The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2025-22827 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Joomag. WP Joomag allows DOM-Based XSS.This issue affects WP Joomag: from n/a through 2.5.2. | -- | Jan 9, 2025 | n/a |
CVE-2025-22826 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in wpecommerce, wp.insider Sell Digital Downloads allows Stored XSS.This issue affects Sell Digital Downloads: from n/a through 2.2.7. | -- | Jan 9, 2025 | n/a |
CVE-2025-22824 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Lucia Intelisano Live Flight Radar allows Stored XSS.This issue affects Live Flight Radar: from n/a through 1.0. | -- | Jan 9, 2025 | n/a |
CVE-2025-22823 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Justin Twerdy Genesis Style Shortcodes allows DOM-Based XSS.This issue affects Genesis Style Shortcodes: from n/a through 1.0. | -- | Jan 9, 2025 | n/a |
CVE-2025-22822 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Bishawjit Das wp custom countdown allows Stored XSS.This issue affects wp custom countdown: from n/a through 2.8. | -- | Jan 9, 2025 | n/a |
CVE-2025-22821 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in vfthemes StorePress allows DOM-Based XSS.This issue affects StorePress: from n/a through 1.0.12. | -- | Jan 9, 2025 | n/a |
CVE-2025-22820 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Daniel Walmsley VR Views allows Stored XSS.This issue affects VR Views: from n/a through 1.5.1. | -- | Jan 9, 2025 | n/a |
CVE-2025-22819 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in 4wpbari Qr Code and Barcode Scanner Reader allows Stored XSS.This issue affects Qr Code and Barcode Scanner Reader: from n/a through 1.0.0. | -- | Jan 9, 2025 | n/a |
CVE-2025-22818 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in S3Bubble S3Player – WooCommerce & Elementor Integration allows Stored XSS.This issue affects S3Player – WooCommerce & Elementor Integration: from n/a through 4.2.1. | -- | Jan 9, 2025 | n/a |
CVE-2025-22817 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Venutius BP Profile Shortcodes Extra allows Stored XSS.This issue affects BP Profile Shortcodes Extra: from n/a through 2.6.0. | -- | Jan 9, 2025 | n/a |
CVE-2025-22815 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in bPlugins LLC Button Block allows Stored XSS.This issue affects Button Block: from n/a through 1.1.6. | -- | Jan 9, 2025 | n/a |
CVE-2025-22814 | Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Admin Theme allows Cross Site Request Forgery.This issue affects Zephyr Admin Theme: from n/a through 1.4.1. | -- | Jan 9, 2025 | n/a |
CVE-2025-22813 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ChatBot for WordPress - WPBot Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.4.2. | -- | Jan 9, 2025 | n/a |
CVE-2025-22812 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in FlickDevs News Ticker Widget for Elementor allows Stored XSS.This issue affects News Ticker Widget for Elementor: from n/a through 1.3.2. | -- | Jan 9, 2025 | n/a |
CVE-2025-22811 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Modeltheme MT Addons for Elementor allows Stored XSS.This issue affects MT Addons for Elementor: from n/a through 1.0.6. | -- | Jan 9, 2025 | n/a |
CVE-2025-22810 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CBB Team Content Blocks Builder allows Stored XSS.This issue affects Content Blocks Builder: from n/a through 2.7.6. | -- | Jan 9, 2025 | n/a |
CVE-2025-22809 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Gravity Master PDF Catalog Woocommerce allows DOM-Based XSS.This issue affects PDF Catalog Woocommerce: from n/a through 2.0. | -- | Jan 9, 2025 | n/a |
CVE-2025-22808 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Surbma Surbma | Premium WP allows DOM-Based XSS.This issue affects Surbma | Premium WP: from n/a through 9.0. | -- | Jan 9, 2025 | n/a |
CVE-2025-22807 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Robert Peake Responsive Flickr Slideshow allows Stored XSS.This issue affects Responsive Flickr Slideshow: from n/a through 2.6.0. | -- | Jan 9, 2025 | n/a |
CVE-2025-22806 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Modernaweb Studio Black Widgets For Elementor allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.8. | -- | Jan 9, 2025 | n/a |
CVE-2025-22805 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThemePoints Skill Bar allows Stored XSS.This issue affects Skill Bar: from n/a through 1.2. | -- | Jan 9, 2025 | n/a |
CVE-2025-22804 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.23. | -- | Jan 9, 2025 | n/a |
CVE-2025-22803 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in VillaTheme Advanced Product Information for WooCommerce allows Stored XSS.This issue affects Advanced Product Information for WooCommerce: from n/a through 1.1.4. | -- | Jan 9, 2025 | n/a |
CVE-2025-22802 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in add-ons.org Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail allows Stored XSS.This issue affects Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail: from n/a through 2.1.4. | -- | Jan 9, 2025 | n/a |
CVE-2025-22801 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in HasThemes Free WooCommerce Theme 99fy Extension allows Stored XSS.This issue affects Free WooCommerce Theme 99fy Extension: from n/a through 1.2.8. | -- | Jan 9, 2025 | n/a |
CVE-2025-22595 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Yamna Khawaja Mailing Group Listserv allows Reflected XSS.This issue affects Mailing Group Listserv: from n/a through 2.0.9. | -- | Jan 9, 2025 | n/a |
CVE-2025-22594 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in hccoder – Sándor Fodor Better User Shortcodes allows Reflected XSS.This issue affects Better User Shortcodes: from n/a through 1.0. | -- | Jan 9, 2025 | n/a |
CVE-2025-22561 | Missing Authorization vulnerability in Jason Funk Title Experiments Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Title Experiments Free: from n/a through 9.0.4. | -- | Jan 9, 2025 | n/a |
CVE-2025-22542 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Ofek Nakar Virtual Bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through 1.0.0. | -- | Jan 9, 2025 | n/a |
CVE-2025-22540 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Sebastian Orellana Emailing Subscription allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through 1.4.1. | -- | Jan 9, 2025 | n/a |
CVE-2025-22539 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ka2 Custom DataBase Tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through 2.1.34. | -- | Jan 9, 2025 | n/a |
CVE-2025-22537 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in traveller11 Google Maps Travel Route allows SQL Injection.This issue affects Google Maps Travel Route: from n/a through 1.3.1. | -- | Jan 9, 2025 | n/a |
CVE-2025-22535 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Jonathan Kern WPListCal allows SQL Injection.This issue affects WPListCal: from n/a through 1.3.5. | -- | Jan 9, 2025 | n/a |
CVE-2025-22527 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Yamna Khawaja Mailing Group Listserv allows SQL Injection.This issue affects Mailing Group Listserv: from n/a through 2.0.9. | -- | Jan 9, 2025 | n/a |
CVE-2025-22521 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Scott Farrell wp Hosting Performance Check allows Reflected XSS.This issue affects wp Hosting Performance Check: from n/a through 2.18.8. | -- | Jan 9, 2025 | n/a |
CVE-2025-22510 | Deserialization of Untrusted Data vulnerability in Konrad Karpieszuk WC Price History for Omnibus allows Object Injection.This issue affects WC Price History for Omnibus: from n/a through 2.1.4. | -- | Jan 9, 2025 | n/a |
CVE-2025-22508 | Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in Roninwp FAT Event Lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through 1.1. | -- | Jan 9, 2025 | n/a |
CVE-2025-22505 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Nabaraj Chapagain NC Wishlist for Woocommerce allows SQL Injection.This issue affects NC Wishlist for Woocommerce: from n/a through 1.0.1. | -- | Jan 9, 2025 | n/a |
CVE-2025-22504 | Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through 0.2.18. | -- | Jan 9, 2025 | n/a |
CVE-2025-22449 | Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the allow_open_invite field via making their team public. | -- | Jan 9, 2025 | n/a |
CVE-2025-22445 | Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting. | -- | Jan 9, 2025 | n/a |
CVE-2025-22361 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Opentracker Opentracker Analytics allows Reflected XSS.This issue affects Opentracker Analytics: from n/a through 1.3. | -- | Jan 9, 2025 | n/a |
CVE-2025-22345 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tobias Spiess TS Comfort DB allows Reflected XSS.This issue affects TS Comfort DB: from n/a through 2.0.7. | -- | Jan 9, 2025 | n/a |
CVE-2025-22331 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in P3JX Cf7Save Extension allows Reflected XSS.This issue affects Cf7Save Extension: from n/a through 1. | -- | Jan 9, 2025 | n/a |
CVE-2025-22330 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Mahesh Waghmare MG Parallax Slider allows Reflected XSS.This issue affects MG Parallax Slider: from n/a through 1.0.. | -- | Jan 9, 2025 | n/a |
CVE-2025-22313 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through 3.0. | -- | Jan 9, 2025 | n/a |
CVE-2025-22307 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CodeAstrology Team Product Table for WooCommerce allows Reflected XSS.This issue affects Product Table for WooCommerce: from n/a through 3.5.6. | -- | Jan 9, 2025 | n/a |
CVE-2025-22295 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto: from n/a through 8.0.5. | -- | Jan 9, 2025 | n/a |
CVE-2025-22215 | VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with Organization Member access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network. | -- | Jan 8, 2025 | n/a |
CVE-2025-22151 | Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL\'s relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node interface. When querying for a specific type using the global node field (e.g., FruitType:some-id), the resolver may incorrectly return an instance of a different type mapped to the same model (e.g., SpecialFruitType). This can lead to information disclosure if the alternate type exposes sensitive fields and potential privilege escalation if the alternate type contains data intended for restricted access. This vulnerability is fixed in 0.257.0. | -- | Jan 9, 2025 | n/a |