Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 253568 entries
IDDescriptionPriorityModified date
CVE-2025-22349 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7. -- Jan 7, 2025
CVE-2025-22348 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in RTO GmbH DynamicTags allows Blind SQL Injection.This issue affects DynamicTags: from n/a through 1.4.0. -- Jan 7, 2025
CVE-2025-22347 Cross-Site Request Forgery (CSRF) vulnerability in BannerSky.com BSK Forms Blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through 3.9. -- Jan 7, 2025
CVE-2025-22346 Server-Side Request Forgery (SSRF) vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 through n/a. -- Jan 15, 2025
CVE-2025-22345 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tobias Spiess TS Comfort DB allows Reflected XSS.This issue affects TS Comfort DB: from n/a through 2.0.7. -- Jan 9, 2025
CVE-2025-22344 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Convoy Media Category Library allows Reflected XSS.This issue affects Media Category Library: from n/a through 2.7. -- Jan 13, 2025
CVE-2025-22343 Cross-Site Request Forgery (CSRF) vulnerability in Dennis Koot wpSOL allows Stored XSS.This issue affects wpSOL: from n/a through 1.2.0. -- Jan 7, 2025
CVE-2025-22342 Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Simple Sitemap allows Stored XSS.This issue affects WP Simple Sitemap: from n/a through 0.2. -- Jan 7, 2025
CVE-2025-22341 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mohammad Hossein Aghanabi Hide Login+ allows Reflected XSS. This issue affects Hide Login+: from n/a through 3.5.1. -- Jan 31, 2025
CVE-2025-22339 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in aThemeArt Store Commerce allows DOM-Based XSS.This issue affects Store Commerce: from n/a through 1.2.3. -- Jan 7, 2025
CVE-2025-22338 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in lich_wang WP-tagMaker allows Reflected XSS.This issue affects WP-tagMaker: from n/a through 0.2.2. -- Jan 7, 2025
CVE-2025-22337 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Infosoft Consultant Order Audit Log for WooCommerce allows Reflected XSS.This issue affects Order Audit Log for WooCommerce: from n/a through 2.0. -- Jan 13, 2025
CVE-2025-22336 Cross-Site Request Forgery (CSRF) vulnerability in WordPress ?? Wizhi Multi Filters by Wenprise allows Stored XSS.This issue affects Wizhi Multi Filters by Wenprise: from n/a through 1.8.6. -- Jan 7, 2025
CVE-2025-22335 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Md. Rajib Dewan Opencart Product in WP allows Reflected XSS.This issue affects Opencart Product in WP: from n/a through 1.0.1. -- Jan 7, 2025
CVE-2025-22334 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in FilaThemes Education LMS allows Stored XSS.This issue affects Education LMS: from n/a through 0.0.7. -- Jan 7, 2025
CVE-2025-22333 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.31. -- Jan 7, 2025
CVE-2025-22332 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Bryan Shanaver @ fiftyandfifty.org CloudFlare(R) Cache Purge allows Reflected XSS. This issue affects CloudFlare(R) Cache Purge: from n/a through 1.2. -- Jan 31, 2025
CVE-2025-22331 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in P3JX Cf7Save Extension allows Reflected XSS.This issue affects Cf7Save Extension: from n/a through 1. -- Jan 9, 2025
CVE-2025-22330 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mahesh Waghmare MG Parallax Slider allows Reflected XSS.This issue affects MG Parallax Slider: from n/a through 1.0.. -- Jan 9, 2025
CVE-2025-22329 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in AGILELOGIX Free Google Maps allows Stored XSS.This issue affects Free Google Maps: from n/a through 1.0.1. -- Jan 15, 2025
CVE-2025-22328 Cross-Site Request Forgery (CSRF) vulnerability in Elevio Elevio allows Stored XSS.This issue affects Elevio: from n/a through 4.4.1. -- Jan 7, 2025
CVE-2025-22327 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Olaf Lederer EO4WP allows Stored XSS.This issue affects EO4WP: from n/a through 1.0.7. -- Jan 7, 2025
CVE-2025-22326 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in 5centsCDN 5centsCDN allows Reflected XSS.This issue affects 5centsCDN: from n/a through 24.8.16. -- Jan 7, 2025
CVE-2025-22325 Cross-Site Request Forgery (CSRF) vulnerability in Nik Chankov Autocompleter allows Stored XSS.This issue affects Autocompleter: from n/a through 1.3.5.2. -- Jan 7, 2025
CVE-2025-22324 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Andon Ivanov OZ Canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through 0.5. -- Jan 7, 2025
CVE-2025-22323 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jewel Theme Image Hover Effects for Elementor allows Stored XSS.This issue affects Image Hover Effects for Elementor: from n/a through 1.0.2.3. -- Jan 7, 2025
CVE-2025-22322 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Private Messages for UserPro allows Reflected XSS. This issue affects Private Messages for UserPro: from n/a through 4.10.0. -- Jan 21, 2025
CVE-2025-22321 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in TheInnovs ElementsCSS Addons for Elementor allows Stored XSS.This issue affects ElementsCSS Addons for Elementor: from n/a through 1.0.8.7. -- Jan 7, 2025
CVE-2025-22320 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ProductDyno ProductDyno allows Reflected XSS.This issue affects ProductDyno: from n/a through 1.0.24. -- Jan 7, 2025
CVE-2025-22319 Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47. -- Jan 7, 2025
CVE-2025-22318 Missing Authorization vulnerability in Eniture Technology Standard Box Sizes – for WooCommerce. This issue affects Standard Box Sizes – for WooCommerce: from n/a through 1.6.13. -- Jan 21, 2025
CVE-2025-22317 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in galleryape Photo Gallery – Image Gallery by Ape allows Reflected XSS.This issue affects Photo Gallery – Image Gallery by Ape: from n/a through 2.2.8. -- Jan 15, 2025
CVE-2025-22316 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1. -- Jan 7, 2025
CVE-2025-22315 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.7. -- Jan 7, 2025
CVE-2025-22314 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP Scripts Food Store – Online Food Delivery & Pickup allows Reflected XSS.This issue affects Food Store – Online Food Delivery & Pickup: from n/a through 1.5.1. -- Jan 13, 2025
CVE-2025-22313 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through 3.0. -- Jan 9, 2025
CVE-2025-22312 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThimPress Thim Elementor Kit allows DOM-Based XSS.This issue affects Thim Elementor Kit: from n/a through 1.2.8. -- Jan 7, 2025
CVE-2025-22311 Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in NotFound Private Messages for UserPro. This issue affects Private Messages for UserPro: from n/a through 4.10.0. -- Jan 21, 2025
CVE-2025-22310 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in TemplatesNext TemplatesNext ToolKit allows Stored XSS.This issue affects TemplatesNext ToolKit: from n/a through 3.2.9. -- Jan 7, 2025
CVE-2025-22309 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Steve D SpeakOut! Email Petitions allows DOM-Based XSS.This issue affects SpeakOut! Email Petitions: from n/a through 4.4.2. -- Jan 7, 2025
CVE-2025-22308 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in inc2734 Smart Custom Fields allows Stored XSS.This issue affects Smart Custom Fields: from n/a through 5.0.0. -- Jan 7, 2025
CVE-2025-22307 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CodeAstrology Team Product Table for WooCommerce allows Reflected XSS.This issue affects Product Table for WooCommerce: from n/a through 3.5.6. -- Jan 9, 2025
CVE-2025-22306 Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7. -- Jan 7, 2025
CVE-2025-22305 Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate allows PHP Local File Inclusion.This issue affects Hero Banner Ultimate: from n/a through 1.4.2. -- Jan 7, 2025
CVE-2025-22304 Missing Authorization vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.3. -- Jan 7, 2025
CVE-2025-22303 Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0. -- Jan 7, 2025
CVE-2025-22302 Missing Authorization vulnerability in WP Wand WP Wand allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through 1.2.5. -- Jan 7, 2025
CVE-2025-22301 Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore: from n/a through 3.5.3. -- Jan 7, 2025
CVE-2025-22300 Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager allows Cross Site Request Forgery.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through 10.0.1.2. -- Jan 7, 2025
CVE-2025-22299 Missing Authorization vulnerability in spacecodes AI for SEO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through 1.2.9. -- Jan 7, 2025
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online