CVE List - 2025 / December
Showing 3401 - 3500 of 3706 CVEs for December 2025 (Page 35 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-58946 | 2025-12-18 | WordPress Vocal theme <= 1.12 - Local File Inclusion vulnerability |
| CVE-2025-58947 | 2025-12-18 | WordPress Athos theme <= 1.9 - Local File Inclusion vulnerability |
| CVE-2025-58948 | 2025-12-18 | WordPress Aromatica theme <= 1.8 - Local File Inclusion vulnerability |
| CVE-2025-58949 | 2025-12-18 | WordPress Spock theme <= 1.17 - Local File Inclusion vulnerability |
| CVE-2025-58950 | 2025-12-18 | WordPress Lione theme <= 1.16 - Local File Inclusion vulnerability |
| CVE-2025-58951 | 2025-12-18 | WordPress Advance Seat Reservation Management for WooCommerce plugin <= 3.1 - SQL Injection vulnerability |
| CVE-2025-59134 | 2025-12-18 | WordPress Sale! Immigration law, Visa services support, Migration Agent Consulting theme <= 1.5.8 - Privilege Escalation vulnerability |
| CVE-2025-60042 | 2025-12-18 | WordPress Chinchilla theme <= 1.16 - Local File Inclusion vulnerability |
| CVE-2025-60043 | 2025-12-18 | WordPress Wanderic theme <= 1.0.10 - Local File Inclusion vulnerability |
| CVE-2025-60044 | 2025-12-18 | WordPress Fribbo theme <= 1.1.0 - Local File Inclusion vulnerability |
| CVE-2025-60045 | 2025-12-18 | WordPress IDonatePro plugin <= 2.1.11 - Broken Access Control vulnerability |
| CVE-2025-60046 | 2025-12-18 | WordPress HeartStar theme <= 1.0.14 - Local File Inclusion vulnerability |
| CVE-2025-60047 | 2025-12-18 | WordPress IPharm theme <= 1.2.3 - Local File Inclusion vulnerability |
| CVE-2025-60048 | 2025-12-18 | WordPress Tripster theme <= 1.0.10 - Local File Inclusion vulnerability |
| CVE-2025-60049 | 2025-12-18 | WordPress Soleil theme <= 1.17 - Local File Inclusion vulnerability |
| CVE-2025-60050 | 2025-12-18 | WordPress Panda theme <= 1.21 - Local File Inclusion vulnerability |
| CVE-2025-60051 | 2025-12-18 | WordPress Rare Radio theme <= 1.0.15.1 - Local File Inclusion vulnerability |
| CVE-2025-60052 | 2025-12-18 | WordPress W&D theme <= 1.0 - Local File Inclusion vulnerability |
| CVE-2025-60053 | 2025-12-18 | WordPress MaxCube theme <= 1.3.1 - Local File Inclusion vulnerability |
| CVE-2025-60054 | 2025-12-18 | WordPress OnLeash theme <= 1.5.2 - Local File Inclusion vulnerability |
| CVE-2025-60055 | 2025-12-18 | WordPress Fabrica theme <= 1.8.1 - Local File Inclusion vulnerability |
| CVE-2025-60056 | 2025-12-18 | WordPress Winger theme <= 1.0.16 - Local File Inclusion vulnerability |
| CVE-2025-60057 | 2025-12-18 | WordPress DJ Rainflow theme <= 1.3.13 - Local File Inclusion vulnerability |
| CVE-2025-60058 | 2025-12-18 | WordPress DetailX theme <= 1.10.0 - Local File Inclusion vulnerability |
| CVE-2025-60059 | 2025-12-18 | WordPress smart SEO theme <= 2.12 - Local File Inclusion vulnerability |
| CVE-2025-60060 | 2025-12-18 | WordPress Pubzinne theme <= 1.0.12 - Local File Inclusion vulnerability |
| CVE-2025-60061 | 2025-12-18 | WordPress Kicker theme <= 2.2.0 - Local File Inclusion vulnerability |
| CVE-2025-60062 | 2025-12-18 | WordPress tPlayer plugin <= 1.2.1.6 - SQL Injection vulnerability |
| CVE-2025-60063 | 2025-12-18 | WordPress Rosalinda theme <= 1.2.3 - Local File Inclusion vulnerability |
| CVE-2025-60064 | 2025-12-18 | WordPress Renewal theme <= 1.2.2 - Local File Inclusion vulnerability |
| CVE-2025-60065 | 2025-12-18 | WordPress Pinevale theme <= 1.0.14 - Local File Inclusion vulnerability |
| CVE-2025-60066 | 2025-12-18 | WordPress Katelyn theme <= 1.0.10 - Local File Inclusion vulnerability |
| CVE-2025-60067 | 2025-12-18 | WordPress Giardino theme <= 1.1.10 - Local File Inclusion vulnerability |
| CVE-2025-60068 | 2025-12-18 | WordPress Javo Core plugin <= 3.0.0.266 - Arbitrary Code Execution vulnerability |
| CVE-2025-60069 | 2025-12-18 | WordPress MinimogWP theme <= 3.9.6 - Local File Inclusion vulnerability |
| CVE-2025-60070 | 2025-12-18 | WordPress Molla - Multipurpose Responsive Shopify theme <= 1.5.13 - Arbitrary Code Execution vulnerability |
| CVE-2025-60071 | 2025-12-18 | WordPress Riode | Multi-Purpose WooCommerce theme <= 1.6.23 - Local File Inclusion vulnerability |
| CVE-2025-60072 | 2025-12-18 | WordPress Anchor smooth scroll plugin <= 1.0.2 - Local File Inclusion vulnerability |
| CVE-2025-60076 | 2025-12-18 | WordPress Ray Enterprise Translation plugin <= 1.7.1 - Local File Inclusion vulnerability |
| CVE-2025-60077 | 2025-12-18 | WordPress YayPricing plugin <= 3.5.3 - Broken Access Control vulnerability |
| CVE-2025-60078 | 2025-12-18 | WordPress Task Manager plugin <= 3.0.2 - Local File Inclusion vulnerability |
| CVE-2025-60079 | 2025-12-18 | WordPress Parallax Section block plugin <= 1.0.9 - Broken Authentication vulnerability |
| CVE-2025-60080 | 2025-12-18 | WordPress PDF for Gravity Forms + Drag And Drop Template Builder plugin <= 6.3.0 - PHP Object Injection vulnerability |
| CVE-2025-60081 | 2025-12-18 | WordPress PDF for Contact Form 7 plugin <= 6.3.4 - Deserialization of untrusted data vulnerability |
| CVE-2025-60082 | 2025-12-18 | WordPress PDF for WPForms plugin <= 6.3.1 - Deserialization of untrusted data vulnerability |
| CVE-2025-60083 | 2025-12-18 | WordPress PDF Invoice Builder for WooCommerce plugin <= 6.3.2 - Deserialization of untrusted data vulnerability |
| CVE-2025-60084 | 2025-12-18 | WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.3.1 - PHP Object Injection vulnerability |
| CVE-2025-60086 | 2025-12-18 | WordPress WP Voting Contest plugin <= 5.8 - Broken Access Control vulnerability |
| CVE-2025-60088 | 2025-12-18 | WordPress WebinarIgnition plugin <= 4.06.04 - Broken Access Control vulnerability |
| CVE-2025-60089 | 2025-12-18 | WordPress WP Gravity Forms FreshDesk plugin plugin <= 1.3.5 - Deserialization of untrusted data vulnerability |
| CVE-2025-60090 | 2025-12-18 | WordPress WP Gravity Forms Insightly plugin <= 1.1.6 - Deserialization of untrusted data vulnerability |
| CVE-2025-60091 | 2025-12-18 | WordPress WP Gravity Forms Zoho CRM and Bigin plugin <= 1.2.9 - Deserialization of untrusted data vulnerability |
| CVE-2025-60174 | 2025-12-18 | WordPress WP Gravity Forms Constant Contact Plugin plugin <= 1.1.2 - Deserialization of untrusted data vulnerability |
| CVE-2025-60178 | 2025-12-18 | WordPress WP Gravity Forms HubSpot plugin <= 1.2.6 - Deserialization of untrusted data vulnerability |
| CVE-2025-60180 | 2025-12-18 | WordPress WP Gravity Forms Salesforce plugin <= 1.5.1 - PHP Object Injection vulnerability |
| CVE-2025-60182 | 2025-12-18 | WordPress Support Board plugin < 3.8.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63039 | 2025-12-18 | WordPress ListingPro theme <= 2.9.9 - Broken Access Control vulnerability |
| CVE-2025-6324 | 2025-12-18 | WordPress Easy Invoice plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-6326 | 2025-12-18 | WordPress Inset theme <= 1.18.0 - Local File Inclusion Vulnerability |
| CVE-2025-64188 | 2025-12-18 | WordPress Soledad theme <= 8.6.9 - Privilege Escalation vulnerability |
| CVE-2025-64189 | 2025-12-18 | WordPress XStore Core plugin < 5.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64191 | 2025-12-18 | WordPress XStore theme < 9.6.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64192 | 2025-12-18 | WordPress XStore theme < 9.6 - Broken Access Control vulnerability |
| CVE-2025-64193 | 2025-12-18 | WordPress XStore theme < 9.6.1 - Local File Inclusion vulnerability |
| CVE-2025-64203 | 2025-12-18 | WordPress Mailster plugin < 4.1.14 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64205 | 2025-12-18 | WordPress Jannah theme <= 7.6.0 - Local File Inclusion vulnerability |
| CVE-2025-64206 | 2025-12-18 | WordPress Jannah theme <= 7.6.0 - PHP Object Injection vulnerability |
| CVE-2025-64207 | 2025-12-18 | WordPress Jannah theme <= 7.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64209 | 2025-12-18 | WordPress Masterstudy theme < 4.8.122 - Broken Access Control vulnerability |
| CVE-2025-64213 | 2025-12-18 | WordPress MasterStudy LMS Pro plugin < 4.7.16 - Sensitive Data Exposure vulnerability |
| CVE-2025-64214 | 2025-12-18 | WordPress MasterStudy LMS Pro plugin < 4.7.16 - Arbitrary Content Deletion vulnerability |
| CVE-2025-64217 | 2025-12-18 | WordPress Photography theme <= 7.7.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64218 | 2025-12-18 | WordPress Passster plugin <= 4.2.19 - Sensitive Data Exposure vulnerability |
| CVE-2025-64221 | 2025-12-18 | WordPress Reservation Plugin plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64222 | 2025-12-18 | WordPress WooCommerce Recover Abandoned Cart plugin <= 24.6.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-64223 | 2025-12-18 | WordPress PenNews theme < 6.7.3 - Local File Inclusion vulnerability |
| CVE-2025-64225 | 2025-12-18 | WordPress Stockie Extra plugin <= 1.2.11 - Content Injection vulnerability |
| CVE-2025-64227 | 2025-12-18 | WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - PHP Object Injection vulnerability |
| CVE-2025-64230 | 2025-12-18 | WordPress Filr plugin <= 1.2.10 - Arbitrary File Deletion vulnerability |
| CVE-2025-64231 | 2025-12-18 | WordPress WordPress Contact Form 7 PDF, Google Sheet & Database plugin <= 3.0.0 - Arbitrary File Upload vulnerability |
| CVE-2025-64233 | 2025-12-18 | WordPress Codiqa theme < 1.2.8 - PHP Object Injection vulnerability |
| CVE-2025-64258 | 2025-12-18 | WordPress Follow My Blog Post plugin <= 2.3.9 - Sensitive Data Exposure vulnerability |
| CVE-2025-64260 | 2025-12-18 | WordPress ANAC XML Bandi di Gara plugin <= 7.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64266 | 2025-12-18 | WordPress Booking and Rental Manager plugin <= 2.5.4 - PHP Object Injection vulnerability |
| CVE-2025-64268 | 2025-12-18 | WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability |
| CVE-2025-64270 | 2025-12-18 | WordPress Masteriyo - LMS plugin <= 2.0.3 - Sensitive Data Exposure vulnerability |
| CVE-2025-64272 | 2025-12-18 | WordPress Email marketing for WordPress by GetResponse Official plugin <= 1.5.3 - Sensitive Data Exposure vulnerability |
| CVE-2025-64273 | 2025-12-18 | WordPress Email marketing for WordPress by GetResponse Official plugin <= 1.5.3 - Broken Access Control vulnerability |
| CVE-2025-64295 | 2025-12-18 | WordPress All In One SEO Pack plugin <= 4.8.6.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-64371 | 2025-12-18 | WordPress Traveler theme < 3.2.6 - SQL Injection vulnerability |
| CVE-2025-64372 | 2025-12-18 | WordPress Traveler theme < 3.2.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64373 | 2025-12-18 | WordPress Traveler theme < 3.2.6 - Local File Inclusion vulnerability |
| CVE-2025-64374 | 2025-12-18 | WordPress Motors theme <= 5.6.81 - Arbitrary File Upload vulnerability |
| CVE-2025-64375 | 2025-12-18 | WordPress WP Social Ninja plugin <= 3.20.1 - Broken Access Control vulnerability |
| CVE-2025-64376 | 2025-12-18 | WordPress ListingPro theme < 2.9.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64377 | 2025-12-18 | WordPress ListingPro theme < 2.9.10 - Local File Inclusion vulnerability |
| CVE-2025-64378 | 2025-12-18 | WordPress ListingPro theme < 2.9.10 - Broken Access Control vulnerability |
| CVE-2025-66054 | 2025-12-18 | WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability |
| CVE-2025-66068 | 2025-12-18 | WordPress InstaWP Connect plugin <= 0.1.1.9 - Broken Access Control vulnerability |
| CVE-2025-66070 | 2025-12-18 | WordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerability |