The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2025-22349 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7. | -- | Jan 7, 2025 |
CVE-2025-22348 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in RTO GmbH DynamicTags allows Blind SQL Injection.This issue affects DynamicTags: from n/a through 1.4.0. | -- | Jan 7, 2025 |
CVE-2025-22347 | Cross-Site Request Forgery (CSRF) vulnerability in BannerSky.com BSK Forms Blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through 3.9. | -- | Jan 7, 2025 |
CVE-2025-22346 | Server-Side Request Forgery (SSRF) vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 through n/a. | -- | Jan 15, 2025 |
CVE-2025-22345 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tobias Spiess TS Comfort DB allows Reflected XSS.This issue affects TS Comfort DB: from n/a through 2.0.7. | -- | Jan 9, 2025 |
CVE-2025-22344 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Convoy Media Category Library allows Reflected XSS.This issue affects Media Category Library: from n/a through 2.7. | -- | Jan 13, 2025 |
CVE-2025-22343 | Cross-Site Request Forgery (CSRF) vulnerability in Dennis Koot wpSOL allows Stored XSS.This issue affects wpSOL: from n/a through 1.2.0. | -- | Jan 7, 2025 |
CVE-2025-22342 | Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Simple Sitemap allows Stored XSS.This issue affects WP Simple Sitemap: from n/a through 0.2. | -- | Jan 7, 2025 |
CVE-2025-22341 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mohammad Hossein Aghanabi Hide Login+ allows Reflected XSS. This issue affects Hide Login+: from n/a through 3.5.1. | -- | Jan 31, 2025 |
CVE-2025-22339 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in aThemeArt Store Commerce allows DOM-Based XSS.This issue affects Store Commerce: from n/a through 1.2.3. | -- | Jan 7, 2025 |
CVE-2025-22338 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in lich_wang WP-tagMaker allows Reflected XSS.This issue affects WP-tagMaker: from n/a through 0.2.2. | -- | Jan 7, 2025 |
CVE-2025-22337 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Infosoft Consultant Order Audit Log for WooCommerce allows Reflected XSS.This issue affects Order Audit Log for WooCommerce: from n/a through 2.0. | -- | Jan 13, 2025 |
CVE-2025-22336 | Cross-Site Request Forgery (CSRF) vulnerability in WordPress ?? Wizhi Multi Filters by Wenprise allows Stored XSS.This issue affects Wizhi Multi Filters by Wenprise: from n/a through 1.8.6. | -- | Jan 7, 2025 |
CVE-2025-22335 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Md. Rajib Dewan Opencart Product in WP allows Reflected XSS.This issue affects Opencart Product in WP: from n/a through 1.0.1. | -- | Jan 7, 2025 |
CVE-2025-22334 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in FilaThemes Education LMS allows Stored XSS.This issue affects Education LMS: from n/a through 0.0.7. | -- | Jan 7, 2025 |
CVE-2025-22333 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.31. | -- | Jan 7, 2025 |
CVE-2025-22332 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Bryan Shanaver @ fiftyandfifty.org CloudFlare(R) Cache Purge allows Reflected XSS. This issue affects CloudFlare(R) Cache Purge: from n/a through 1.2. | -- | Jan 31, 2025 |
CVE-2025-22331 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in P3JX Cf7Save Extension allows Reflected XSS.This issue affects Cf7Save Extension: from n/a through 1. | -- | Jan 9, 2025 |
CVE-2025-22330 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mahesh Waghmare MG Parallax Slider allows Reflected XSS.This issue affects MG Parallax Slider: from n/a through 1.0.. | -- | Jan 9, 2025 |
CVE-2025-22329 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in AGILELOGIX Free Google Maps allows Stored XSS.This issue affects Free Google Maps: from n/a through 1.0.1. | -- | Jan 15, 2025 |
CVE-2025-22328 | Cross-Site Request Forgery (CSRF) vulnerability in Elevio Elevio allows Stored XSS.This issue affects Elevio: from n/a through 4.4.1. | -- | Jan 7, 2025 |
CVE-2025-22327 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Olaf Lederer EO4WP allows Stored XSS.This issue affects EO4WP: from n/a through 1.0.7. | -- | Jan 7, 2025 |
CVE-2025-22326 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in 5centsCDN 5centsCDN allows Reflected XSS.This issue affects 5centsCDN: from n/a through 24.8.16. | -- | Jan 7, 2025 |
CVE-2025-22325 | Cross-Site Request Forgery (CSRF) vulnerability in Nik Chankov Autocompleter allows Stored XSS.This issue affects Autocompleter: from n/a through 1.3.5.2. | -- | Jan 7, 2025 |
CVE-2025-22324 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Andon Ivanov OZ Canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through 0.5. | -- | Jan 7, 2025 |
CVE-2025-22323 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jewel Theme Image Hover Effects for Elementor allows Stored XSS.This issue affects Image Hover Effects for Elementor: from n/a through 1.0.2.3. | -- | Jan 7, 2025 |
CVE-2025-22322 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in NotFound Private Messages for UserPro allows Reflected XSS. This issue affects Private Messages for UserPro: from n/a through 4.10.0. | -- | Jan 21, 2025 |
CVE-2025-22321 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in TheInnovs ElementsCSS Addons for Elementor allows Stored XSS.This issue affects ElementsCSS Addons for Elementor: from n/a through 1.0.8.7. | -- | Jan 7, 2025 |
CVE-2025-22320 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ProductDyno ProductDyno allows Reflected XSS.This issue affects ProductDyno: from n/a through 1.0.24. | -- | Jan 7, 2025 |
CVE-2025-22319 | Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47. | -- | Jan 7, 2025 |
CVE-2025-22318 | Missing Authorization vulnerability in Eniture Technology Standard Box Sizes – for WooCommerce. This issue affects Standard Box Sizes – for WooCommerce: from n/a through 1.6.13. | -- | Jan 21, 2025 |
CVE-2025-22317 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in galleryape Photo Gallery – Image Gallery by Ape allows Reflected XSS.This issue affects Photo Gallery – Image Gallery by Ape: from n/a through 2.2.8. | -- | Jan 15, 2025 |
CVE-2025-22316 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1. | -- | Jan 7, 2025 |
CVE-2025-22315 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.7. | -- | Jan 7, 2025 |
CVE-2025-22314 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP Scripts Food Store – Online Food Delivery & Pickup allows Reflected XSS.This issue affects Food Store – Online Food Delivery & Pickup: from n/a through 1.5.1. | -- | Jan 13, 2025 |
CVE-2025-22313 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through 3.0. | -- | Jan 9, 2025 |
CVE-2025-22312 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThimPress Thim Elementor Kit allows DOM-Based XSS.This issue affects Thim Elementor Kit: from n/a through 1.2.8. | -- | Jan 7, 2025 |
CVE-2025-22311 | Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in NotFound Private Messages for UserPro. This issue affects Private Messages for UserPro: from n/a through 4.10.0. | -- | Jan 21, 2025 |
CVE-2025-22310 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in TemplatesNext TemplatesNext ToolKit allows Stored XSS.This issue affects TemplatesNext ToolKit: from n/a through 3.2.9. | -- | Jan 7, 2025 |
CVE-2025-22309 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Steve D SpeakOut! Email Petitions allows DOM-Based XSS.This issue affects SpeakOut! Email Petitions: from n/a through 4.4.2. | -- | Jan 7, 2025 |
CVE-2025-22308 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in inc2734 Smart Custom Fields allows Stored XSS.This issue affects Smart Custom Fields: from n/a through 5.0.0. | -- | Jan 7, 2025 |
CVE-2025-22307 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CodeAstrology Team Product Table for WooCommerce allows Reflected XSS.This issue affects Product Table for WooCommerce: from n/a through 3.5.6. | -- | Jan 9, 2025 |
CVE-2025-22306 | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7. | -- | Jan 7, 2025 |
CVE-2025-22305 | Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate allows PHP Local File Inclusion.This issue affects Hero Banner Ultimate: from n/a through 1.4.2. | -- | Jan 7, 2025 |
CVE-2025-22304 | Missing Authorization vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.3. | -- | Jan 7, 2025 |
CVE-2025-22303 | Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0. | -- | Jan 7, 2025 |
CVE-2025-22302 | Missing Authorization vulnerability in WP Wand WP Wand allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through 1.2.5. | -- | Jan 7, 2025 |
CVE-2025-22301 | Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore: from n/a through 3.5.3. | -- | Jan 7, 2025 |
CVE-2025-22300 | Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager allows Cross Site Request Forgery.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through 10.0.1.2. | -- | Jan 7, 2025 |
CVE-2025-22299 | Missing Authorization vulnerability in spacecodes AI for SEO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through 1.2.9. | -- | Jan 7, 2025 |