CVE List - 2025 / January
Showing 1101 - 1200 of 4277 CVEs for January 2025 (Page 12 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-22804 | 2025-01-09 | WordPress Author Avatars List/Block plugin <= 2.1.23 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22803 | 2025-01-09 | WordPress Advanced Product Information for WooCommerce plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22802 | 2025-01-09 | WordPress Email Templates Customizer YeeMail plugin <= 2.1.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22801 | 2025-01-09 | WordPress Free WooCommerce Theme 99fy Extension plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22595 | 2025-01-09 | WordPress Mailing Group Listserv Plugin <= 2.0.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22594 | 2025-01-09 | WordPress Better User Shortcodes Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22561 | 2025-01-09 | WordPress Title Experiments Free plugin <= 9.0.4 - Broken Access Control vulnerability |
| CVE-2025-22542 | 2025-01-09 | WordPress Virtual Bot Plugin <= 1.0.0 - SQL Injection vulnerability |
| CVE-2025-22540 | 2025-01-09 | WordPress Emailing Subscription Plugin <= 1.4.1 - SQL Injection vulnerability |
| CVE-2025-22539 | 2025-01-09 | WordPress Custom DataBase Tables Plugin <= 2.1.34 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22537 | 2025-01-09 | WordPress Google Maps Travel Route Plugin <= 1.3.1 - SQL Injection vulnerability |
| CVE-2025-22535 | 2025-01-09 | WordPress WPListCal Plugin <= 1.3.5 - SQL Injection vulnerability |
| CVE-2025-22527 | 2025-01-09 | WordPress Mailing Group Listserv Plugin <= 2.0.9 - SQL Injection vulnerability |
| CVE-2025-22521 | 2025-01-09 | WordPress wp Hosting Performance Check Plugin <= 2.18.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22510 | 2025-01-09 | WordPress WC Price History for Omnibus plugin <= 2.1.4 - PHP Object Injection vulnerability |
| CVE-2025-22508 | 2025-01-09 | WordPress FAT Event Lite plugin <= 1.1 - Unauthenticated Non-Arbitrary Local File Inclusion vulnerability |
| CVE-2025-22505 | 2025-01-09 | WordPress NC Wishlist for Woocommerce Plugin <= 1.0.1 - SQL Injection vulnerability |
| CVE-2025-22504 | 2025-01-09 | WordPress 4ECPS Web Forms Plugin <= 0.2.18 - Arbitrary File Upload vulnerability |
| CVE-2025-22361 | 2025-01-09 | WordPress Opentracker Analytics Plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22345 | 2025-01-09 | WordPress TS Comfort DB plugin <= 2.0.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22331 | 2025-01-09 | WordPress Cf7Save Extension plugin <= 1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22330 | 2025-01-09 | WordPress MG Parallax Slider plugin <= 1.0. - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22313 | 2025-01-09 | WordPress Widgetize Pages Light plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22307 | 2025-01-09 | WordPress Product Table for WooCommerce plugin <= 3.5.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22295 | 2025-01-09 | WordPress Tripetto plugin <= 8.0.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-21592 | 2025-01-09 | Junos OS: SRX Series: Low privileged user able to access highly sensitive information on file system |
| CVE-2025-21593 | 2025-01-09 | Junos OS and Junos OS Evolved: On SRv6 enabled devices, an attacker sending a malformed BGP update can cause the rpd to crash |
| CVE-2025-21596 | 2025-01-09 | Junos OS: SRX1500,SRX4100,SRX4200: Execution of low-privileged CLI command results in chassisd crash |
| CVE-2025-21599 | 2025-01-09 | Junos OS Evolved: Receipt of specifically malformed IPv6 packets causes kernel memory exhaustion leading to Denial of Service |
| CVE-2025-21602 | 2025-01-09 | Junos OS and Junos OS Evolved: Receipt of specially crafted BGP update packet causes RPD crash |
| CVE-2025-21600 | 2025-01-09 | Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash |
| CVE-2025-21628 | 2025-01-09 | Chatwoot has a Blind SQL-injection in Conversation and Contacts filters |
| CVE-2025-22149 | 2025-01-09 | JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh |
| CVE-2024-13237 | 2025-01-09 | File Entity (fieldable files) - Moderately critical - Cross Site Scripting, Access bypass - SA-CONTRIB-2024-001 |
| CVE-2025-21598 | 2025-01-09 | Junos OS and Junos OS Evolved: When BGP traceoptions are configured, receipt of malformed BGP packets causes RPD to crash |
| CVE-2024-13238 | 2025-01-09 | Typogrify - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-002 |
| CVE-2024-13239 | 2025-01-09 | Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2024-003 |
| CVE-2024-13240 | 2025-01-09 | Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-004 |
| CVE-2024-13241 | 2025-01-09 | Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005 |
| CVE-2024-13242 | 2025-01-09 | Swift Mailer - Moderately critical - Access bypass - SA-CONTRIB-2024-006 |
| CVE-2024-13243 | 2025-01-09 | Entity Delete Log - Moderately critical - Access bypass - SA-CONTRIB-2024-007 |
| CVE-2024-13244 | 2025-01-09 | Migrate Tools - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-008 |
| CVE-2024-13245 | 2025-01-09 | CKEditor 4 LTS - WYSIWYG HTML editor - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-009 |
| CVE-2025-22151 | 2025-01-09 | Strawberry GraphQL has a type resolution vulnerability |
| CVE-2024-13246 | 2025-01-09 | Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-010 |
| CVE-2024-13247 | 2025-01-09 | Coffee - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-011 |
| CVE-2024-13248 | 2025-01-09 | Private content - Moderately critical - Access bypass - SA-CONTRIB-2024-012 |
| CVE-2024-13249 | 2025-01-09 | Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-013 |
| CVE-2024-13250 | 2025-01-09 | Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014 |
| CVE-2024-13251 | 2025-01-09 | Registration role - Critical - Access bypass - SA-CONTRIB-2024-015 |
| CVE-2024-13252 | 2025-01-09 | TacJS - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-016 |
| CVE-2024-13253 | 2025-01-09 | Advanced PWA - Critical - Access bypass - SA-CONTRIB-2024-017 |
| CVE-2024-13254 | 2025-01-09 | REST Views - Moderately critical - Information Disclosure - SA-CONTRIB-2024-018 |
| CVE-2024-13255 | 2025-01-09 | RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019 |
| CVE-2024-13256 | 2025-01-09 | Email Contact - Moderately critical - Access bypass - SA-CONTRIB-2024-020 |
| CVE-2024-13257 | 2025-01-09 | Commerce View Receipt - Moderately critical - Access bypass - SA-CONTRIB-2024-021 |
| CVE-2024-13258 | 2025-01-09 | Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022 |
| CVE-2024-13259 | 2025-01-09 | Image Sizes - Moderately critical - Access bypass - SA-CONTRIB-2024-023 |
| CVE-2024-13260 | 2025-01-09 | Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024 |
| CVE-2024-13261 | 2025-01-09 | Acquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025 |
| CVE-2024-13262 | 2025-01-09 | View Password - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-026 |
| CVE-2024-13263 | 2025-01-09 | Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027 |
| CVE-2024-13264 | 2025-01-09 | Opigno module - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-028 |
| CVE-2024-13265 | 2025-01-09 | Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029 |
| CVE-2024-13266 | 2025-01-09 | Responsive and off-canvas menu - Moderately critical - Access bypass - SA-CONTRIB-2024-030 |
| CVE-2024-13267 | 2025-01-09 | Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031 |
| CVE-2024-13268 | 2025-01-09 | Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032 |
| CVE-2024-13269 | 2025-01-09 | Advanced Varnish - Moderately critical - Access bypass - SA-CONTRIB-2024-033 |
| CVE-2024-13270 | 2025-01-09 | Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034 |
| CVE-2024-13271 | 2025-01-09 | Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035 |
| CVE-2024-13272 | 2025-01-09 | Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036 |
| CVE-2024-10215 | 2025-01-09 | WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change |
| CVE-2024-13273 | 2025-01-09 | Open Social - Moderately critical - Cross Site Scripting, Denial of Service - SA-CONTRIB-2024-037 |
| CVE-2024-13274 | 2025-01-09 | Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038 |
| CVE-2024-13275 | 2025-01-09 | Security Kit - Less critical - Denial of Service - SA-CONTRIB-2024-039 |
| CVE-2024-13276 | 2025-01-09 | File Entity (fieldable files) - Moderately critical - Information Disclosure - SA-CONTRIB-2024-040 |
| CVE-2024-13277 | 2025-01-09 | Smart IP Ban - Critical - Access bypass - SA-CONTRIB-2024-041 |
| CVE-2024-13278 | 2025-01-09 | Diff - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-042 |
| CVE-2024-13279 | 2025-01-09 | Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2024-043 |
| CVE-2024-13280 | 2025-01-09 | Persistent Login - Moderately critical - Access bypass - SA-CONTRIB-2024-044 |
| CVE-2024-13281 | 2025-01-09 | Monster Menus - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-045 |
| CVE-2024-13282 | 2025-01-09 | Block permissions - Moderately critical - Access bypass - SA-CONTRIB-2024-046 |
| CVE-2024-13283 | 2025-01-09 | Facets - Critical - Cross Site Scripting - SA-CONTRIB-2024-047 |
| CVE-2024-13284 | 2025-01-09 | Gutenberg - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-048 |
| CVE-2024-13285 | 2025-01-09 | wkhtmltopdf - Highly critical - Unsupported - SA-CONTRIB-2024-049 |
| CVE-2024-13286 | 2025-01-09 | SVG Embed - Moderately critical - Cross site scripting - SA-CONTRIB-2024-050 |
| CVE-2024-13287 | 2025-01-09 | Views SVG Animation - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-051 |
| CVE-2024-13288 | 2025-01-09 | Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052 |
| CVE-2024-13289 | 2025-01-09 | Cookiebot + GTM - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-055 |
| CVE-2024-13290 | 2025-01-09 | OhDear Integration - Moderately critical - Access bypass - SA-CONTRIB-2024-056 |
| CVE-2024-13291 | 2025-01-09 | Basic HTTP Authentication - Critical - Access bypass - SA-CONTRIB-2024-057 |
| CVE-2024-13292 | 2025-01-09 | Tooltip - Moderately critical - Cross site scripting - SA-CONTRIB-2024-058 |
| CVE-2024-13293 | 2025-01-09 | POST File - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-059 |
| CVE-2024-13294 | 2025-01-09 | POST File - Critical - Cross Site Scripting, Arbitrary PHP code execution - SA-CONTRIB-2024-060 |
| CVE-2024-13295 | 2025-01-09 | Node export - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-061 |
| CVE-2024-13296 | 2025-01-09 | Mailjet - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-062 |
| CVE-2024-13297 | 2025-01-09 | Eloqua - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-063 |
| CVE-2024-13298 | 2025-01-09 | Tarte au Citron - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-064 |
| CVE-2024-13299 | 2025-01-09 | Megamenu Framework - Critical - Unsupported - SA-CONTRIB-2024-065 |
| CVE-2024-13300 | 2025-01-09 | Print Anything - Critical - Unsupported - SA-CONTRIB-2024-066 |