CVE List - 2025 / November
Showing 501 - 600 of 1779 CVEs for November 2025 (Page 6 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-48078 | 2025-11-06 | WordPress Slick Google Map plugin <= 0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48083 | 2025-11-06 | WordPress wpNamedUsers plugin <= 0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48085 | 2025-11-06 | WordPress Simple Stripe plugin <= 0.9.17 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48086 | 2025-11-06 | WordPress Ajax Search Lite plugin <= 4.13.3 - PHP Object Injection vulnerability |
| CVE-2025-48089 | 2025-11-06 | WordPress Education WordPress Theme | HiStudy theme < 3.1.0 - SQL Injection vulnerability |
| CVE-2025-48090 | 2025-11-06 | WordPress Blanka - One Page WordPress Theme Theme < 1.5 - Local File Inclusion Vulnerability |
| CVE-2025-48290 | 2025-11-06 | WordPress Kinsley theme <= 3.4.4 - Local File Inclusion vulnerability |
| CVE-2025-48330 | 2025-11-06 | WordPress Real Time Validation for Gravity Forms <= 1.7.0 - Local File Inclusion Vulnerability |
| CVE-2025-49372 | 2025-11-06 | WordPress HAPPY plugin <= 1.0.7 - Remote Code Execution (RCE) vulnerability |
| CVE-2025-49386 | 2025-11-06 | WordPress Preserve Code Formatting Plugin <= 4.0.1 - PHP Object Injection Vulnerability |
| CVE-2025-49390 | 2025-11-06 | WordPress Cookie Notice & Consent plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49393 | 2025-11-06 | WordPress Sign-up Sheets Plugin <= 2.3.2 - PHP Object Injection Vulnerability |
| CVE-2025-49394 | 2025-11-06 | WordPress Image Gallery block – Create and display photo gallery/photo album. plugin <= 1.0.7 - Broken Authentication vulnerability |
| CVE-2025-49398 | 2025-11-06 | WordPress Easy Appointments plugin <= 3.12.14 - Content Injection vulnerability |
| CVE-2025-49900 | 2025-11-06 | WordPress Advanced scrollbar plugin <= 1.1.8 - Privilege Escalation vulnerability |
| CVE-2025-49904 | 2025-11-06 | WordPress Booking and Rental Manager plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49905 | 2025-11-06 | WordPress Range Slider Addon for Gravity Forms plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49909 | 2025-11-06 | WordPress Penci Bookmark & Follow plugin < 2.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-52764 | 2025-11-06 | WordPress flexoslider plugin <= 1.0004 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-52773 | 2025-11-06 | WordPress HieCOR Payment Gateway plugin plugin <= 1.5.11 - SQL Injection vulnerability |
| CVE-2025-53214 | 2025-11-06 | WordPress Sertifier Certificate & Badge Maker plugin <= 1.21 - Broken Access Control Vulnerability |
| CVE-2025-53239 | 2025-11-06 | WordPress User Registration Aide Plugin <= 1.5.3.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53242 | 2025-11-06 | WordPress Seil Theme <= 1.7.1 - Deserialization of untrusted data Vulnerability |
| CVE-2025-53245 | 2025-11-06 | WordPress WP Logo Changer Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53246 | 2025-11-06 | WordPress Backup and Move Plugin <= 0.1 - Broken Access Control Vulnerability |
| CVE-2025-53252 | 2025-11-06 | WordPress Zegen Theme <= 1.1.9 - Local File Inclusion Vulnerability |
| CVE-2025-53283 | 2025-11-06 | WordPress Drop Uploader for CF7 - Drag&Drop File Uploader Addon Plugin <= 2.4.1 - Arbitrary File Upload Vulnerability |
| CVE-2025-53286 | 2025-11-06 | WordPress Dropify Plugin <= 4.6.9 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53316 | 2025-11-06 | WordPress WP GDPR Cookie Consent plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53324 | 2025-11-06 | WordPress Gutenify Plugin <= 1.5.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53349 | 2025-11-06 | WordPress Kalium Theme <= 3.18.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53573 | 2025-11-06 | WordPress Epic Review Plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53574 | 2025-11-06 | WordPress Doliconnect Plugin <= 9.3.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53585 | 2025-11-06 | WordPress WeMusic theme <= 1.9.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-53586 | 2025-11-06 | WordPress WeMusic Theme <= 1.9.1 - PHP Object Injection Vulnerability |
| CVE-2025-54711 | 2025-11-06 | WordPress Info Cards Plugin <= 1.0.11 - Broken Access Control Vulnerability |
| CVE-2025-54718 | 2025-11-06 | WordPress Yogi - Health Beauty & Yoga theme <= 2.9.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-54719 | 2025-11-06 | WordPress Yogi - Health Beauty & Yoga Theme <= 2.9.2 - Deserialization of untrusted data Vulnerability |
| CVE-2025-54721 | 2025-11-06 | WordPress Resca theme <= 3.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-54722 | 2025-11-06 | WordPress WooTour plugin <= 3.6.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-54737 | 2025-11-06 | WordPress Jobmonster theme <= 4.7.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-5803 | 2025-11-06 | WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.2 - Broken Access Control vulnerability |
| CVE-2025-58207 | 2025-11-06 | WordPress Ai Image Alt Text Generator for WP Plugin <= 1.1.5 - Broken Access Control Vulnerability |
| CVE-2025-58243 | 2025-11-06 | WordPress imEvent Theme <= 3.4.0 - Broken Access Control Vulnerability |
| CVE-2025-58592 | 2025-11-06 | WordPress TranslatePress Plugin <= 2.10.2 - Deserialization of untrusted data Vulnerability |
| CVE-2025-58595 | 2025-11-06 | WordPress All In One Login plugin <= 2.0.8 - Bypass Vulnerability vulnerability |
| CVE-2025-58619 | 2025-11-06 | WordPress Falang multilanguage Plugin <= 1.3.65 - PHP Object Injection Vulnerability |
| CVE-2025-58627 | 2025-11-06 | WordPress Miraculous Core Plugin plugin < 2.0.9 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2025-58629 | 2025-11-06 | WordPress Miraculous theme < 2.0.9 - Arbitrary Content Deletion vulnerability |
| CVE-2025-58636 | 2025-11-06 | WordPress WP Gravity Forms Keap/Infusionsoft Plugin <= 1.2.3 - Deserialization of untrusted data Vulnerability |
| CVE-2025-58638 | 2025-11-06 | WordPress Institutions Directory Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-58964 | 2025-11-06 | WordPress Enzy theme < 1.6.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-58972 | 2025-11-06 | WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.10.4 - Path Traversal vulnerability |
| CVE-2025-58986 | 2025-11-06 | WordPress Jock On Air Now (JOAN) plugin <= 6.0.4 - Broken Access Control vulnerability |
| CVE-2025-58994 | 2025-11-06 | WordPress Greenify theme <= 2.2 - Local File Inclusion vulnerability |
| CVE-2025-58995 | 2025-11-06 | WordPress Leblix Theme <= 2.4 - Local File Inclusion Vulnerability |
| CVE-2025-58996 | 2025-11-06 | WordPress Advanced Settings Plugin <= 3.1.1 - Arbitrary File Upload Vulnerability |
| CVE-2025-58998 | 2025-11-06 | WordPress s2Member Plugin <= 250701 - PHP Object Injection Vulnerability |
| CVE-2025-59556 | 2025-11-06 | WordPress GoStore theme < 1.6.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-60073 | 2025-11-06 | WordPress Responsive Sidebar plugin <= 1.2.2 - Local File Inclusion vulnerability |
| CVE-2025-60074 | 2025-11-06 | WordPress Lazy Load Optimizer plugin <= 1.4.7 - Local File Inclusion vulnerability |
| CVE-2025-60187 | 2025-11-06 | WordPress Atarim plugin <= 4.2 - Arbitrary File Upload vulnerability |
| CVE-2025-60188 | 2025-11-06 | WordPress Atarim plugin <= 4.2 - Sensitive Data Exposure vulnerability |
| CVE-2025-60189 | 2025-11-06 | WordPress PoloPag – Pix Automático para Woocommerce plugin <= 2.0.9 - Local File Inclusion vulnerability |
| CVE-2025-60190 | 2025-11-06 | WordPress Immocaster WordPress Plugin plugin <= 1.3.6 - Local File Inclusion vulnerability |
| CVE-2025-60191 | 2025-11-06 | WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.10 - Local File Inclusion vulnerability |
| CVE-2025-60192 | 2025-11-06 | WordPress Premmerce Wholesale Pricing for WooCommerce plugin <= 1.1.10 - Local File Inclusion vulnerability |
| CVE-2025-60193 | 2025-11-06 | WordPress Premmerce User Roles plugin <= 1.0.13 - Local File Inclusion vulnerability |
| CVE-2025-60194 | 2025-11-06 | WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.4 - Local File Inclusion vulnerability |
| CVE-2025-60195 | 2025-11-06 | WordPress Atarim plugin <= 4.2 - Privilege Escalation vulnerability |
| CVE-2025-60196 | 2025-11-06 | WordPress Clearblue® Ovulation Calculator plugin <= 1.2.4 - Local File Inclusion vulnerability |
| CVE-2025-60197 | 2025-11-06 | WordPress Simple Contact Forms plugin <= 1.6.4 - Local File Inclusion vulnerability |
| CVE-2025-60198 | 2025-11-06 | WordPress Saxon - Viral Content Blog & Magazine Marketing WordPress Theme theme <= 1.9.3 - Local File Inclusion vulnerability |
| CVE-2025-60199 | 2025-11-06 | WordPress InHype - Blog & Magazine WordPress Theme theme <= 1.5.2 - Local File Inclusion vulnerability |
| CVE-2025-60200 | 2025-11-06 | WordPress LearnPress Export Import plugin <= 4.0.9 - Local File Inclusion vulnerability |
| CVE-2025-60201 | 2025-11-06 | WordPress WP Customer Area plugin <= 8.2.7 - Local File Inclusion vulnerability |
| CVE-2025-60202 | 2025-11-06 | WordPress Favorites plugin <= 2.3.6 - Local File Inclusion vulnerability |
| CVE-2025-60203 | 2025-11-06 | WordPress Store Exporter plugin <= 2.7.6 - Local File Inclusion vulnerability |
| CVE-2025-60204 | 2025-11-06 | WordPress WooCommerce Store Toolkit plugin <= 2.4.3 - Local File Inclusion vulnerability |
| CVE-2025-60207 | 2025-11-06 | WordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vulnerability |
| CVE-2025-60235 | 2025-11-06 | WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.0 - Arbitrary File Upload vulnerability |
| CVE-2025-60239 | 2025-11-06 | WordPress CoSchool LMS plugin <= 1.4.3 - SQL Injection vulnerability |
| CVE-2025-60240 | 2025-11-06 | WordPress AnyComment plugin <= 0.3.6 - Local File Inclusion vulnerability |
| CVE-2025-60241 | 2025-11-06 | WordPress Premmerce plugin <= 1.3.19 - Local File Inclusion vulnerability |
| CVE-2025-60242 | 2025-11-06 | WordPress Download Counter plugin <= 1.4 - Arbitrary File Download vulnerability |
| CVE-2025-60243 | 2025-11-06 | WordPress Selling Commander for WooCommerce plugin <= 1.2.46 - Privilege Escalation vulnerability |
| CVE-2025-60244 | 2025-11-06 | WordPress TableOn plugin <= 1.0.4.2 - Content Injection vulnerability |
| CVE-2025-60245 | 2025-11-06 | WordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability |
| CVE-2025-60247 | 2025-11-06 | WordPress Bux Woocommerce plugin <= 1.2.3 - Broken Access Control vulnerability |
| CVE-2025-60248 | 2025-11-06 | WordPress WPC Product Options for WooCommerce plugin <= 1.8.6 - Local File Inclusion vulnerability |
| CVE-2025-62010 | 2025-11-06 | WordPress Famita theme <= 1.54 - Local File Inclusion vulnerability |
| CVE-2025-62011 | 2025-11-06 | WordPress TheGem theme <= 5.10.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62012 | 2025-11-06 | WordPress TheGem (Elementor) theme <= 5.10.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62014 | 2025-11-06 | WordPress ITok theme <= 1.1.42 - Local File Inclusion vulnerability |
| CVE-2025-62016 | 2025-11-06 | WordPress Kallyas theme <= 4.22.0 - Arbitrary File Upload vulnerability |
| CVE-2025-62017 | 2025-11-06 | WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability |
| CVE-2025-62018 | 2025-11-06 | WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability |
| CVE-2025-62028 | 2025-11-06 | WordPress Salient theme < 17.4.0 - Broken Access Control vulnerability |
| CVE-2025-62030 | 2025-11-06 | WordPress tagDiv Composer plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62031 | 2025-11-06 | WordPress tagDiv Composer plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability |