VULNMAP - Security Vulnerabilities

CVE List - 2025 / January

Showing 701 - 800 of 4274 CVEs for January 2025 (Page 8 of 43)

CVE ID Date Title
CVE-2025-22593 2025-01-07 WordPress Laika Pedigree Tree plugin <= 1.4 - CSRF to Stored XSS vulnerability
CVE-2025-22592 2025-01-07 WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability
CVE-2025-22591 2025-01-07 WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability
CVE-2025-22590 2025-01-07 WordPress Prayer Times Anywhere plugin <= 2.0.1 - CSRF to Stored XSS vulnerability
CVE-2025-22589 2025-01-07 WordPress Quote Tweet plugin <= 0.7 - CSRF to Stored XSS vulnerability
CVE-2025-22585 2025-01-07 WordPress Ultimate Image Hover Effects plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22584 2025-01-07 WordPress Timeline Pro plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22582 2025-01-07 WordPress Uptime Robot plugin <= 0.1.3 - CSRF to Stored XSS vulnerability
CVE-2025-22581 2025-01-07 WordPress Arcade Ready plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22580 2025-01-07 WordPress Biltorvet Dealer Tools plugin <= 1.0.22 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22579 2025-01-07 WordPress WP Header Notification plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22578 2025-01-07 WordPress WP Cookie plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22577 2025-01-07 WordPress Able Player plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22574 2025-01-07 WordPress ICS Button plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22573 2025-01-07 WordPress Icons Enricher plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22572 2025-01-07 WordPress Legacy ePlayer plugin <= 0.9.9 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22571 2025-01-07 WordPress Instabot plugin <= 1.10 - CSRF to Stored XSS vulnerability
CVE-2025-22563 2025-01-07 WordPress Pretty Urls Plugin <= 1.5.4 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-22562 2025-01-07 WordPress Title Experiments Free plugin <= 9.0.4 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-22560 2025-01-07 WordPress Saoshyant Page Builder plugin <= 3.8 - Broken Access Control vulnerability
CVE-2025-22559 2025-01-07 WordPress TubePress.NET Plugin <= 4.0.1 - CSRF to Stored XSS vulnerability
CVE-2025-22558 2025-01-07 WordPress mcjh button shortcode plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22557 2025-01-07 WordPress News Publisher Autopilot plugin <= 2.1.4 - CSRF to Stored XSS vulnerability
CVE-2025-22556 2025-01-07 WordPress Norse Rune Oracle plugin <= 1.4.1 - CSRF to Stored XSS vulnerability
CVE-2025-22555 2025-01-07 WordPress Smoothness Slider Shortcode plugin <= v1.2.2 - CSRF to Stored XSS vulnerability
CVE-2025-22554 2025-01-07 WordPress Video Embed Optimizer plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22552 2025-01-07 WordPress Affiliate Disclosure Statement plugin <= 0.3 - CSRF to Stored XSS vulnerability
CVE-2025-22551 2025-01-07 WordPress Boot-Modal plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22550 2025-01-07 WordPress AddFunc Mobile Detect plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22549 2025-01-07 WordPress WP Github plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22548 2025-01-07 WordPress ldap_login_password_and_role_manager plugin <= 1.0.12 - CSRF to Stored XSS vulnerability
CVE-2025-22547 2025-01-07 WordPress JK Html To Pdf plugin <= 1.0.0 - CSRF to Stored XSS vulnerability
CVE-2025-22546 2025-01-07 WordPress jQuery TwentyTwenty plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22545 2025-01-07 WordPress iframe to embed plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22544 2025-01-07 WordPress Mind Doodle Visual Sitemaps & Tasks plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22543 2025-01-07 WordPress ST Gallery WP plugin <= 1.0.8 - Settings Change vulnerability
CVE-2025-22541 2025-01-07 WordPress WP Delete Post Copies plugin <= 5.5 - Broken Access Control vulnerability
CVE-2025-22538 2025-01-07 WordPress Virtual Bot Plugin <= 1.0.0 - CSRF Cross Site Scripting (XSS) vulnerability
CVE-2025-22536 2025-01-07 WordPress WP Music Player Plugin <= 1.3 - SQL Injection vulnerability
CVE-2025-22534 2025-01-07 WordPress Slides & Presentations Plugin <= 0.0.39 - Broken Access Control vulnerability
CVE-2025-22533 2025-01-07 WordPress WOOEXIM Plugin <= 5.0.0 - SQL Injection vulnerability
CVE-2025-22532 2025-01-07 WordPress Simple Photo Sphere plugin <= 0.0.10 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22531 2025-01-07 WordPress Urdu Formatter – Shamil plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22530 2025-01-07 WordPress 아임포트 결제버튼 생성 플러그인 plugin <= 1.1.19 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22529 2025-01-07 WordPress WE Blocks <= 1.3.5 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22528 2025-01-07 WordPress Huurkalender WP Plugin <= 1.5.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22525 2025-01-07 WordPress Donation Block For PayPal Plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22524 2025-01-07 WordPress فرم ساز فرم افزار Plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22522 2025-01-07 WordPress SingSong plugin <= 1.2 - CSRF to Stored XSS vulnerability
CVE-2025-22520 2025-01-07 WordPress Tock Widget Plugin <= 1.1 - CSRF to Stored XSS vulnerability
CVE-2025-22519 2025-01-07 WordPress eDoc Easy Tables Plugin <= 1.29 - SQL Injection vulnerability
CVE-2025-22518 2025-01-07 WordPress Justified Image Gallery plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22517 2025-01-07 WordPress List Pages at Depth plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22516 2025-01-07 WordPress Metadata SEO plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22515 2025-01-07 WordPress Show Google Analytics widget plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22512 2025-01-07 WordPress Help Scout Plugin <= 6.5.1 - Broken Access Control vulnerability
CVE-2025-22511 2025-01-07 WordPress Slides & Presentations Plugin <= 0.0.39 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22507 2025-01-07 WordPress WPMU Prefill Post Plugin <= 1.02 - SQL Injection vulnerability
CVE-2025-22503 2025-01-07 WordPress Admin debug wordpress – enable debug Plugin <= 1.0.13 - Cross Site Request Forgery vulnerability
CVE-2025-22502 2025-01-07 WordPress MindValley Super PageMash Plugin <= 1.1 - SQL Injection vulnerability
CVE-2025-22338 2025-01-07 WordPress WP-tagMaker plugin <= 0.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22335 2025-01-07 WordPress Opencart Product in WP plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-22294 2025-01-07 WordPress Custom Field For WP Job Manager plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-56056 2025-01-07 WordPress SimpleCharm Theme <= 1.4.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-53800 2025-01-07 WordPress Rezgo Online Booking plugin <= 4.15 - Local File Inclusion vulnerability
CVE-2025-0297 2025-01-07 code-projects Online Book Shop detail.php sql injection
CVE-2024-52813 2025-01-07 matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
CVE-2025-21622 2025-01-07 ClipBucket V5 Avatar URL Path Traversal to Arbitrary File Delete
CVE-2025-21623 2025-01-07 ClipBucket V5 Unauthenticated Template Directory Update to Denial-of-Service
CVE-2025-21624 2025-01-07 ClipBucket V5 Playlist Cover File Upload to Remote Code Execution
CVE-2024-25037 2025-01-07 IBM Cognos Controller information disclosure
CVE-2024-28778 2025-01-07 IBM Cognos Controller information disclosure
CVE-2025-0298 2025-01-07 code-projects Online Book Shop process_login.php sql injection
CVE-2024-40702 2025-01-07 IBM Cognos Controller improper certificate validation
CVE-2021-20455 2025-01-07 IBM Cognos Controller information disclosure
CVE-2022-22363 2025-01-07 IBM Cognos Controller information disclosure
CVE-2025-0244 2025-01-07 When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects...
CVE-2025-0245 2025-01-07 Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134.
CVE-2025-0246 2025-01-07 When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is...
CVE-2025-0237 2025-01-07 The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to...
CVE-2025-0238 2025-01-07 Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox...
CVE-2025-0239 2025-01-07 When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird...
CVE-2025-0240 2025-01-07 Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird...
CVE-2025-0241 2025-01-07 When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird...
CVE-2025-0242 2025-01-07 Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and...
CVE-2025-0243 2025-01-07 Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough...
CVE-2025-0247 2025-01-07 Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could...
CVE-2024-8361 2025-01-07 DoS caused due to wrong hash length returned for SHA2/224 algorithm
CVE-2024-40748 2025-01-07 [20250102] - Core - XSS vector in the id attribute of menu lists
CVE-2024-40747 2025-01-07 [20250101] - Core - XSS vectors in module chromes
CVE-2024-40749 2025-01-07 [20250103] - Core - Read ACL violation in multiple core views
CVE-2024-12430 2025-01-07 An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated...
CVE-2025-0299 2025-01-07 code-projects Online Book Shop search_result.php sql injection
CVE-2024-56272 2025-01-07 WordPress Hide Category by User Role for WooCommerce plugin <= 2.1.1 - Broken Access Control vulnerability
CVE-2024-56270 2025-01-07 WordPress WP SecureSubmit plugin <= 1.5.16 - Sensitive Data Exposure vulnerability
CVE-2025-22621 2025-01-07 Privilege escalation for users who hold the “splunk_app_soar“ role in the Splunk App for SOAR
CVE-2025-22350 2025-01-07 WordPress Indeed Ultimate Learning Pro plugin <= 3.9 - SQL Injection vulnerability
CVE-2025-22500 2025-01-07 WordPress Alpha Price Table For Elementor plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22365 2025-01-07 WordPress EMC2 Alert Boxes Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-22354 2025-01-07 WordPress Digi Store theme <= 1.1.4 - Cross Site Scripting (XSS) vulnerability