The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2025-31932 | Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console. The vendor provides the workaround information and recommends to apply it to the deployment environment. | -- | Apr 11, 2025 |
| CVE-2025-31911 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in NotFound Social Share And Social Locker allows Blind SQL Injection. This issue affects Social Share And Social Locker: from n/a through 1.4.2. | -- | Apr 7, 2025 |
| CVE-2025-31910 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in reputeinfosystems BookingPress allows SQL Injection. This issue affects BookingPress: from n/a through 1.1.28. | -- | Apr 1, 2025 |
| CVE-2025-31909 | Missing Authorization vulnerability in NotFound Apptivo Business Site CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Apptivo Business Site CRM: from n/a through 5.3. | -- | Apr 7, 2025 |
| CVE-2025-31908 | Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui JSON Structuring Markup allows Stored XSS. This issue affects JSON Structuring Markup: from n/a through 0.1. | -- | Apr 1, 2025 |
| CVE-2025-31907 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Labib Ahmed Team Builder allows Reflected XSS. This issue affects Team Builder: from n/a through 1.3. | -- | Apr 7, 2025 |
| CVE-2025-31906 | Cross-Site Request Forgery (CSRF) vulnerability in ProfitShare.ro WP Profitshare allows Stored XSS. This issue affects WP Profitshare: from n/a through 1.4.9. | -- | Apr 1, 2025 |
| CVE-2025-31905 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Team Rosters allows Reflected XSS. This issue affects Team Rosters: from n/a through 4.7. | -- | Apr 7, 2025 |
| CVE-2025-31904 | Cross-Site Request Forgery (CSRF) vulnerability in Infoway LLC Ebook Downloader allows Cross Site Request Forgery. This issue affects Ebook Downloader: from n/a through 1.0. | -- | Apr 1, 2025 |
| CVE-2025-31903 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound XV Random Quotes allows Reflected XSS. This issue affects XV Random Quotes: from n/a through 1.37. | -- | Apr 7, 2025 |
| CVE-2025-31902 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Social Share And Social Locker allows Reflected XSS. This issue affects Social Share And Social Locker: from n/a through 1.4.1. | -- | Apr 7, 2025 |
| CVE-2025-31901 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Digihood Digihood HTML Sitemap allows Reflected XSS. This issue affects Digihood HTML Sitemap: from n/a through 3.1.1. | -- | Apr 7, 2025 |
| CVE-2025-31900 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in lexicata Lexicata allows Reflected XSS. This issue affects Lexicata: from n/a through 1.0.16. | -- | Apr 7, 2025 |
| CVE-2025-31899 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in wpshopee Awesome Logos allows Reflected XSS. This issue affects Awesome Logos: from n/a through 1.2. | -- | Apr 7, 2025 |
| CVE-2025-31898 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound MediaView allows Reflected XSS. This issue affects MediaView: from n/a through 1.1.2. | -- | Apr 7, 2025 |
| CVE-2025-31897 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Arrow Plugins Arrow Custom Feed for Twitter allows Stored XSS. This issue affects Arrow Custom Feed for Twitter: from n/a through 1.5.3. | -- | Apr 1, 2025 |
| CVE-2025-31896 | Missing Authorization vulnerability in istmoplugins GetBookingsWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GetBookingsWP: from n/a through 1.1.27. | -- | Apr 7, 2025 |
| CVE-2025-31895 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in paulrosen ABC Notation allows Stored XSS. This issue affects ABC Notation: from n/a through 6.1.3. | -- | Apr 1, 2025 |
| CVE-2025-31894 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Infoway LLC Ebook Downloader allows Stored XSS. This issue affects Ebook Downloader: from n/a through 1.0. | -- | Apr 1, 2025 |
| CVE-2025-31893 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in cheesefather Botnet Attack Blocker allows Stored XSS. This issue affects Botnet Attack Blocker: from n/a through 2.0.0. | -- | Apr 7, 2025 |
| CVE-2025-31892 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Themeum WP Crowdfunding allows Stored XSS. This issue affects WP Crowdfunding: from n/a through 2.1.13. | -- | Apr 1, 2025 |
| CVE-2025-31891 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Gosign Gosign – Posts Slider Block allows Stored XSS. This issue affects Gosign – Posts Slider Block: from n/a through 1.1.0. | -- | Apr 1, 2025 |
| CVE-2025-31890 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mashi Simple Map No Api allows Stored XSS. This issue affects Simple Map No Api: from n/a through 1.9. | -- | Apr 1, 2025 |
| CVE-2025-31889 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a through 2.0.40. | -- | Apr 1, 2025 |
| CVE-2025-31888 | Cross-Site Request Forgery (CSRF) vulnerability in WPExperts.io WP Multistore Locator allows Cross Site Request Forgery. This issue affects WP Multistore Locator: from n/a through 2.5.2. | -- | Apr 1, 2025 |
| CVE-2025-31887 | Missing Authorization vulnerability in zookatron MyBookProgress by Stormhill Media allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8. | -- | Apr 1, 2025 |
| CVE-2025-31886 | Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Social proof testimonials and reviews by Repuso: from n/a through 5.21. | -- | Apr 1, 2025 |
| CVE-2025-31885 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Daniel Floeter Hyperlink Group Block allows DOM-Based XSS. This issue affects Hyperlink Group Block: from n/a through 2.0.1. | -- | Apr 1, 2025 |
| CVE-2025-31884 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP CMS Ninja Norse Rune Oracle Plugin allows Stored XSS. This issue affects Norse Rune Oracle Plugin: from n/a through 1.4.3. | -- | Apr 1, 2025 |
| CVE-2025-31883 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPWebinarSystem WebinarPress allows Stored XSS. This issue affects WebinarPress: from n/a through 1.33.27. | -- | Apr 1, 2025 |
| CVE-2025-31882 | Missing Authorization vulnerability in WPWebinarSystem WebinarPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WebinarPress: from n/a through 1.33.27. | -- | Apr 1, 2025 |
| CVE-2025-31881 | Missing Authorization vulnerability in Stylemix Pearl allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pearl: from n/a through 1.3.9. | -- | Apr 1, 2025 |
| CVE-2025-31880 | Cross-Site Request Forgery (CSRF) vulnerability in Stylemix Pearl allows Cross Site Request Forgery. This issue affects Pearl: from n/a through 1.3.9. | -- | Apr 1, 2025 |
| CVE-2025-31879 | Missing Authorization vulnerability in Dmitry V. (CEO of UKR Solution) Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4. | -- | Apr 1, 2025 |
| CVE-2025-31878 | Missing Authorization vulnerability in Dmitry V. (CEO of UKR Solution) UPC/EAN/GTIN Code Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2. | -- | Apr 1, 2025 |
| CVE-2025-31877 | Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RestroPress: from n/a through 3.1.8.4. | -- | Apr 1, 2025 |
| CVE-2025-31876 | Missing Authorization vulnerability in gunnarpayday Payday allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payday: from n/a through 3.3.12. | -- | Apr 7, 2025 |
| CVE-2025-31875 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pluginic FancyPost allows DOM-Based XSS. This issue affects FancyPost: from n/a through 6.0.1. | -- | Apr 1, 2025 |
| CVE-2025-31874 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Ajay WebberZone Snippetz allows Stored XSS. This issue affects WebberZone Snippetz: from n/a through 2.1.0. | -- | Apr 1, 2025 |
| CVE-2025-31873 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in sheetdb SheetDB allows Stored XSS. This issue affects SheetDB: from n/a through 1.3.3. | -- | Apr 1, 2025 |
| CVE-2025-31872 | Missing Authorization vulnerability in Galaxy Weblinks WP Clone any post type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Clone any post type: from n/a through 3.4. | -- | Apr 1, 2025 |
| CVE-2025-31871 | URL Redirection to Untrusted Site (\'Open Redirect\') vulnerability in Galaxy Weblinks WP Clone any post type allows Phishing. This issue affects WP Clone any post type: from n/a through 3.4. | -- | Apr 1, 2025 |
| CVE-2025-31870 | Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0. | -- | Apr 1, 2025 |
| CVE-2025-31869 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS. This issue affects Black Widgets For Elementor: from n/a through 1.3.9. | -- | Apr 1, 2025 |
| CVE-2025-31868 | Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. | -- | Apr 1, 2025 |
| CVE-2025-31867 | Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2. | -- | Apr 1, 2025 |
| CVE-2025-31866 | Missing Authorization vulnerability in Ship Depot ShipDepot for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ShipDepot for WooCommerce: from n/a through 1.2.19. | -- | Apr 1, 2025 |
| CVE-2025-31865 | Missing Authorization vulnerability in CartBoss SMS Abandoned Cart Recovery ? CartBoss allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMS Abandoned Cart Recovery ? CartBoss: from n/a through 4.1.2. | -- | Apr 1, 2025 |
| CVE-2025-31864 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Out the Box Beam me up Scotty – Back to Top Button allows Stored XSS. This issue affects Beam me up Scotty – Back to Top Button: from n/a through 1.0.23. | -- | Apr 1, 2025 |
| CVE-2025-31863 | Missing Authorization vulnerability in inspry Agency Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Agency Toolkit: from n/a through 1.0.23. | -- | Apr 1, 2025 |
