CVE List - 2025 / December
Showing 1401 - 1500 of 3706 CVEs for December 2025 (Page 15 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-67555 | 2025-12-09 | WordPress UseStrict's Calendly Embedder plugin <= 1.1.7.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67556 | 2025-12-09 | WordPress Advanced FAQ Manager plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67557 | 2025-12-09 | WordPress WP eBay Product Feeds plugin <= 3.4.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67558 | 2025-12-09 | WordPress Rencontre plugin <= 3.13.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67559 | 2025-12-09 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Broken Access Control vulnerability |
| CVE-2025-67560 | 2025-12-09 | WordPress Listdom plugin <= 5.0.1 - Broken Access Control vulnerability |
| CVE-2025-67561 | 2025-12-09 | WordPress Debug Log Viewer plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2025-67562 | 2025-12-09 | WordPress Image Caption Hover Pro plugin < 20.0 - Broken Access Control vulnerability |
| CVE-2025-67563 | 2025-12-09 | WordPress Post SMTP plugin <= 3.6.1 - Broken Access Control vulnerability |
| CVE-2025-67564 | 2025-12-09 | WordPress Pixel Manager for WooCommerce plugin <= 1.51.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-67565 | 2025-12-09 | WordPress Rehub theme <= 19.9.9.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-67566 | 2025-12-09 | WordPress Woffice Core plugin <= 5.4.30 - Broken Access Control vulnerability |
| CVE-2025-67567 | 2025-12-09 | WordPress Sober theme <= 3.5.11 - Sensitive Data Exposure vulnerability |
| CVE-2025-67568 | 2025-12-09 | WordPress Basel theme <= 5.9.1 - Broken Access Control vulnerability |
| CVE-2025-67569 | 2025-12-09 | WordPress AdForest theme <= 6.0.11 - Broken Access Control vulnerability |
| CVE-2025-67570 | 2025-12-09 | WordPress WPForms Google Sheet Connector plugin <= 4.0.0 - Broken Access Control vulnerability |
| CVE-2025-67571 | 2025-12-09 | WordPress WPFunnels plugin <= 3.6.2 - Broken Access Control vulnerability |
| CVE-2025-67572 | 2025-12-09 | WordPress PenNews theme < 6.7.4 - Broken Access Control vulnerability |
| CVE-2025-67573 | 2025-12-09 | WordPress Sailing theme < 4.4.6 - Broken Access Control vulnerability |
| CVE-2025-67574 | 2025-12-09 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.30 - Broken Access Control vulnerability |
| CVE-2025-67575 | 2025-12-09 | WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability |
| CVE-2025-67576 | 2025-12-09 | WordPress Simple Link Directory plugin <= 8.8.3 - Broken Access Control vulnerability |
| CVE-2025-67577 | 2025-12-09 | WordPress Easy Form Builder plugin <= 3.8.20 - Broken Access Control vulnerability |
| CVE-2025-67578 | 2025-12-09 | WordPress WP Email Capture plugin <= 3.12.4 - Broken Access Control vulnerability |
| CVE-2025-67579 | 2025-12-09 | WordPress User Extra Fields plugin <= 16.8 - Broken Access Control vulnerability |
| CVE-2025-67580 | 2025-12-09 | WordPress Constant Contact + WooCommerce plugin <= 2.4.1 - Broken Access Control vulnerability |
| CVE-2025-67581 | 2025-12-09 | WordPress TrueBooker plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2025-67582 | 2025-12-09 | WordPress Wbcom Designs plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2025-67583 | 2025-12-09 | WordPress IDonate plugin <= 2.1.15 - Broken Access Control vulnerability |
| CVE-2025-67584 | 2025-12-09 | WordPress GoDAM plugin <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2025-67585 | 2025-12-09 | WordPress Flexmls® IDX plugin <= 3.15.7 - Open Redirection vulnerability |
| CVE-2025-67586 | 2025-12-09 | WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability |
| CVE-2025-67587 | 2025-12-09 | WordPress WP Gravity Forms FreshDesk Plugin plugin <= 1.3.5 - Open Redirection vulnerability |
| CVE-2025-67588 | 2025-12-09 | WordPress Elementor Website Builder plugin <= 3.33.0 - Broken Access Control vulnerability |
| CVE-2025-67589 | 2025-12-09 | WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 4.9.1 - Broken Access Control vulnerability |
| CVE-2025-67590 | 2025-12-09 | WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67591 | 2025-12-09 | WordPress JNews Paywall plugin < 12.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67592 | 2025-12-09 | WordPress My Calendar plugin <= 3.6.16 - Broken Access Control vulnerability |
| CVE-2025-67593 | 2025-12-09 | WordPress UsersWP plugin <= 1.2.48 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67594 | 2025-12-09 | WordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2025-67595 | 2025-12-09 | WordPress Quiz Maker plugin <= 6.7.0.82 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67596 | 2025-12-09 | WordPress Business Directory plugin <= 6.4.19 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67597 | 2025-12-09 | WordPress Fluent Booking plugin <= 1.9.11 - Broken Access Control vulnerability |
| CVE-2025-67598 | 2025-12-09 | WordPress SupportCandy plugin <= 3.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67599 | 2025-12-09 | WordPress WebToffee eCommerce Marketing Automation plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2025-6923 | 2025-12-09 | Reflected XSS in TalentSoft's UNIS |
| CVE-2025-12504 | 2025-12-09 | SQLi in TalentSoft's UNIS |
| CVE-2025-10655 | 2025-12-09 | Frappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_data |
| CVE-2025-49341 | 2025-12-09 | WordPress PDF Creator Lite plugin <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49347 | 2025-12-09 | WordPress WP sIFR plugin <= 0.6.8.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-49348 | 2025-12-09 | WordPress Hype plugin <= 1.0.5 - Broken Access Control vulnerability |
| CVE-2025-49350 | 2025-12-09 | WordPress Actionwear products sync plugin <= 2.3.3 - Broken Access Control vulnerability |
| CVE-2025-49351 | 2025-12-09 | WordPress Create Posts & Terms plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-59132 | 2025-12-09 | WordPress Duplicate Content Cure plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62082 | 2025-12-09 | WordPress Generic Elements plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62085 | 2025-12-09 | WordPress BERTHA AI plugin <= 1.13 - Broken Access Control vulnerability |
| CVE-2025-62086 | 2025-12-09 | WordPress Яндекс Доставка (Boxberry) plugin <= 2.32 - Broken Access Control vulnerability |
| CVE-2025-62090 | 2025-12-09 | WordPress Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons plugin <= 3.0.2 - Broken Access Control vulnerability |
| CVE-2025-62093 | 2025-12-09 | WordPress Image&Video FullScreen Background plugin <= 1.6.7 - SQL Injection vulnerability |
| CVE-2025-62100 | 2025-12-09 | WordPress ThemeRain Core plugin <= 1.1.9 - Broken Access Control vulnerability |
| CVE-2025-62102 | 2025-12-09 | WordPress DoFollow Case by Case plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62103 | 2025-12-09 | WordPress Media Library File Download plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62109 | 2025-12-09 | WordPress Geo Controller plugin <= 8.9.4 - Sensitive Data Exposure vulnerability |
| CVE-2025-62151 | 2025-12-09 | WordPress Virtuaria PagBank / PagSeguro para Woocommerce plugin <= 3.6.3 - Broken Access Control vulnerability |
| CVE-2025-62152 | 2025-12-09 | WordPress ConveyThis plugin <= 268.10 - Broken Access Control vulnerability |
| CVE-2025-62153 | 2025-12-09 | WordPress Quick Interest Slider plugin <= 3.1.5 - Broken Access Control vulnerability |
| CVE-2025-62733 | 2025-12-09 | WordPress Custom Sidebars by ProteusThemes plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62734 | 2025-12-09 | WordPress Media Library Downloader plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62735 | 2025-12-09 | WordPress User Spam Remover plugin <= 1.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-62736 | 2025-12-09 | WordPress Image Cleanup plugin <= 1.9.2 - Broken Access Control vulnerability |
| CVE-2025-62737 | 2025-12-09 | WordPress Image Cleanup plugin <= 1.9.2 - Sensitive Data Exposure vulnerability |
| CVE-2025-62738 | 2025-12-09 | WordPress Formstack Online Forms plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2025-62739 | 2025-12-09 | WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62740 | 2025-12-09 | WordPress WP-CRM System plugin <= 3.4.5 - Broken Access Control vulnerability |
| CVE-2025-62762 | 2025-12-09 | WordPress SMTP Mail plugin <= 1.3.47 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62865 | 2025-12-09 | WordPress Post Cloner plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2025-62866 | 2025-12-09 | WordPress Auto Alt Text plugin <= 2.5.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62867 | 2025-12-09 | WordPress Ergonet Cache plugin <= 1.0.11 - Broken Access Control vulnerability |
| CVE-2025-62869 | 2025-12-09 | WordPress Gravitec.net – Web Push Notifications plugin <= 2.9.17 - Broken Access Control vulnerability |
| CVE-2025-62870 | 2025-12-09 | WordPress Eupago Gateway For Woocommerce plugin <= 4.6.3 - Broken Access Control vulnerability |
| CVE-2025-62871 | 2025-12-09 | WordPress Just TinyMCE Custom Styles plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62872 | 2025-12-09 | WordPress Social Photo Fetcher plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62873 | 2025-12-09 | WordPress WP Flashy Marketing Automation plugin <= 2.0.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-62993 | 2025-12-09 | WordPress Notification for Telegram plugin <= 3.4.7 - Broken Access Control vulnerability |
| CVE-2025-62994 | 2025-12-09 | WordPress WP AI CoPilot plugin <= 1.2.7 - Sensitive Data Exposure vulnerability |
| CVE-2025-62995 | 2025-12-09 | WordPress MultiParcels Shipping For WooCommerce plugin <= 1.30.12 - Broken Access Control vulnerability |
| CVE-2025-62996 | 2025-12-09 | WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.12 - Broken Access Control vulnerability |
| CVE-2025-62997 | 2025-12-09 | WordPress WP EasyCart plugin <= 5.8.11 - Sensitive Data Exposure vulnerability |
| CVE-2025-62999 | 2025-12-09 | WordPress Litho Addons plugin <= 3.4 - Broken Access Control vulnerability |
| CVE-2025-63003 | 2025-12-09 | WordPress North - Required Plugin plugin <= 1.4.2 - Local File Inclusion vulnerability |
| CVE-2025-63006 | 2025-12-09 | WordPress EventPrime plugin <= 4.2.4.1 - Broken Access Control vulnerability |
| CVE-2025-63007 | 2025-12-09 | WordPress EventPrime plugin <= 4.2.4.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-63008 | 2025-12-09 | WordPress WP ERP plugin <= 1.16.7 - Broken Access Control vulnerability |
| CVE-2025-63009 | 2025-12-09 | WordPress WP Google Analytics Events plugin <= 2.8.2 - Sensitive Data Exposure vulnerability |
| CVE-2025-63010 | 2025-12-09 | WordPress Hercules Core plugin <= 7.4 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-63011 | 2025-12-09 | WordPress WP Hotel Booking plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63012 | 2025-12-09 | WordPress WP Hotel Booking plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-63013 | 2025-12-09 | WordPress WP Hotel Booking plugin <= 2.2.7 - Sensitive Data Exposure vulnerability |
| CVE-2025-63015 | 2025-12-09 | WordPress WooCommerce Payment Gateway – Paysera plugin <= 3.9.0 - Broken Access Control vulnerability |
| CVE-2025-63023 | 2025-12-09 | WordPress Payment Gateway for PayPal on WooCommerce plugin <= 9.0.52 - Broken Access Control vulnerability |