CVE List - 2025 / October
Showing 3401 - 3500 of 4280 CVEs for October 2025 (Page 35 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-62896 | 2025-10-27 | WordPress Multilang Contact Form plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62897 | 2025-10-27 | WordPress WP Recipe Maker plugin <= 10.1.1 - Content Injection vulnerability |
| CVE-2025-62898 | 2025-10-27 | WordPress Links shortcode plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62899 | 2025-10-27 | WordPress Photospace Responsive plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62900 | 2025-10-27 | WordPress Popular Posts by Webline plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62902 | 2025-10-27 | WordPress WP Popup Builder plugin <= 1.3.6 - Sensitive Data Exposure vulnerability |
| CVE-2025-62903 | 2025-10-27 | WordPress WPC Smart Messages for WooCommerce plugin <= 4.2.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62904 | 2025-10-27 | WordPress WP Geo plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62905 | 2025-10-27 | WordPress Query Posts plugin <= 0.3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62906 | 2025-10-27 | WordPress Referral Link Tracker plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2025-62907 | 2025-10-27 | WordPress Custom Post Type Attachment plugin <= 3.4.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62908 | 2025-10-27 | WordPress Podlove Web Player plugin <= 5.9.1 - Broken Access Control vulnerability |
| CVE-2025-62909 | 2025-10-27 | WordPress Smart WeTransfer plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2025-62910 | 2025-10-27 | WordPress Video Gallery by Huzzaz plugin <= 10.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62911 | 2025-10-27 | WordPress Rock Convert plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62912 | 2025-10-27 | WordPress SiteGround Email Marketing plugin <= 1.7.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62913 | 2025-10-27 | WordPress Opal Service plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62915 | 2025-10-27 | WordPress SMS Contact Form 7 Notifications by ClickSend plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2025-62916 | 2025-10-27 | WordPress Flights & Hotels Booking WP Plugin plugin <= 3.1 - Broken Access Control vulnerability |
| CVE-2025-62917 | 2025-10-27 | WordPress Tooltipy plugin <= 5.5.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62918 | 2025-10-27 | WordPress IgnitionDeck plugin <= 2.0.10 - Broken Access Control vulnerability |
| CVE-2025-62919 | 2025-10-27 | WordPress TS Demo Importer plugin <= 0.1.2 - Broken Access Control vulnerability |
| CVE-2025-62920 | 2025-10-27 | WordPress USERCENTRICS CMP plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62921 | 2025-10-27 | WordPress Bulk Auto Image Title Attribute plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62922 | 2025-10-27 | WordPress Export Categories plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-62923 | 2025-10-27 | WordPress Marquee Addons for Elementor plugin <= 3.7.12 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62924 | 2025-10-27 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability |
| CVE-2025-62925 | 2025-10-27 | WordPress Conversios.io plugin <= 7.2.10 - Broken Access Control vulnerability |
| CVE-2025-62927 | 2025-10-27 | WordPress Nelio Content plugin <= 4.0.5 - Broken Access Control vulnerability |
| CVE-2025-62928 | 2025-10-27 | WordPress SEO Meta Description Updater plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2025-62929 | 2025-10-27 | WordPress Testimonial Slider plugin <= 2.0.15 - Broken Access Control vulnerability |
| CVE-2025-62930 | 2025-10-27 | WordPress MapSVG plugin <= 8.7.15 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62931 | 2025-10-27 | WordPress MSN Partner Hub plugin <= 2.8.7 - Broken Access Control vulnerability |
| CVE-2025-62932 | 2025-10-27 | WordPress Table Block by RioVizual plugin <= 2.3.2 - Broken Access Control vulnerability |
| CVE-2025-62933 | 2025-10-27 | WordPress Awesome Testimonials plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62934 | 2025-10-27 | WordPress WP Business Hours plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62935 | 2025-10-27 | WordPress Open Close WooCommerce Store plugin <= 4.9.8 - Broken Access Control vulnerability |
| CVE-2025-62936 | 2025-10-27 | WordPress xSmart theme <= 1.2.9.4 - Content Injection vulnerability |
| CVE-2025-62937 | 2025-10-27 | WordPress Post List Featured Image plugin <= 0.5.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62938 | 2025-10-27 | WordPress Reoon Email Verifier plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2025-62939 | 2025-10-27 | WordPress Open Currency Converter plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62940 | 2025-10-27 | WordPress Blox Lite plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62941 | 2025-10-27 | WordPress Events Maker by dFactory plugin <= 1.6.14 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62942 | 2025-10-27 | WordPress WP Mapbox GL JS Maps plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62943 | 2025-10-27 | WordPress Next Page, Not Next Post plugin <= 0.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62944 | 2025-10-27 | WordPress MSTW CSV EXPORTER plugin <= 1.4 - Broken Access Control vulnerability |
| CVE-2025-62945 | 2025-10-27 | WordPress Did Prestashop Display plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62946 | 2025-10-27 | WordPress Everest Backup plugin <= 2.3.8 - Broken Access Control vulnerability |
| CVE-2025-62947 | 2025-10-27 | WordPress Publitio plugin <= 2.2.3 - Sensitive Data Exposure vulnerability |
| CVE-2025-62948 | 2025-10-27 | WordPress Date counter plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62949 | 2025-10-27 | WordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62951 | 2025-10-27 | WordPress Interactive Content – H5P plugin <= 1.16.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62952 | 2025-10-27 | WordPress ChatBot plugin <= 7.3.0 - Broken Access Control vulnerability |
| CVE-2025-62953 | 2025-10-27 | WordPress Welcart e-Commerce plugin <= 2.11.24 - Broken Access Control vulnerability |
| CVE-2025-62954 | 2025-10-27 | WordPress Revive Old Posts plugin <= 9.3.3 - Broken Access Control vulnerability |
| CVE-2025-62956 | 2025-10-27 | WordPress Reloadly plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62957 | 2025-10-27 | WordPress NikanWP WooCommerce Reporting plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62958 | 2025-10-27 | WordPress Simple Content Templates for Blog Posts & Pages plugin <= 2.2.61 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62959 | 2025-10-27 | WordPress Paid Videochat Turnkey Site plugin <= 7.3.22 - Remote Code Execution (RCE) vulnerability |
| CVE-2025-62962 | 2025-10-27 | WordPress CloudSearch plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62963 | 2025-10-27 | WordPress Estatik plugin <= 4.1.13 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62964 | 2025-10-27 | WordPress MDTF plugin <= 1.3.4 - Broken Access Control vulnerability |
| CVE-2025-62965 | 2025-10-27 | WordPress Admin Management Xtended plugin <= 2.5.1 - Broken Access Control vulnerability |
| CVE-2025-62966 | 2025-10-27 | WordPress GoCache plugin <= 1.3.6 - Broken Access Control vulnerability |
| CVE-2025-62967 | 2025-10-27 | WordPress DirectoryPress plugin <= 3.6.25 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62968 | 2025-10-27 | WordPress WP Last Modified Info plugin <= 1.9.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62969 | 2025-10-27 | WordPress NextMove Lite plugin <= 2.21.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62970 | 2025-10-27 | WordPress Link Whisper Free plugin <= 0.8.8 - Broken Access Control vulnerability |
| CVE-2025-62971 | 2025-10-27 | WordPress Attesa Extra plugin <= 1.4.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62972 | 2025-10-27 | WordPress WebinarPress plugin <= 1.33.28 - Broken Access Control vulnerability |
| CVE-2025-62973 | 2025-10-27 | WordPress BuddyForms plugin <= 2.9.0 - Broken Access Control vulnerability |
| CVE-2025-62974 | 2025-10-27 | WordPress Headline Analyzer plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62975 | 2025-10-27 | WordPress Raychat plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62976 | 2025-10-27 | WordPress Sendle Shipping plugin <= 6.02 - Broken Access Control vulnerability |
| CVE-2025-62977 | 2025-10-27 | WordPress 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2025-62978 | 2025-10-27 | WordPress KiotViet Sync plugin <= 1.8.5 - Broken Access Control vulnerability |
| CVE-2025-62979 | 2025-10-27 | WordPress ACF to REST API plugin <= 3.3.4 - Sensitive Data Exposure vulnerability |
| CVE-2025-62980 | 2025-10-27 | WordPress Persian Admnin Fonts plugin <= 4.1.03 - Broken Access Control vulnerability |
| CVE-2025-62981 | 2025-10-27 | WordPress WP Gravity Forms Zoho CRM and Bigin plugin <= 1.2.8 - Open Redirection vulnerability |
| CVE-2025-62982 | 2025-10-27 | WordPress Dynamic User Directory plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62983 | 2025-10-27 | WordPress Posts By Tag plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62984 | 2025-10-27 | WordPress WP AdCenter plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62985 | 2025-10-27 | WordPress Simple Pull Quote plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62986 | 2025-10-27 | WordPress FanBridge signup plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62987 | 2025-10-27 | WordPress Builderall Builder for WordPress plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62988 | 2025-10-27 | WordPress Slider Templates plugin <= 1.0.3 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-12203 | 2025-10-27 | givanz Vvveb Code Editor functions.php sanitizeFileName path traversal |
| CVE-2025-12204 | 2025-10-27 | Kamailio Configuration File rvalue.c rve_destroy heap-based overflow |
| CVE-2025-58918 | 2025-10-27 | WordPress Entrada theme <= 5.7.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-48088 | 2025-10-27 | WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-12205 | 2025-10-27 | Kamailio Configuration File cfg.lex sr_push_yy_state use after free |
| CVE-2025-12206 | 2025-10-27 | Kamailio rvalue.c rve_is_constant null pointer dereference |
| CVE-2025-12207 | 2025-10-27 | Kamailio Grammar Rule cfg.y yyerror_at null pointer dereference |
| CVE-2025-12208 | 2025-10-27 | SourceCodester Best House Rental Management System admin_class.php login2 sql injection |
| CVE-2025-12209 | 2025-10-27 | Tenda O3 setDhcpConfig GetValue stack-based overflow |
| CVE-2025-12210 | 2025-10-27 | Tenda O3 AdvSetLanip GetValue stack-based overflow |
| CVE-2025-12211 | 2025-10-27 | Tenda O3 setDmzInfo GetValue stack-based overflow |
| CVE-2025-12212 | 2025-10-27 | Tenda O3 setNetworkService GetValue stack-based overflow |
| CVE-2025-12213 | 2025-10-27 | Tenda O3 setVlanConfig GetValue stack-based overflow |
| CVE-2025-12214 | 2025-10-27 | Tenda O3 sysAutoReboot GetValue stack-based overflow |