CVE List - 2025 / January
Showing 1 - 100 of 4277 CVEs for January 2025 (Page 1 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-11846 | 2025-01-01 | Travel Tour < 5.2.4 - Reflected XSS |
| CVE-2025-0168 | 2025-01-01 | code-projects Job Recruitment _feedback_system.php sql injection |
| CVE-2002-20002 | 2025-01-02 | The Net::EasyTCP package before 0.15 for Perl always uses Perl's... |
| CVE-2024-48197 | 2025-01-02 | Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a... |
| CVE-2024-56829 | 2025-01-02 | Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file... |
| CVE-2025-22214 | 2025-01-02 | Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection. |
| CVE-2024-56830 | 2025-01-02 | The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's... |
| CVE-2024-11184 | 2025-01-02 | WP Enabled SVG <= 0.7 - Author+ Stored XSS via SVG |
| CVE-2024-11357 | 2025-01-02 | Goodlayers Core < 2.0.10 - Contributor+ Stored XSS |
| CVE-2024-12595 | 2025-01-02 | AHAthat Plugin <= 1.6 - Reflected XSS via REQUEST_URI |
| CVE-2024-13092 | 2025-01-02 | code-projects Job Recruitment Job Post search_ajax.php sql injection |
| CVE-2024-13093 | 2025-01-02 | code-projects Job Recruitment Seeker Profile _call_main_search_ajax.php sql injection |
| CVE-2024-12912 | 2025-01-02 | An improper input insertion vulnerability in AiCloud on certain router... |
| CVE-2024-13062 | 2025-01-02 | An unintended entry point vulnerability has been identified in certain... |
| CVE-2024-56069 | 2025-01-02 | WordPress WP SuperBackup plugin <= 2.3.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56060 | 2025-01-02 | WordPress HTML Forms plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56038 | 2025-01-02 | WordPress SendSMS Plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56037 | 2025-01-02 | WordPress User Referral plugin <= 8.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56036 | 2025-01-02 | WordPress odPhotogallery plugin <= 0.5.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56035 | 2025-01-02 | WordPress Upload Scanner plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56034 | 2025-01-02 | WordPress Services updates for customers plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56019 | 2025-01-02 | WordPress Inline Footnotes Plugin <= 2.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56033 | 2025-01-02 | WordPress FAQs plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56032 | 2025-01-02 | WordPress FV Descriptions plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56030 | 2025-01-02 | WordPress 10CentMail plugin <= 2.1.50 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56029 | 2025-01-02 | WordPress Easy Language Switcher plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56028 | 2025-01-02 | WordPress Lemonade Social Networks Autoposter Pinterest plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56027 | 2025-01-02 | WordPress Leads CRM plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-13102 | 2025-01-02 | D-Link DIR-816 A2 DDNS Service access control |
| CVE-2024-13103 | 2025-01-02 | D-Link DIR-816 A2 Virtual Service form2AddVrtsrv.cgi access control |
| CVE-2024-13104 | 2025-01-02 | D-Link DIR-816 A2 WiFi Settings form2AdvanceSetup.cgi access control |
| CVE-2024-13105 | 2025-01-02 | D-Link DIR-816 A2 DHCPD Setting form2Dhcpd.cgi access control |
| CVE-2024-13106 | 2025-01-02 | D-Link DIR-816 A2 IP QoS form2IPQoSTcAdd access control |
| CVE-2023-44258 | 2025-01-02 | WordPress Schema App Structured Data plugin <= 1.23.1 - Broken Access Control + CSRF vulnerability |
| CVE-2023-44988 | 2025-01-02 | WordPress WP Custom Admin Interface plugin <= 7.32 - Broken Access Control vulnerability |
| CVE-2023-45002 | 2025-01-02 | WordPress WP User Frontend plugin <= 3.6.8 - Broken Access Control vulnerability |
| CVE-2023-45045 | 2025-01-02 | WordPress WP Custom Widget area plugin <= 1.2.5 - Broken Access Control vulnerability |
| CVE-2023-45061 | 2025-01-02 | WordPress WP Job Openings plugin <= 3.4.1 - Broken Access Control vulnerability |
| CVE-2023-45101 | 2025-01-02 | WordPress Customer Reviews for WooCommerce plugin <= 5.36.0 - Broken Access Control vulnerability |
| CVE-2023-45104 | 2025-01-02 | WordPress BetterLinks plugin <= 1.6.0 - Broken Access Control vulnerability |
| CVE-2023-45110 | 2025-01-02 | WordPress Bold Timeline Lite plugin <= 1.1.9 - Broken Access Control vulnerability |
| CVE-2023-45271 | 2025-01-02 | WordPress ProductX – Gutenberg WooCommerce Blocks plugin <= 2.7.8 - Broken Access Control vulnerability |
| CVE-2023-45275 | 2025-01-02 | WordPress Contact Form builder with drag & drop plugin <= 2.3.28 - Broken Access Control vulnerability |
| CVE-2023-45631 | 2025-01-02 | WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2023-45636 | 2025-01-02 | WordPress Backup & Migration plugin <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2023-45649 | 2025-01-02 | WordPress Appointment Hour Booking plugin <= 1.4.23 - Broken Access Control vulnerability |
| CVE-2023-45760 | 2025-01-02 | WordPress wpDiscuz plugin <= 7.6.3 - Broken Access Control vulnerability |
| CVE-2023-45765 | 2025-01-02 | WordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerability |
| CVE-2023-45766 | 2025-01-02 | WordPress Poll Maker plugin <= 4.7.1 - Broken Access Control vulnerability |
| CVE-2023-45828 | 2025-01-02 | WordPress RumbleTalk Live Group Chat plugin <= 6.2.5 - Broken Access Control vulnerability |
| CVE-2023-46073 | 2025-01-02 | WordPress DX Delete Attached Media plugin <= 2.0.5.1 - Broken Access Control vulnerability + CSRF |
| CVE-2023-46079 | 2025-01-02 | WordPress Ashe Extra plugin <= 1.2.9 - Broken Access Control + CSRF vulnerability |
| CVE-2023-46080 | 2025-01-02 | WordPress ApplyOnline – Application Form Builder and Manager plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2023-46082 | 2025-01-02 | WordPress Broken Link Checker | Finder plugin <= 2.4.2 - Broken Access Control vulnerability |
| CVE-2023-46083 | 2025-01-02 | WordPress Kali Forms plugin <= 2.3.27 - Broken Access Control vulnerability |
| CVE-2023-46188 | 2025-01-02 | WordPress Freesoul Deactivate Plugins plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2023-46195 | 2025-01-02 | WordPress Headline Analyzer plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2023-46196 | 2025-01-02 | WordPress Social proof testimonials and reviews by Repuso plugin <= 4.97 - Broken Access Control vulnerability |
| CVE-2023-46203 | 2025-01-02 | WordPress Just Custom Fields plugin <= 3.3.2 - Broken Access Control vulnerability |
| CVE-2023-46206 | 2025-01-02 | WordPress MW WP Form plugin <= 4.4.5 - Broken Access Control vulnerability |
| CVE-2024-13107 | 2025-01-02 | D-Link DIR-816 A2 ACL form2LocalAclEditcfg.cgi access control |
| CVE-2023-46309 | 2025-01-02 | WordPress wpDiscuz plugin <= 7.6.10 - Broken Access Control vulnerability |
| CVE-2023-46605 | 2025-01-02 | WordPress Convertful – Your Ultimate On-Site Conversion Tool plugin <= 2.5 - Broken Access Control vulnerability |
| CVE-2023-46606 | 2025-01-02 | WordPress AtomChat plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2023-46607 | 2025-01-02 | WordPress WP iCal Availability plugin <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2023-46608 | 2025-01-02 | WordPress DoLogin Security plugin <= 3.7.1 - Multiple Broken Access Control vulnerability |
| CVE-2023-46609 | 2025-01-02 | WordPress FeedFocal plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2023-46610 | 2025-01-02 | WordPress Quill Forms plugin <= 3.3.0 - Broken Access Control + CSRF vulnerability |
| CVE-2023-46611 | 2025-01-02 | WordPress YOP Poll plugin <= 6.5.28 - Vote Manipulation Due to Broken Captcha Control Vulnerability |
| CVE-2023-46612 | 2025-01-02 | WordPress Mediabay plugin <= 1.6 - Broken Access Control vulnerability |
| CVE-2023-46616 | 2025-01-02 | WordPress Draw Attention plugin <= 2.0.15 - Broken Access Control vulnerability |
| CVE-2023-46628 | 2025-01-02 | WordPress WP Word Count plugin <= 3.2.4 - Broken Access Control vulnerability |
| CVE-2023-46631 | 2025-01-02 | WordPress Product Recommendation Quiz for eCommerce plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2023-46632 | 2025-01-02 | WordPress My Shortcodes plugin <= 2.3 - Broken Access Control vulnerability |
| CVE-2023-46633 | 2025-01-02 | WordPress WP Glossary plugin <= 3.1.2 - Broken Access Control vulnerability |
| CVE-2023-46635 | 2025-01-02 | WordPress YITH WooCommerce Product Add-Ons plugin <= 4.2.0 - Broken Access Control vulnerability |
| CVE-2023-46637 | 2025-01-02 | WordPress Generate Dummy Posts plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2023-46639 | 2025-01-02 | WordPress kk Star Ratings plugin <= 5.4.5 - Broken Access Control vulnerability |
| CVE-2023-46644 | 2025-01-02 | WordPress WordPress CTA plugin <= 1.5.8 - Broken Access Control vulnerability |
| CVE-2023-47179 | 2025-01-02 | WordPress WooODT Lite plugin <= 2.4.6 - Arbitrary Site Option Update vulnerability |
| CVE-2023-47180 | 2025-01-02 | WordPress Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin <= 2.16.0 - Arbitrary Content Deletion vulnerability |
| CVE-2023-47183 | 2025-01-02 | WordPress GiveWP plugin <= 2.33.1 - Broken Access Control vulnerability |
| CVE-2023-47187 | 2025-01-02 | WordPress Animated Rotating Words plugin <= 5.4 - Broken Access Control vulnerability |
| CVE-2023-47188 | 2025-01-02 | WordPress Simple Job Board plugin <= 2.10.5 - Broken Access Control vulnerability |
| CVE-2023-47224 | 2025-01-02 | WordPress WP Travel plugin <= 7.8.0 - Broken Access Control vulnerability |
| CVE-2023-47225 | 2025-01-02 | WordPress Short URL plugin <= 1.6.8 - Broken Access Control vulnerability |
| CVE-2023-47241 | 2025-01-02 | WordPress CoCart – Headless ecommerce plugin <= 3.11.2 - Broken Access Control vulnerability |
| CVE-2023-47515 | 2025-01-02 | WordPress Seers | GDPR & CCPA Cookie Consent & Compliance plugin <= 8.1.1 - Broken Access Control vulnerability |
| CVE-2023-47523 | 2025-01-02 | WordPress Auto Tag Creator plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2023-47557 | 2025-01-02 | WordPress Visitor Traffic Real Time Statistics plugin <= 7.2 - Broken Access Control vulnerability |
| CVE-2023-47647 | 2025-01-02 | WordPress BadgeOS plugin <= 3.7.1.6 - Broken Access Control vulnerability |
| CVE-2023-47648 | 2025-01-02 | WordPress EazyDocs plugin <= 2.3.5 - Broken Access Control vulnerability |
| CVE-2023-47661 | 2025-01-02 | WordPress Dragfy Addons for Elementor plugin <= 1.0.2 - Broken Access Control + CSRF vulnerability |
| CVE-2023-47689 | 2025-01-02 | WordPress Animator plugin <= 3.0.10 - Unauthenticated Plugin Settings Change Vulnerability |
| CVE-2023-47692 | 2025-01-02 | WordPress Flo Forms plugin <= 1.0.41 - Broken Access Control vulnerability |
| CVE-2023-47693 | 2025-01-02 | WordPress Ultimate Addons for Contact Form 7 plugin <= 3.2.6 - Broken Access Control vulnerability |
| CVE-2024-37093 | 2025-01-02 | WordPress MasterStudy LMS WordPress Plugin plugin <= 3.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37102 | 2025-01-02 | WordPress Vilva theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37103 | 2025-01-02 | WordPress Education Zone theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37104 | 2025-01-02 | WordPress Chic Lite theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability |