CVE List - 2025 / April
Showing 1601 - 1700 of 4038 CVEs for April 2025 (Page 17 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-32616 | 2025-04-09 | WordPress Nimbata Call Tracking plugin <= 1.7.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32612 | 2025-04-09 | WordPress User Session Synchronizer plugin <= 1.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32610 | 2025-04-09 | WordPress Foliopress WYSIWYG plugin <= 2.6.18 - CSRF to Stored XSS vulnerability |
| CVE-2025-32597 | 2025-04-09 | WordPress WordPress Events Calendar Plugin – connectDaily plugin <= 1.4.8 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-32591 | 2025-04-09 | WordPress WP Abstracts Plugin <= 2.7.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-32584 | 2025-04-09 | WordPress Chat2 plugin <= 3.6.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-32581 | 2025-04-09 | WordPress WordPress Spam Blocker Plugin <= 2.0.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-32580 | 2025-04-09 | WordPress DeBounce Email Validator plugin <= 5.7.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32576 | 2025-04-09 | WordPress WP shop plugin <= 2.6.0 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2025-32575 | 2025-04-09 | WordPress WP w3all phpBB Plugin <= 2.9.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32570 | 2025-04-09 | WordPress ChillPay WooCommerce Plugin <= 2.5.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-32563 | 2025-04-09 | WordPress WP Calais Auto Tagger plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32559 | 2025-04-09 | WordPress REVE Chat plugin <= 6.2.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32556 | 2025-04-09 | WordPress Simple Post Meta Manager Plugin <= 1.0.9 - CSRF to Reflected Cross-Site Scripting vulnerability |
| CVE-2025-32555 | 2025-04-09 | WordPress SEO, Nutrition and Print for Recipes by Edamam plugin <= 3.3 - CSRF to Cross-Site Scripting vulnerability |
| CVE-2025-32550 | 2025-04-09 | WordPress Click & Pledge Connect Plugin Plugin <= 2.24080000-WP6.6.1 - SQL Injection vulnerability |
| CVE-2025-32547 | 2025-04-09 | WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to SQL Injection vulnerability |
| CVE-2025-32543 | 2025-04-09 | WordPress Canonical Attachments Plugin <= 1.7 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32518 | 2025-04-09 | WordPress ALD Login Page plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32505 | 2025-04-09 | WordPress MultiMailer plugin <= 1.0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-32503 | 2025-04-09 | WordPress Link Shield plugin <= 0.5.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32502 | 2025-04-09 | WordPress ePaper Lister for Yumpu plugin <= 1.4.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32501 | 2025-04-09 | WordPress RentSyst plugin <= 2.0.72 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-32500 | 2025-04-09 | WordPress Codescar Radio Widget plugin <= 0.4.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32499 | 2025-04-09 | WordPress Logo Showcase Ultimate plugin <= 1.4.4 - Local File Inclusion vulnerability |
| CVE-2025-32498 | 2025-04-09 | WordPress VKontakte Cross-Post plugin <= 0.3.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32497 | 2025-04-09 | WordPress Spoiler Block plugin <= 1.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-32496 | 2025-04-09 | WordPress Ultra Demo Importer plugin <= 1.0.5 - CSRF to RCE vulnerability |
| CVE-2025-32495 | 2025-04-09 | WordPress Waymark <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-32494 | 2025-04-09 | WordPress reCAPTCHA Jetpack <= 0.2.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32493 | 2025-04-09 | WordPress BP Social Connect <= 1.6.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-32492 | 2025-04-09 | WordPress Admin Menu Post List <= 2.0.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-32489 | 2025-04-09 | WordPress Wetterwarner <= 2.7.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-32488 | 2025-04-09 | WordPress Aria Font <= 1.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-32487 | 2025-04-09 | WordPress Waymark <= 1.5.2 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-32485 | 2025-04-09 | WordPress WP Performance Pack <= 2.5.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-32484 | 2025-04-09 | WordPress WP-Planification – WP-Planning plugin <= 2.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32483 | 2025-04-09 | WordPress Request Call Back <= 1.4.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-32482 | 2025-04-09 | WordPress Custom Smilies plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-32481 | 2025-04-09 | WordPress Nino Social Connect plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-32480 | 2025-04-09 | WordPress Windows Live Writer plugin <= 0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32479 | 2025-04-09 | WordPress Flags Widget plugin <= 1.0.7 - CSRF to Stored XSS vulnerability |
| CVE-2025-32478 | 2025-04-09 | WordPress WP SexyLightBox plugin <= 0.5.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-32477 | 2025-04-09 | WordPress WP-Easy Menu plugin <= 0.41 - CSRF to Stored XSS vulnerability |
| CVE-2025-32476 | 2025-04-09 | WordPress Advanced Tag Lists plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2025-31404 | 2025-04-09 | WordPress AF Tell a Friend plugin <= 1.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-31402 | 2025-04-09 | WordPress NewsBoard Post and RSS Scroller plugin <= 1.2.12 - CSRF to Stored XSS vulnerability |
| CVE-2025-31401 | 2025-04-09 | WordPress MMX – Make Me Christmas plugin <= 1.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-31400 | 2025-04-09 | WordPress WS Audio Player plugin <= 1.1.8 - CSRF to Stored XSS vulnerability |
| CVE-2025-31399 | 2025-04-09 | WordPress CG Scroll To Top plugin <= 3.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-31395 | 2025-04-09 | WordPress Easy Custom CSS plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-31394 | 2025-04-09 | WordPress More Mime Type Filters plugin <= 0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-31393 | 2025-04-09 | WordPress Social Bookmarking RELOADED plugin <= 3.18 - CSRF to Stored XSS vulnerability |
| CVE-2025-31392 | 2025-04-09 | WordPress Smart Product Gallery Slider plugin <= 1.0.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-31391 | 2025-04-09 | WordPress Script Compressor plugin <= 1.7.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31390 | 2025-04-09 | WordPress Social Crowd plugin <= 0.9.6.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31388 | 2025-04-09 | WordPress The World plugin <= 0.4 - CSRF to Stored XSS vulnerability |
| CVE-2025-31382 | 2025-04-09 | WordPress Language Field plugin <= 0.9 - CSRF to Stored XSS vulnerability |
| CVE-2025-31377 | 2025-04-09 | WordPress Woo Product Feed For Marketing Channels <= 1.9.0 - Broken Access Control Vulnerability |
| CVE-2025-31375 | 2025-04-09 | WordPress Scheduled plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-31042 | 2025-04-09 | WordPress Sandwich Adsense <= 4.0.2 - Broken Access Control Vulnerability |
| CVE-2025-31038 | 2025-04-09 | WordPress Essential Breadcrumbs plugin <= 1.1.1 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-31036 | 2025-04-09 | WordPress WPSolr plugin <= 24.0 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-31035 | 2025-04-09 | WordPress WP Editor.md – The Perfect WordPress Markdown Editor <= 10.2.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31034 | 2025-04-09 | WordPress Customize Login Page plugin <= 1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-31033 | 2025-04-09 | WordPress Buddypress Humanity plugin <= 1.2 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-31032 | 2025-04-09 | WordPress Pagopar – WooCommerce Gateway plugin <= 2.7.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-31026 | 2025-04-09 | WordPress Comment Validation Reloaded plugin <= 0.5 - CSRF to Stored XSS vulnerability |
| CVE-2025-31023 | 2025-04-09 | WordPress Seo Meta Tags plugin <= 1.4 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-31020 | 2025-04-09 | WordPress Simple Spoiler <= 1.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31017 | 2025-04-09 | WordPress Nav Menu Manager <= 3.2.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31012 | 2025-04-09 | WordPress Age Gate <= 3.5.4 - Broken Access Control Vulnerability |
| CVE-2025-31009 | 2025-04-09 | WordPress IndieBlocks <= 0.13.1 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-31008 | 2025-04-09 | WordPress YouTube Embed <= 5.3.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31005 | 2025-04-09 | WordPress Easyfonts plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31004 | 2025-04-09 | WordPress Rich Table of Contents plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2025-31003 | 2025-04-09 | WordPress Squeeze plugin <= 1.6 - Full Path Disclosure (FPD) vulnerability |
| CVE-2025-31002 | 2025-04-09 | WordPress Squeeze plugin <= 1.6 - Arbitrary File Upload vulnerability |
| CVE-2025-31385 | 2025-04-09 | WordPress Site Table of Contents plugin <= 0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-31383 | 2025-04-09 | WordPress FrescoChat Live Chat plugin <= 3.2.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-32695 | 2025-04-09 | WordPress Checkout Mestres WP <= 8.7.5 - Privilege Escalation Vulnerability |
| CVE-2025-3114 | 2025-04-09 | Spotfire Code Execution Vulnerability |
| CVE-2025-3475 | 2025-04-09 | WEB-T - Moderately critical - Access bypass, Denial of service - SA-CONTRIB-2025-030 |
| CVE-2025-3131 | 2025-04-09 | ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031 |
| CVE-2025-3474 | 2025-04-09 | Panels - Critical - Access bypass - SA-CONTRIB-2025-033 |
| CVE-2025-3115 | 2025-04-09 | Spotfire Data Function Vulnerability |
| CVE-2025-2629 | 2025-04-09 | DLL Hijacking Vulnerability in NI LabVIEW When Loading NI Error Reporting |
| CVE-2025-2630 | 2025-04-09 | DLL Hijacking Vulnerability in NI LabVIEW |
| CVE-2025-2631 | 2025-04-09 | Out of Bounds Write Vulnerability in NI LabVIEW in InitCPUInformation() |
| CVE-2025-2632 | 2025-04-09 | Out of Bounds Write Vulnerability in NI LabVIEW reading CPU info from cache |
| CVE-2025-26901 | 2025-04-09 | WordPress Brizy Pro plugin <= 2.6.1 - Broken Access Control vulnerability |
| CVE-2025-26902 | 2025-04-09 | WordPress Brizy Pro plugin <= 2.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-26888 | 2025-04-09 | WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.8 - Broken Access Control vulnerability |
| CVE-2025-21591 | 2025-04-09 | Junos OS: An unauthenticated adjacent attacker sending a malformed DHCP packet causes jdhcpd to crash |
| CVE-2025-21594 | 2025-04-09 | Junos OS: MX Series: In DS-lite and NAT scenario receipt of crafted IPv6 traffic causes port block |
| CVE-2025-21595 | 2025-04-09 | Junos OS and Junos OS Evolved: In an EVPN-VXLAN scenario specific ARP or NDP packets cause FPC to crash |
| CVE-2025-21597 | 2025-04-09 | Junos OS and Junos OS Evolved: When BGP rib-sharding and update-threading are configured and a peer flaps, an rpd core is observed |
| CVE-2025-21601 | 2025-04-09 | Junos OS: SRX and EX Series, MX240, MX480, MX960, QFX5120 Series: When web management is enabled for specific services an attacker may cause a CPU spike by sending genuine packets to the device |
| CVE-2025-30644 | 2025-04-09 | Junos OS: EX2300, EX3400, EX4000 Series, QFX5k Series: Receipt of a specific DHCP packet causes FPC crash when DHCP Option 82 is enabled |
| CVE-2025-30645 | 2025-04-09 | Junos OS: SRX Series: Transmission of specific control traffic sent out of a DS-Lite tunnel results in flowd crash |