Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78. | -- | Jan 27, 2025 |
CVE-2025-24627 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Linnea Huxford, LinSoftware Blur Text allows Stored XSS. This issue affects Blur Text: from n/a through 1.0.0. | -- | Jan 24, 2025 |
CVE-2025-24626 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CodePeople Music Store allows Reflected XSS. This issue affects Music Store: from n/a through 1.1.19. | -- | Jan 27, 2025 |
CVE-2025-24625 | Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/a through 5.1. | -- | Jan 24, 2025 |
CVE-2025-24623 | Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Security Really Simple SSL allows Cross Site Request Forgery. This issue affects Really Simple SSL: from n/a through 9.1.4. | -- | Jan 24, 2025 |
CVE-2025-24622 | Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Job Board Manager allows Cross Site Request Forgery. This issue affects Job Board Manager: from n/a through 2.1.59. | -- | Jan 24, 2025 |
CVE-2025-24620 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound AIO Shortcodes allows Stored XSS. This issue affects AIO Shortcodes: from n/a through 1.3. | -- | Feb 3, 2025 |
CVE-2025-24618 | Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1. | -- | Jan 24, 2025 |
CVE-2025-24613 | Missing Authorization vulnerability in Foliovision FV Thoughtful Comments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FV Thoughtful Comments: from n/a through 0.3.5. | -- | Jan 24, 2025 |
CVE-2025-24612 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in MORKVA Shipping for Nova Poshta allows SQL Injection. This issue affects Shipping for Nova Poshta: from n/a through 1.19.6. | -- | Jan 27, 2025 |
CVE-2025-24611 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Smackcoders WP Ultimate Exporter allows Absolute Path Traversal. This issue affects WP Ultimate Exporter: from n/a through 2.9. | -- | Jan 24, 2025 |
CVE-2025-24610 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Christian Leuenberg, L.net Web Solutions Restrict Anonymous Access allows Stored XSS. This issue affects Restrict Anonymous Access: from n/a through 1.2. | -- | Jan 24, 2025 |
CVE-2025-24609 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PortOne PORTONE ???? ?? allows Reflected XSS. This issue affects PORTONE ???? ??: from n/a through 3.2.4. | -- | Jan 31, 2025 |
CVE-2025-24608 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Milan Petrovic GD Mail Queue allows Reflected XSS. This issue affects GD Mail Queue: from n/a through 4.3. | -- | Jan 31, 2025 |
CVE-2025-24606 | Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.1. | -- | Jan 27, 2025 |
CVE-2025-24605 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in realmag777 WOLF allows Path Traversal. This issue affects WOLF: from n/a through 1.0.8.5. | -- | Feb 3, 2025 |
CVE-2025-24604 | Missing Authorization vulnerability in Vikas Ratudi VForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VForm: from n/a through 3.0.5. | -- | Jan 24, 2025 |
CVE-2025-24603 | Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce products/orders. This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.10. | -- | Jan 27, 2025 |
CVE-2025-24602 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP24 WP24 Domain Check allows Reflected XSS. This issue affects WP24 Domain Check: from n/a through 1.10.14. | -- | Feb 4, 2025 |
CVE-2025-24601 | Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection. This issue affects FundPress: from n/a through 2.0.6. | -- | Jan 27, 2025 |
CVE-2025-24600 | Missing Authorization vulnerability in David F. Carr RSVPMarker . This issue affects RSVPMarker : from n/a through 11.4.5. | -- | Jan 27, 2025 |
CVE-2025-24599 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tribulant Newsletters allows Reflected XSS. This issue affects Newsletters: from n/a through 4.9.9.6. | -- | Feb 4, 2025 |
CVE-2025-24598 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.17.0. | -- | Feb 4, 2025 |
CVE-2025-24597 | Insertion of Sensitive Information Into Sent Data vulnerability in UkrSolution Barcode Generator for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.2. | -- | Jan 31, 2025 |
CVE-2025-24596 | Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.8.7. | -- | Jan 24, 2025 |
CVE-2025-24595 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in bPlugins All Embed – Elementor Addons allows Stored XSS. This issue affects All Embed – Elementor Addons: from n/a through 1.1.3. | -- | Jan 24, 2025 |