CVE List - 2025 / January
Showing 601 - 700 of 4277 CVEs for January 2025 (Page 7 of 43)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-12719 | 2025-01-07 | WordPress File Upload <= 4.24.15 - Missing Authorization to Authenticated (Subscriber+) Limited Path Traversal |
| CVE-2024-12152 | 2025-01-07 | MIPL WC Multisite Sync <= 1.1.5 - Unauthenticated Arbitrary File Download |
| CVE-2024-12699 | 2025-01-07 | Service Box <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-22364 | 2025-01-07 | WordPress Ach Invoice App plugin <= 1.0.1 - Local File Inclusion vulnerability |
| CVE-2025-22362 | 2025-01-07 | WordPress WPAchievements Free Plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22359 | 2025-01-07 | WordPress SyncFields plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22358 | 2025-01-07 | WordPress Wp advertising management plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22357 | 2025-01-07 | WordPress Target Notifications plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22355 | 2025-01-07 | WordPress Kikx Simple Post Author Filter plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22353 | 2025-01-07 | WordPress BVD Easy Gallery Manager plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22352 | 2025-01-07 | WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes Plugin <= 1.4.8 - SQL Injection vulnerability |
| CVE-2025-22351 | 2025-01-07 | WordPress Contact Form 7 Database – CFDB7 plugin <= 1.0.0 - SQL Injection vulnerability |
| CVE-2025-22349 | 2025-01-07 | WordPress WordPress Auction Plugin plugin <= 3.7 - SQL Injection vulnerability |
| CVE-2025-22348 | 2025-01-07 | WordPress DynamicTags plugin <= 1.4.0 - SQL Injection vulnerability |
| CVE-2025-22347 | 2025-01-07 | WordPress BSK Forms Blacklist plugin <= 3.9 - CSRF to SQL Injection vulnerability |
| CVE-2025-22343 | 2025-01-07 | WordPress wpSOL plugin <= 1.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-22342 | 2025-01-07 | WordPress WP Simple Sitemap plugin <= 0.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-22339 | 2025-01-07 | WordPress Store Commerce theme <= 1.2.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22336 | 2025-01-07 | WordPress Wizhi Multi Filters by Wenprise plugin <= 1.8.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22333 | 2025-01-07 | WordPress Piotnet Addons For Elementor plugin <= 2.4.31 - Cross-Site Scripting vulnerability |
| CVE-2025-22328 | 2025-01-07 | WordPress Elevio plugin <= 4.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-22327 | 2025-01-07 | WordPress EO4WP plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22326 | 2025-01-07 | WordPress 5centsCDN – WordPress CDN Plugin plugin <= 24.8.16 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22325 | 2025-01-07 | WordPress Autocompleter plugin <= 1.3.5.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-22324 | 2025-01-07 | WordPress OZ Canonical plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22323 | 2025-01-07 | WordPress Image Hover Effects for Elementor plugin <= 1.0.2.3 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22321 | 2025-01-07 | WordPress ElementsCSS Addons for Elementor plugin <= 1.0.8.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22320 | 2025-01-07 | WordPress ProductDyno plugin <= 1.0.24 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22316 | 2025-01-07 | WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22315 | 2025-01-07 | WordPress Typing Text plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22312 | 2025-01-07 | WordPress Thim Elementor Kit plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22310 | 2025-01-07 | WordPress TemplatesNext ToolKit plugin <= 3.2.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22309 | 2025-01-07 | WordPress SpeakOut! Email Petitions plugin <= 4.4.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22308 | 2025-01-07 | WordPress Smart Custom FIelds plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22305 | 2025-01-07 | WordPress Hero Banner Ultimate plugin <= 1.4.2 - Local File Inclusion vulnerability |
| CVE-2025-22304 | 2025-01-07 | WordPress WP Visitor Statistics plugin <= 7.3 - Broken Access Control vulnerability |
| CVE-2025-22303 | 2025-01-07 | WordPress WP Mailster plugin <= 1.8.17.0 - Sensitive Data Exposure vulnerability |
| CVE-2025-22302 | 2025-01-07 | WordPress WP Wand plugin <= 1.2.5 - Broken Access Control vulnerability |
| CVE-2025-22301 | 2025-01-07 | WordPress MyBookTable Bookstore by Stormhill Media plugin <= 3.5.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22300 | 2025-01-07 | WordPress PixelYourSite plugin <= 10.0.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22299 | 2025-01-07 | WordPress AI for SEO plugin <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2025-22298 | 2025-01-07 | WordPress Hive Support plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-22297 | 2025-01-07 | WordPress AI WP Writer plugin <= 3.8.4.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-22293 | 2025-01-07 | WordPress Gutentor plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22261 | 2025-01-07 | WordPress WP FullCalendar plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56300 | 2025-01-07 | WordPress Post/Page Copying Tool plugin <= 2.0.0 - Sensitive Data Exposure vulnerability |
| CVE-2024-56299 | 2025-01-07 | WordPress Notify Odoo plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-56298 | 2025-01-07 | WordPress Pretty Simple Popup Builder Plugin <= 1.0.9 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56297 | 2025-01-07 | WordPress Highlight plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56296 | 2025-01-07 | WordPress Mang Board WP plugin <= 1.8.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56294 | 2025-01-07 | WordPress Nexter Blocks plugin <= 4.0.7 - Broken Access Control vulnerability |
| CVE-2024-56293 | 2025-01-07 | WordPress AFI – The Easiest Integration Plugin <= 1.95.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56292 | 2025-01-07 | WordPress Email Reminders Plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56291 | 2025-01-07 | WordPress PlainInventory – Inventory Management Plugin Plugin <= 3.1.6 - PHP Object Injection vulnerability |
| CVE-2024-56290 | 2025-01-07 | WordPress Multiple Shipping And Billing Address For Woocommerce Plugin <= 1.2 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-56289 | 2025-01-07 | WordPress Groundhogg plugin <= 3.7.3.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56288 | 2025-01-07 | WordPress WP Docs plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56287 | 2025-01-07 | WordPress WP jQuery DataTable Plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56286 | 2025-01-07 | WordPress Classic Addons – WPBakery Page Builder plugin <= 3.0 - Local File Inclusion vulnerability |
| CVE-2024-56285 | 2025-01-07 | WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.5.1 - Cross-Site Scripting vulnerability |
| CVE-2024-56284 | 2025-01-07 | WordPress SSL Wireless SMS Notification Plugin <= 3.5.0 - SQL Injection vulnerability |
| CVE-2024-56283 | 2025-01-07 | WordPress Locatoraid Store Locator Plugin <= 3.9.50 - PHP Object Injection vulnerability |
| CVE-2024-56282 | 2025-01-07 | WordPress WPMozo Addons Lite for Elementor plugin <= 1.1.0 - Local File Inclusion vulnerability |
| CVE-2024-56281 | 2025-01-07 | WordPress 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin <= 5.2.0 - Local File Inclusion vulnerability |
| CVE-2024-56280 | 2025-01-07 | WordPress WPGuppy plugin <= 1.1.0 - Privilege Escalation vulnerability |
| CVE-2024-56279 | 2025-01-07 | WordPress Compact WP Audio Player plugin <= 1.9.14 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-56278 | 2025-01-07 | WordPress WP Ultimate Exporter plugin <= 2.9.1 - Remote Code Execution (RCE) vulnerability |
| CVE-2024-56276 | 2025-01-07 | WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability |
| CVE-2024-56275 | 2025-01-07 | WordPress Envato Elements plugin <= 2.0.14 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-56274 | 2025-01-07 | WordPress Astra Widgets plugin <= 1.2.15 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56273 | 2025-01-07 | WordPress WPvivid Backup plugin <= 0.9.106 - Broken Access Control vulnerability |
| CVE-2024-56271 | 2025-01-07 | WordPress WP SecureSubmit plugin <= 1.5.16 - Broken Access Control vulnerability |
| CVE-2024-51715 | 2025-01-07 | WordPress ClickWhale plugin <=2.4.1 - SQL Injection vulnerability |
| CVE-2024-51700 | 2025-01-07 | WordPress NAVER Analytics plugin <= 0.9 - CSRF to Stored XSS vulnerability |
| CVE-2024-51651 | 2025-01-07 | WordPress CubeWP Forms plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2024-49649 | 2025-01-07 | WordPress Build App Online plugin <= 1.0.23 - Local File Inclusion vulnerability |
| CVE-2024-49644 | 2025-01-07 | WordPress Accessibility by AllAccessible plugin <= 1.3.4 - Privilege Escalation vulnerability |
| CVE-2024-49633 | 2025-01-07 | WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-49294 | 2025-01-07 | WordPress WpBusTicketly plugin <= 5.4.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49249 | 2025-01-07 | WordPress SMSA Shipping plugin <= 2.3 - Arbitrary File Deletion vulnerability |
| CVE-2024-49222 | 2025-01-07 | WordPress WPGuppy plugin <= 1.1.0 - PHP Object Injection vulnerability |
| CVE-2024-43243 | 2025-01-07 | WordPress JobBoard Job listing plugin <= 1.2.6 - Arbitrary File Upload vulnerability |
| CVE-2024-12316 | 2025-01-07 | Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export |
| CVE-2024-12033 | 2025-01-07 | Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync |
| CVE-2024-12532 | 2025-01-07 | BWD Elementor Addons <= 4.3.18 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates |
| CVE-2024-12711 | 2025-01-07 | RSVP and Event Management <= 2.7.13 - Missing Authorization |
| CVE-2024-11826 | 2025-01-07 | Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12425 | 2025-01-07 | Path traversal leading to arbitrary .ttf file write |
| CVE-2024-52367 | 2025-01-07 | IBM Concert Software information disclosure |
| CVE-2024-52891 | 2025-01-07 | IBM Concert Software log manipulation |
| CVE-2024-52366 | 2025-01-07 | IBM Concert Software information disclosure |
| CVE-2024-52893 | 2025-01-07 | IBM Concert Software information disclosure |
| CVE-2024-45640 | 2025-01-07 | IBM Security QRadar EDR information disclosure |
| CVE-2024-12426 | 2025-01-07 | URL fetching can be used to exfiltrate arbitrary INI file values and environment variables |
| CVE-2024-45100 | 2025-01-07 | IBM Security QRadar EDR denial of service |
| CVE-2024-12738 | 2025-01-07 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-12131 | 2025-01-07 | WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference |
| CVE-2025-0294 | 2025-01-07 | SourceCodester Home Clean Services Management System process.php sql injection |
| CVE-2025-0295 | 2025-01-07 | code-projects Online Book Shop booklist.php cross site scripting |
| CVE-2025-0296 | 2025-01-07 | code-projects Online Book Shop booklist.php sql injection |