CVE List - 2025 / April
Showing 101 - 200 of 4038 CVEs for April 2025 (Page 2 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-3084 | 2025-04-01 | MongoDB Server may crash due to improper validation of explain command |
| CVE-2025-30177 | 2025-04-01 | Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering |
| CVE-2025-3085 | 2025-04-01 | MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked |
| CVE-2025-1658 | 2025-04-01 | DWFX File Parsing Out-of-Bounds Read Vulnerability |
| CVE-2025-1659 | 2025-04-01 | DWFX File Parsing Out-of-Bounds Read Vulnerability |
| CVE-2025-3028 | 2025-04-01 | JavaScript code running while transforming a document with the XSLTProcessor... |
| CVE-2025-3029 | 2025-04-01 | A crafted URL containing specific Unicode characters could have hidden... |
| CVE-2025-3030 | 2025-04-01 | Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox... |
| CVE-2025-3031 | 2025-04-01 | An attacker could read 32 bits of values spilled onto... |
| CVE-2025-3032 | 2025-04-01 | Leaking of file descriptors from the fork server to web... |
| CVE-2025-3033 | 2025-04-01 | After selecting a malicious Windows `.url` shortcut from the local... |
| CVE-2025-3034 | 2025-04-01 | Memory safety bugs present in Firefox 136 and Thunderbird 136.... |
| CVE-2025-3035 | 2025-04-01 | By first using the AI chatbot in one tab and... |
| CVE-2025-1660 | 2025-04-01 | DWFX File Parsing Memory Corruption Vulnerability |
| CVE-2025-22231 | 2025-04-01 | VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231) |
| CVE-2025-31408 | 2025-04-01 | WordPress Zoho Flow plugin <= 2.13.3 - Broken Access Control vulnerability |
| CVE-2025-30210 | 2025-04-01 | Bruno XSS On Environment Name |
| CVE-2025-30354 | 2025-04-01 | Bruno ignores Safe-Mode in Asserts expressions |
| CVE-2025-30224 | 2025-04-01 | MyDumper arbitrary file read issue |
| CVE-2025-30676 | 2025-04-01 | Apache OFBiz: Stored XSS Vulnerability |
| CVE-2025-31730 | 2025-04-01 | WordPress Marketer Addons Plugin <= 1.0.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31731 | 2025-04-01 | WordPress Author Bio Shortcode Plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31732 | 2025-04-01 | WordPress GB Gallery Slideshow plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2025-31733 | 2025-04-01 | WordPress WP Sitemap Plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31734 | 2025-04-01 | WordPress Simple Post Expiration plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31735 | 2025-04-01 | WordPress Footnotes for WordPress plugin <= 2016.1230 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31737 | 2025-04-01 | WordPress Client Showcase plugin <= 1.2.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31738 | 2025-04-01 | WordPress LeadQuizzes Plugin <= 1.1.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31740 | 2025-04-01 | WordPress News, Magazine and Blog Elements Plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31741 | 2025-04-01 | WordPress Easy Magazine plugin <= 2.1.13 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31742 | 2025-04-01 | WordPress Dima Take Action Plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31743 | 2025-04-01 | WordPress Lightweight and Responsive Youtube Embed Plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31744 | 2025-04-01 | WordPress Lightweight and Responsive Youtube Embed plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31745 | 2025-04-01 | WordPress Subscription Form for Feedblitz Plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31747 | 2025-04-01 | WordPress WP Chrono plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31748 | 2025-04-01 | WordPress Opal Portfolio Plugin <= 1.0.4 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31749 | 2025-04-01 | WordPress HMH Footer Builder For Elementor plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31750 | 2025-04-01 | WordPress Breaking News WP Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31751 | 2025-04-01 | WordPress Breaking News WP Plugin <= 1.3 - CSRF to Settings Change vulnerability |
| CVE-2025-31752 | 2025-04-01 | WordPress Bulk Fields Editor plugin <= 1.8.0 - Broken Access Control vulnerability |
| CVE-2025-31754 | 2025-04-01 | WordPress DobsonDev Shortcodes plugin <= 2.1.12 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31755 | 2025-04-01 | WordPress pCloud Backup plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-31756 | 2025-04-01 | WordPress TZ PlusGallery Plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31757 | 2025-04-01 | WordPress Free Woocommerce Product Table View plugin <= 1.78 - Broken Access Control vulnerability |
| CVE-2025-31759 | 2025-04-01 | WordPress Boo Recipes plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31760 | 2025-04-01 | WordPress SnapWidget Social Photo Feed Widget plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31761 | 2025-04-01 | WordPress Hypotext plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31762 | 2025-04-01 | WordPress Sheet2Site plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31763 | 2025-04-01 | WordPress Cache control by Cacholong Plugin <= 5.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31764 | 2025-04-01 | WordPress Cache control by Cacholong plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31765 | 2025-04-01 | WordPress GDPR Cookie Notice plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2025-31766 | 2025-04-01 | WordPress PhotoShelter for Photographers Blog Feed plugin <= 1.5.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31767 | 2025-04-01 | WordPress Post Custom Templates Lite plugin <= 1.14 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31769 | 2025-04-01 | WordPress CLP – Custom Login Page by NiteoThemes plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31770 | 2025-04-01 | WordPress Content Manager Light plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31771 | 2025-04-01 | WordPress Team Members for Elementor Page Builder plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31772 | 2025-04-01 | WordPress WP Modal Popup with Cookie Integration plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31773 | 2025-04-01 | WordPress Ship Per Product plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2025-31774 | 2025-04-01 | WordPress Astra Security Suite plugin<= 0.2 - Broken Access Control vulnerability |
| CVE-2025-31775 | 2025-04-01 | WordPress Google SEO Pressor for Rich snippets Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31776 | 2025-04-01 | WordPress Uptime Robot Plugin <= 2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31777 | 2025-04-01 | WordPress Clockinator Lite plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2025-31778 | 2025-04-01 | WordPress Donate Me Plugin <= 1.2.5 - Stored Cross-Site Scripting vulnerability |
| CVE-2025-31779 | 2025-04-01 | WordPress Query Wrangler plugin <= 1.5.53 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31780 | 2025-04-01 | WordPress Append Content plugin <= 2.1.1 - CSRF to Settings Change vulnerability |
| CVE-2025-31781 | 2025-04-01 | WordPress Gift Cards for WooCommerce plugin <= 1.5.8 - Broken Access Control vulnerability |
| CVE-2025-31782 | 2025-04-01 | WordPress mb.YTPlayer plugin <= 3.3.8 - Broken Access Control vulnerability |
| CVE-2025-31783 | 2025-04-01 | WordPress Leartes TRY Exchange Rates Plugin <= 2.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31784 | 2025-04-01 | WordPress Embed Extended – Embed Maps, Videos, Websites, Source Codes, and more Plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31785 | 2025-04-01 | WordPress Clearbit Reveal plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31786 | 2025-04-01 | WordPress Simple Icons plugin <= 2.8.4 - Broken Access Control vulnerability |
| CVE-2025-31787 | 2025-04-01 | WordPress Cue by AudioTheme.com plugin <= 2.4.4 - Broken Access Control vulnerability |
| CVE-2025-31788 | 2025-04-01 | WordPress AIO Performance Profiler, Monitor, Optimize, Compress & Debug plugin <= 1.2 - Sensitive Data Exposure vulnerability |
| CVE-2025-31790 | 2025-04-01 | WordPress Posten plugin <= 0.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31791 | 2025-04-01 | WordPress Pin Generator Plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2025-31792 | 2025-04-01 | WordPress Piotnet Forms plugin <= 1.0.30 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31793 | 2025-04-01 | WordPress Piotnet Forms plugin <= 1.0.30 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31796 | 2025-04-01 | WordPress ElementsCSS Addons for Elementor plugin <= 1.0.8.7 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-31797 | 2025-04-01 | WordPress Sprout Clients plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31798 | 2025-04-01 | WordPress Publitio Plugin <= 2.1.8 - Broken Access Control vulnerability |
| CVE-2025-31799 | 2025-04-01 | WordPress Publitio plugin <= 2.1.8 - Broken Access Control vulnerability |
| CVE-2025-31801 | 2025-04-01 | WordPress MX Time Zone Clocks plugin <= 5.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31802 | 2025-04-01 | WordPress Shiptimize for WooCommerce plugin <= 3.1.86 - Settings Change vulnerability |
| CVE-2025-31803 | 2025-04-01 | WordPress Turisbook Booking System plugin <= 1.3.7 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31804 | 2025-04-01 | WordPress Follow Us Badges plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31805 | 2025-04-01 | WordPress Gutena Kit plugin <= 2.0.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31806 | 2025-04-01 | WordPress Webling Plugin <= 3.9.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31807 | 2025-04-01 | WordPress Product Notices for WooCommerce plugin <= 1.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31808 | 2025-04-01 | WordPress SCSS WP Editor Plugin <= 1.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31809 | 2025-04-01 | WordPress Labinator Content Types Duplicator Plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31810 | 2025-04-01 | WordPress Question Answer Plugin <= 1.2.70 - Broken Access Control vulnerability |
| CVE-2025-31811 | 2025-04-01 | WordPress Planyo online reservation system plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31812 | 2025-04-01 | WordPress BuddyPress Members Only plugin <= 3.5.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31813 | 2025-04-01 | WordPress WPSHARE247 Elementor Addons plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31814 | 2025-04-01 | WordPress OwnerRez Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-31815 | 2025-04-01 | WordPress Design Blocks plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31816 | 2025-04-01 | WordPress Mobile App Canvas Plugin <= 3.8.1 - Broken Access Control vulnerability |
| CVE-2025-31817 | 2025-04-01 | WordPress BlockWheels plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31818 | 2025-04-01 | WordPress ContentBot AI Writer plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31820 | 2025-04-01 | WordPress Automatic Featured Images from Videos plugin <= 1.2.4 - Broken Access Control vulnerability |