CVE List - 2025 / January
Showing 501 - 600 of 4277 CVEs for January 2025 (Page 6 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-12419 | 2025-01-07 | Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.0 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting |
| CVE-2024-12541 | 2025-01-07 | Chative Live chat and Chatbot <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Function |
| CVE-2024-12416 | 2025-01-07 | Woomotiv <= 3.6.1 - Unauthenticated SQL Injection |
| CVE-2024-11777 | 2025-01-07 | Sell Media <= 2.5.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12592 | 2025-01-07 | Sellsy <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12098 | 2025-01-07 | ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting |
| CVE-2024-12559 | 2025-01-07 | ClickDesigns <= 1.8.0 - Missing Authorization to API Key Modification or Removal |
| CVE-2024-11899 | 2025-01-07 | Slider Pro Lite <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12538 | 2025-01-07 | Duplicate Post, Page and Any Custom Post <= 3.5.3 - Authenticated (Contributor+) Post Disclosure via Post Duplication |
| CVE-2024-11383 | 2025-01-07 | CC Canadian Mortgage Calculator <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12049 | 2025-01-07 | Woo Ukrposhta <= 1.17.11 - Reflected Cross-Site Scripting via order, post, and idd Parameters |
| CVE-2024-10527 | 2025-01-07 | Spacer <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Limited Information Disclosure |
| CVE-2024-12462 | 2025-01-07 | YOGO Booking <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11338 | 2025-01-07 | PIXNET Plugin <= 2.9.10 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-11434 | 2025-01-07 | WP – Bulk SMS – by SMS.to <= 1.0.12 - Reflected Cross-Site Scripting |
| CVE-2024-11465 | 2025-01-07 | Custom Product Tabs for WooCommerce <= 1.8.5 - Authenticated (Shop Manager+) PHP Object Injection |
| CVE-2024-12214 | 2025-01-07 | WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter |
| CVE-2024-11690 | 2025-01-07 | Financial Stocks & Crypto Market Data Plugin <= 1.10.3 - Reflected Cross-Site Scripting |
| CVE-2024-12126 | 2025-01-07 | SEO Keywords <= 1.1.3 - Reflected Cross-Site Scripting via google_error Parameter |
| CVE-2024-12157 | 2025-01-07 | Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Unauthenticated SQL Injection |
| CVE-2024-11378 | 2025-01-07 | Bizapp for WooCommerce <= 2.0.8 - Reflected Cross-Site Scripting |
| CVE-2024-12288 | 2025-01-07 | Simple add pages or posts <= 2.0.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-11375 | 2025-01-07 | WC1C <= 0.23.0 - Reflected Cross-Site Scripting |
| CVE-2024-11445 | 2025-01-07 | Image Magnify <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12170 | 2025-01-07 | ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection |
| CVE-2024-12290 | 2025-01-07 | Infility Global <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter |
| CVE-2024-12313 | 2025-01-07 | Compare Products for WooCommerce <= 3.2.1 - Unauthenticated PHP Object Injection |
| CVE-2024-12291 | 2025-01-07 | ViewMedica 9 <= 1.4.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-12252 | 2025-01-07 | SEO LAT Auto Post <= 2.2.1 - Missing Authorization to File Overwrite/Upload (Remote Code Execution) |
| CVE-2024-11337 | 2025-01-07 | Horoscope And Tarot <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12207 | 2025-01-07 | Toggles Shortcode and Widget <= 1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-12457 | 2025-01-07 | Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12453 | 2025-01-07 | Uptodown APK Download Widget <= 0.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11363 | 2025-01-07 | Same but Different – Related Posts by Taxonomy <= 1.0.16 - Reflected Cross-Site Scripting |
| CVE-2024-12153 | 2025-01-07 | GDY Modular Content <= 0.9.91 - Reflected Cross-Site Scripting |
| CVE-2024-12158 | 2025-01-07 | Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table Truncation |
| CVE-2024-11377 | 2025-01-07 | Automate Hub Free by Sperse.IO <= 1.7.0 - Reflected Cross-Site Scripting |
| CVE-2024-11290 | 2025-01-07 | Member Access <= 1.1.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-12264 | 2025-01-07 | PayU CommercePro Plugin <= 3.8.3 - Unauthenticated Privilege Escalation |
| CVE-2024-12140 | 2025-01-07 | Elementor AI Addons – 70 Widgets, Premium Templates, Ultimate Elements <= 2.2.1 - Authenticated (Contributor+) Private Templates Content Disclosure |
| CVE-2024-12332 | 2025-01-07 | School Management System – WPSchoolPress <= 2.2.14 - Authenticated (Student/Parent+) SQL Injection |
| CVE-2024-12176 | 2025-01-07 | WordLift – AI powered SEO – Schema <= 3.54.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-12256 | 2025-01-07 | Simple Video Management System <= 1.0.4 - Reflected Cross-Site Scripting |
| CVE-2024-12159 | 2025-01-07 | Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords <= 3.1 - Information Exposure |
| CVE-2024-11496 | 2025-01-07 | Infility Global <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Update |
| CVE-2024-12327 | 2025-01-07 | LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update |
| CVE-2024-9208 | 2025-01-07 | Enable Accessibility <= 1.4.1 - Reflected Cross-Site Scripting |
| CVE-2024-12470 | 2025-01-07 | School Management System – SakolaWP <= 1.0.8 - Unauthenticated Privilege Escalation |
| CVE-2024-11810 | 2025-01-07 | PayGreen Payment Gateway <= 1.0.26 - Reflected Cross-Site Scripting |
| CVE-2024-12322 | 2025-01-07 | ThePerfectWedding.nl Widget <= 2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12445 | 2025-01-07 | RightMessage WP <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11382 | 2025-01-07 | Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12435 | 2025-01-07 | Compare Products for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting |
| CVE-2024-12324 | 2025-01-07 | Unilevel MLM Plan <= 1.1.0 - Reflected Cross-Site Scripting via 'page' |
| CVE-2024-11749 | 2025-01-07 | App Embed <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9697 | 2025-01-07 | Social Rocket – Social Sharing Plugin <= 1.3.4 - Missing Authorization to Settings Update |
| CVE-2024-11369 | 2025-01-07 | Store credit / Gift cards for woocommerce <= 1.0.49.46 - Reflected Cross-Site Scripting |
| CVE-2024-12849 | 2025-01-07 | Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Unauthenticated Arbitrary File Read |
| CVE-2024-12439 | 2025-01-07 | Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marketplace' Shortcode |
| CVE-2024-12261 | 2025-01-07 | SmartEmailing.cz <= 2.2.0 - Reflected Cross-Site Scripting |
| CVE-2024-12464 | 2025-01-07 | Chatroll Live Chat <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12535 | 2025-01-07 | Host PHP Info <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Disclosure |
| CVE-2024-9702 | 2025-01-07 | Social Rocket <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-12438 | 2025-01-07 | WooCommerce Digital Content Delivery (incl. DRM) – FlickRocket <= 4.74 - Reflected Cross-Site Scripting |
| CVE-2024-12383 | 2025-01-07 | Binary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12633 | 2025-01-07 | JoomSport <= 5.6.17 - Reflected Cross-Site Scripting via page |
| CVE-2024-12471 | 2025-01-07 | Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-12073 | 2025-01-07 | Meteor Slides <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12440 | 2025-01-07 | Candifly <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11887 | 2025-01-07 | Geo Content <= 6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10536 | 2025-01-07 | FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 6.0.0 - Missing Authorization to Authenticated (Subscriber+) Shortcode Export |
| CVE-2024-11756 | 2025-01-07 | SweepWidget Contests, Giveaways, Photo Contests, Competitions <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12384 | 2025-01-07 | Binary MLM Woocommerce <= 2.0 - Reflected Cross-Site Scripting via 'page' |
| CVE-2024-7696 | 2025-01-07 | Seth Fogie, member of AXIS Camera Station Pro Bug Bounty... |
| CVE-2024-10102 | 2025-01-07 | Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.22 - Contributor+ Stored XSS |
| CVE-2024-10562 | 2025-01-07 | Form Maker by 10Web < 1.15.31 - Admin+ Stored XSS |
| CVE-2024-11606 | 2025-01-07 | Tabs Shortcode <= 2.0.2 - Contributor+ XSS via Shortcode |
| CVE-2024-8855 | 2025-01-07 | WordPress Auction <= 3.7 - Editor+ SQL Injection |
| CVE-2024-8857 | 2025-01-07 | WordPress Auction <= 3.7 - Editor+ Stored XSS |
| CVE-2024-9638 | 2025-01-07 | Category Posts Widget < 4.9.18 - Admin+ Stored XSS |
| CVE-2024-11282 | 2025-01-07 | Passster – Password Protect Pages and Content <= 4.2.10 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-11725 | 2025-01-07 | SMS Alert Order Notifications – WooCommerce <= 3.7.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-12624 | 2025-01-07 | Sina Extension for Elementor <= 3.5.91 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Sina Image Differ |
| CVE-2024-9502 | 2025-01-07 | Master Addons -- Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip Module |
| CVE-2024-9354 | 2025-01-07 | Estatik Mortgage Calculator <= 2.0.11 - Reflected Cross-Site Scripting |
| CVE-2024-12495 | 2025-01-07 | Bootstrap Blocks for WP Editor v2 <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12499 | 2025-01-07 | WP jQuery DataTable <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11764 | 2025-01-07 | Solar Wizard Lite <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12781 | 2025-01-07 | Aurum - WordPress & WooCommerce Shopping Theme <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Demo Content Import |
| CVE-2024-12437 | 2025-01-07 | Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-10866 | 2025-01-07 | Export Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export |
| CVE-2024-12202 | 2025-01-07 | Croma Music <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax |
| CVE-2024-12077 | 2025-01-07 | Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' |
| CVE-2024-12516 | 2025-01-07 | Coupon Plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11625 | 2025-01-07 | Information Exposure Through an Error Message vulnerability in Progress Software... |
| CVE-2024-11626 | 2025-01-07 | Improper Neutralization of Input During CMS Backend (adminstrative section) Web... |
| CVE-2024-11627 | 2025-01-07 | : Insufficient Session Expiration vulnerability in Progress Sitefinity allows :... |
| CVE-2024-45070 | 2025-01-07 | Liteos_a has an out-of-bounds read vulnerability |
| CVE-2024-47398 | 2025-01-07 | Liteos_a has an out-of-bounds write vulnerability |
| CVE-2024-54030 | 2025-01-07 | Communication_dsoftbus has an UAF vulnerability |