The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2025-28913 | Cross-Site Request Forgery (CSRF) vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item allows Cross Site Request Forgery. This issue affects WP Add Active Class To Menu Item: from n/a through 1.0. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28912 | Cross-Site Request Forgery (CSRF) vulnerability in Muntasir Rahman Custom Dashboard Page allows Cross Site Request Forgery. This issue affects Custom Dashboard Page: from n/a through 1.0. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28910 | Cross-Site Request Forgery (CSRF) vulnerability in Ravinder Khurana WP Hide Admin Bar allows Cross Site Request Forgery. This issue affects WP Hide Admin Bar: from n/a through 2.0. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28909 | Cross-Site Request Forgery (CSRF) vulnerability in edwardw WP No-Bot Question allows Cross Site Request Forgery. This issue affects WP No-Bot Question: from n/a through 0.1.7. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28908 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in pipdig pipDisqus allows Stored XSS. This issue affects pipDisqus: from n/a through 1.6. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28907 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Rahul Arora WP Last Modified allows Stored XSS. This issue affects WP Last Modified: from n/a through 0.1. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28906 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Thiago S.F. Skitter Slideshow allows Stored XSS. This issue affects Skitter Slideshow: from n/a through 2.5.2. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28905 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Chaser324 Featured Posts Grid allows Stored XSS. This issue affects Featured Posts Grid: from n/a through 1.7. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28902 | Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button allows Cross Site Request Forgery. This issue affects Contact Form 7 Select Box Editor Button: from n/a through 0.6. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28901 | Cross-Site Request Forgery (CSRF) vulnerability in Naren Members page only for logged in users allows Stored XSS. This issue affects Members page only for logged in users: from n/a through 1.4.2. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28900 | Cross-Site Request Forgery (CSRF) vulnerability in webgarb TabGarb Pro allows Stored XSS. This issue affects TabGarb Pro: from n/a through 2.6. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28897 | Cross-Site Request Forgery (CSRF) vulnerability in Steveorevo Domain Theme allows Stored XSS. This issue affects Domain Theme: from n/a through 1.3. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28896 | URL Redirection to Untrusted Site (\'Open Redirect\') vulnerability in Akshar Soft Solutions AS English Admin allows Phishing. This issue affects AS English Admin: from n/a through 1.0.0. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28895 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in sumanbiswas013 Custom top bar allows Stored XSS. This issue affects Custom top bar: from n/a through 2.0.2. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28894 | Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress allows Stored XSS. This issue affects List of Posts from each Category plugin for WordPress: from n/a through 2.0. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28892 | Cross-Site Request Forgery (CSRF) vulnerability in a2rocklobster FTP Sync allows Stored XSS. This issue affects FTP Sync: from n/a through 1.1.6. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28891 | Cross-Site Request Forgery (CSRF) vulnerability in jazzigor price-calc allows Stored XSS. This issue affects price-calc: from n/a through 0.6.3. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28887 | Cross-Site Request Forgery (CSRF) vulnerability in Fastmover Plugins Last Updated Column allows Cross Site Request Forgery. This issue affects Plugins Last Updated Column: from n/a through 0.1.3. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28886 | Cross-Site Request Forgery (CSRF) vulnerability in xjb REST API TO MiniProgram allows Cross Site Request Forgery. This issue affects REST API TO MiniProgram: from n/a through 4.7.1. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28884 | Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator allows Cross Site Request Forgery. This issue affects WP Bulk Post Duplicator: from n/a through 1.2. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28883 | Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables allows Stored XSS. This issue affects WP Compare Tables: from n/a through 1.0.5. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28881 | Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes allows Cross Site Request Forgery. This issue affects Mobile Themes: from n/a through 1.1.1. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28879 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in aumsrini Bee Layer Slider allows Stored XSS. This issue affects Bee Layer Slider: from n/a through 1.1. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28878 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Will Brubaker Awesome Surveys allows Stored XSS. This issue affects Awesome Surveys: from n/a through 2.0.10. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28876 | Cross-Site Request Forgery (CSRF) vulnerability in Skrill_Team Skrill Official allows Cross Site Request Forgery. This issue affects Skrill Official: from n/a through 1.0.65. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28875 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in shanebp BP Email Assign Templates allows Stored XSS. This issue affects BP Email Assign Templates: from n/a through 1.6. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28874 | Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BP Email Assign Templates: from n/a through 1.6. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28872 | Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28871 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in jwpegram Block Spam By Math Reloaded allows Stored XSS. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28870 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in amocrm amoCRM WebForm allows DOM-Based XSS. This issue affects amoCRM WebForm: from n/a through 1.1. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28868 | Cross-Site Request Forgery (CSRF) vulnerability in ZipList ZipList Recipe allows Cross Site Request Forgery. This issue affects ZipList Recipe: from n/a through 3.1. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28867 | Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter allows Cross Site Request Forgery. This issue affects Frontpage category filter: from n/a through 1.0.2. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28866 | Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger allows Cross Site Request Forgery. This issue affects Login Logger: from n/a through 1.2.1. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28864 | Cross-Site Request Forgery (CSRF) vulnerability in Planet Studio Builder for Contact Form 7 by Webconstruct allows Cross Site Request Forgery. This issue affects Builder for Contact Form 7 by Webconstruct: from n/a through 1.2.2. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28863 | Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image allows Cross Site Request Forgery. This issue affects Delete Original Image: from n/a through 0.4. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28862 | Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover allows Cross Site Request Forgery. This issue affects Comment Date and Gravatar remover: from n/a through 1.0. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28861 | Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker allows Stored XSS. This issue affects WP jQuery Persian Datepicker: from n/a through 0.1.0. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28860 | Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator allows Stored XSS. This issue affects Google News Editors Picks Feed Generator: from n/a through 2.1. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28859 | Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice allows Cross Site Request Forgery. This issue affects Maintenance Notice: from n/a through 1.0.5. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28857 | Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration allows Stored XSS. This issue affects Rankchecker.io Integration: from n/a through 1.0.9. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28856 | Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats allows Cross Site Request Forgery. This issue affects W3Counter Free Real-Time Web Stats: from n/a through 4.1. | -- | Mar 11, 2025 | n/a |
| CVE-2025-28015 | A HTML Injection vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary HTML code via the fname, lname, and contact parameters. | -- | Mar 13, 2025 | n/a |
| CVE-2025-28011 | A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter. | -- | Mar 13, 2025 | n/a |
| CVE-2025-28010 | A cross-site scripting (XSS) vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims\' browsers when viewing the profile image. | -- | Mar 13, 2025 | n/a |
| CVE-2025-27926 | In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users. | -- | Mar 10, 2025 | n/a |
| CVE-2025-27925 | Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input. | -- | Mar 10, 2025 | n/a |
| CVE-2025-27924 | Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the Navigate to a URL action. | -- | Mar 10, 2025 | n/a |
| CVE-2025-27915 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim\'s session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim\'s account, including e-mail redirection and data exfiltration. | -- | Mar 12, 2025 | n/a |
| CVE-2025-27914 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim\'s session. Exploitation requires a valid auth token and involves a crafted URL with manipulated query parameters that triggers XSS when accessed by a victim. | -- | Mar 12, 2025 | n/a |
| CVE-2025-27913 | Passbolt API before 5, if the server is misconfigured (with an incorrect installation process and disregarding of Health Check results), can send email messages with a domain name taken from an attacker-controlled HTTP Host header. | -- | Mar 10, 2025 | n/a |
