The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2025-25145 | Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows Cross Site Request Forgery. This issue affects Infusionsoft Analytics: from n/a through 2.0. | -- | Feb 7, 2025 |
CVE-2025-25144 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in theasys Theasys allows Stored XSS. This issue affects Theasys: from n/a through 1.0.1. | -- | Feb 7, 2025 |
CVE-2025-25143 | Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran allows Cross Site Request Forgery. This issue affects GlobalQuran: from n/a through 1.0. | -- | Feb 7, 2025 |
CVE-2025-25141 | Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in zankover Fami Sales Popup allows PHP Local File Inclusion. This issue affects Fami Sales Popup: from n/a through 2.0.0. | -- | Feb 7, 2025 |
CVE-2025-25140 | Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9. | -- | Feb 7, 2025 |
CVE-2025-25139 | Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed allows Stored XSS. This issue affects WP Custom Post RSS Feed: from n/a through 1.0.0. | -- | Feb 7, 2025 |
CVE-2025-25138 | Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button allows Stored XSS. This issue affects On Page SEO + Whatsapp Chat Button: from n/a through 2.0.0. | -- | Feb 7, 2025 |
CVE-2025-25136 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in shujahat21 Optimate Ads allows Stored XSS. This issue affects Optimate Ads: from n/a through 1.0.3. | -- | Feb 7, 2025 |
CVE-2025-25135 | Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3. | -- | Feb 7, 2025 |
CVE-2025-25128 | Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita Form Tracker allows Stored XSS. This issue affects Facilita Form Tracker: from n/a through 1.0. | -- | Feb 7, 2025 |
CVE-2025-25126 | Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO allows Stored XSS. This issue affects ZMSEO: from n/a through 1.14.1. | -- | Feb 7, 2025 |
CVE-2025-25125 | Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 2.7. | -- | Feb 7, 2025 |
CVE-2025-25123 | Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts allows Stored XSS. This issue affects Easy Related Posts: from n/a through 2.0.2. | -- | Feb 7, 2025 |
CVE-2025-25120 | Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3. | -- | Feb 7, 2025 |
CVE-2025-25117 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Alex Polonski Smart Countdown FX allows Stored XSS. This issue affects Smart Countdown FX: from n/a through 1.5.5. | -- | Feb 7, 2025 |
CVE-2025-25116 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in sudipto Link to URL / Post allows Blind SQL Injection. This issue affects Link to URL / Post: from n/a through 1.3. | -- | Feb 7, 2025 |
CVE-2025-25111 | Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check allows Cross Site Request Forgery. This issue affects WP Spell Check: from n/a through 9.21. | -- | Feb 7, 2025 |
CVE-2025-25110 | Missing Authorization vulnerability in Metagauss Event Kikfyre allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Kikfyre: from n/a through 2.1.8. | -- | Feb 7, 2025 |
CVE-2025-25107 | Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery. This issue affects OneStore Sites: from n/a through 0.1.1. | -- | Feb 7, 2025 |
CVE-2025-25106 | Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery. This issue affects Starter Templates by FancyWP: from n/a through 2.0.0. | -- | Feb 7, 2025 |
CVE-2025-25105 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in coffeestudios Pop Up allows Stored XSS. This issue affects Pop Up: from n/a through 0.1. | -- | Feb 7, 2025 |
CVE-2025-25104 | Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box allows Cross Site Request Forgery. This issue affects URL-Preview-Box: from n/a through 1.20. | -- | Feb 7, 2025 |
CVE-2025-25103 | Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API allows Cross Site Request Forgery. This issue affects Indeed API: from n/a through 0.5. | -- | Feb 7, 2025 |
CVE-2025-25101 | Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7. | -- | Feb 7, 2025 |
CVE-2025-25098 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Zack Katz Links in Captions allows Stored XSS. This issue affects Links in Captions: from n/a through 1.2. | -- | Feb 7, 2025 |
CVE-2025-25097 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in kwiliarty External Video For Everybody allows Stored XSS. This issue affects External Video For Everybody: from n/a through 2.1.1. | -- | Feb 7, 2025 |
CVE-2025-25096 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in titusbicknell RSS in Page allows Stored XSS. This issue affects RSS in Page: from n/a through 2.9.1. | -- | Feb 7, 2025 |
CVE-2025-25095 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in reverbnationdev ReverbNation Widgets allows Stored XSS. This issue affects ReverbNation Widgets: from n/a through 2.1. | -- | Feb 7, 2025 |
CVE-2025-25094 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Amitythemes.com Breaking News Ticker allows Stored XSS. This issue affects Breaking News Ticker: from n/a through 2.4.4. | -- | Feb 7, 2025 |
CVE-2025-25093 | Cross-Site Request Forgery (CSRF) vulnerability in paulswarthout Child Themes Helper allows Path Traversal. This issue affects Child Themes Helper: from n/a through 2.2.7. | -- | Feb 7, 2025 |
CVE-2025-25091 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in zackdesign NextGen Cooliris Gallery allows Stored XSS. This issue affects NextGen Cooliris Gallery: from n/a through 0.7. | -- | Feb 7, 2025 |
CVE-2025-25088 | Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keyword Monitor allows Stored XSS. This issue affects WP Keyword Monitor: from n/a through 1.0.5. | -- | Feb 7, 2025 |
CVE-2025-25085 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in matt_mcbrien WP SimpleWeather allows Stored XSS. This issue affects WP SimpleWeather: from n/a through 0.2.5. | -- | Feb 7, 2025 |
CVE-2025-25082 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Max Chirkov FlexIDX Home Search allows Stored XSS. This issue affects FlexIDX Home Search: from n/a through 2.1.2. | -- | Feb 7, 2025 |
CVE-2025-25081 | Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1. | -- | Feb 7, 2025 |
CVE-2025-25080 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in gubbigubbi Kona Gallery Block allows Stored XSS. This issue affects Kona Gallery Block: from n/a through 1.7. | -- | Feb 7, 2025 |
CVE-2025-25079 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Garrett Grimm Simple Select All Text Box allows Stored XSS. This issue affects Simple Select All Text Box: from n/a through 3.2. | -- | Feb 7, 2025 |
CVE-2025-25078 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Andrew Norcross Google Earth Embed allows Stored XSS. This issue affects Google Earth Embed: from n/a through 1.0. | -- | Feb 7, 2025 |
CVE-2025-25077 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in dugbug Easy Chart Builder for WordPress allows Stored XSS. This issue affects Easy Chart Builder for WordPress: from n/a through 1.3. | -- | Feb 7, 2025 |
CVE-2025-25076 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in nicholaswilson Graceful Email Obfuscation allows Stored XSS. This issue affects Graceful Email Obfuscation: from n/a through 0.2.2. | -- | Feb 7, 2025 |
CVE-2025-25075 | Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area allows Stored XSS. This issue affects Show notice or message on admin area: from n/a through 2.0. | -- | Feb 7, 2025 |
CVE-2025-25074 | Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1. | -- | Feb 7, 2025 |
CVE-2025-25073 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Vasilis Triantafyllou Easy WP Tiles allows Stored XSS. This issue affects Easy WP Tiles: from n/a through 1. | -- | Feb 7, 2025 |
CVE-2025-25072 | Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page allows Stored XSS. This issue affects WP Admin Custom Page: from n/a through 1.5.0. | -- | Feb 7, 2025 |
CVE-2025-25071 | Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads allows Stored XSS. This issue affects Vignette Ads: from n/a through 0.2. | -- | Feb 7, 2025 |
CVE-2025-25069 | A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn\'t detect if Host: or POST appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained with SSRF. It is similiar to CVE-2016-10517 in Redis. This issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0. Users are recommended to upgrade to version 2.11.1, which fixes the issue. | -- | Feb 7, 2025 |
CVE-2025-25066 | nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c. | -- | Feb 3, 2025 |
CVE-2025-25065 | SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints. | -- | Feb 4, 2025 |
CVE-2025-25064 | SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in the request, allowing them to inject arbitrary SQL queries that could retrieve email metadata. | -- | Feb 6, 2025 |
CVE-2025-25063 | An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, it is possible to execute scripting in the browser when an SVG image is viewed. This issue is mitigated by the attacker needing to be able to upload SVG images, and that Backdrop embeds all uploaded SVG images within <img> tags, which prevents scripting from executing. The SVG must be viewed directly by its URL in order to run any embedded scripting. | -- | Feb 3, 2025 |