CVE List - 2025 / April

Showing 3501 - 3600 of 4033 CVEs for April 2025 (Page 36 of 41)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-46504	2025-04-24	WordPress Vasaio QR Code plugin <= 1.2.5 - CSRF to XSS vulnerability
CVE-2025-46506	2025-04-24	WordPress WpZon – Amazon Affiliate Plugin plugin <= 1.3 - CSRF to XSS vulnerability
CVE-2025-46508	2025-04-24	WordPress Advanced lazy load plugin <= 1.6.0 - CSRF to Stored XSS vulnerability
CVE-2025-46510	2025-04-24	WordPress Contact Form 7 Calendar plugin <= 3.0.1 - CSRF to Stored XSS vulnerability
CVE-2025-46512	2025-04-24	WordPress Custom Functions Plugin plugin <= 1.1 - CSRF to Stored XSS vulnerability
CVE-2025-46514	2025-04-24	WordPress Milat jQuery Automatic Popup plugin <= 1.3.1 - CSRF to Stored XSS vulnerability
CVE-2025-46516	2025-04-24	WordPress Twitter Card Generator plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
CVE-2025-46520	2025-04-24	WordPress Related Posts via Taxonomies plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
CVE-2025-46522	2025-04-24	WordPress Tabs plugin <= 4.0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
CVE-2025-46524	2025-04-24	WordPress WP Filter Post Category plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
CVE-2025-46528	2025-04-24	WordPress Availability Calendar <= 0.2.4 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-46530	2025-04-24	WordPress Hacklog Remote Attachment <= 1.3.2 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-46532	2025-04-24	WordPress Tooltip <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46534	2025-04-24	WordPress Image Style Hover <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46536	2025-04-24	WordPress Carousel-of-post-images <= 1.07 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46538	2025-04-24	WordPress Inline Text Popup <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46540	2025-04-24	WordPress GNA Search Shortcode <= 0.9.5 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46542	2025-04-24	WordPress Xpert Tab <= 1.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46438	2025-04-24	WordPress GTDB Guitar Tuners <= 4.2.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46445	2025-04-24	WordPress External Markdown <= 0.0.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46449	2025-04-24	WordPress WoWHead Tooltips <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46453	2025-04-24	WordPress Zoho Creator Forms <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46457	2025-04-24	WordPress Wp Custom CMS Block plugin <= 2.1 - CSRF to Stored XSS vulnerability
CVE-2025-46461	2025-04-24	WordPress RRSSB <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46467	2025-04-24	WordPress RAphicon <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46471	2025-04-24	WordPress WP Custom Post Popup <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46475	2025-04-24	WordPress Able Player <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46479	2025-04-24	WordPress BBCode Deluxe <= 2020.08.01.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46483	2025-04-24	WordPress Peadig’s Google +1 Button <= 0.1.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46491	2025-04-24	WordPress Multi-Column Taxonomy List <= 1.5 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46496	2025-04-24	WordPress Mini twitter feed <= 3.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46501	2025-04-24	WordPress Mixcloud Embed <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46505	2025-04-24	WordPress Peekaboo <= 1.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46509	2025-04-24	WordPress 360 View <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46513	2025-04-24	WordPress All in One Time Clock Lite <= 1.3.324 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-46517	2025-04-24	WordPress Blog Manager WP <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46521	2025-04-24	WordPress WS Force Login Page <= 3.0.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46525	2025-04-24	WordPress WP Cookie Consent <= 1.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46529	2025-04-24	WordPress Business Contact Widget <= 2.7.0 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46533	2025-04-24	WordPress Landing pages and Domain aliases for WordPress <= 0.8 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46541	2025-04-24	WordPress WP-reCAPTCHA-bp <= 4.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46442	2025-04-24	WordPress Loan Calculator plugin <= 1.3 - CSRF to Stored XSS vulnerability
CVE-2025-46451	2025-04-24	WordPress Floating Social Bar <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46459	2025-04-24	WordPress Confirm User Registration <= 2.1.5 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46469	2025-04-24	WordPress Send From <= 2.2 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46477	2025-04-24	WordPress WP Customize Login Page <= 1.6.5 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46485	2025-04-24	WordPress WP Customize Login Page <= 1.6.5 - Broken Access Control Vulnerability
CVE-2025-46489	2025-04-24	WordPress Bulk Assign Linked Products For WooCommerce <= 2.1 - Broken Access Control Vulnerability
CVE-2025-46503	2025-04-24	WordPress Simple Google Photos Grid <= 1.5 - Server Side Request Forgery (SSRF) Vulnerability
CVE-2025-46511	2025-04-24	WordPress BeerXML Shortcode <= 0.71 - Server Side Request Forgery (SSRF) Vulnerability
CVE-2025-46519	2025-04-24	WordPress Media Library Downloader <= 1.3.1 - Broken Access Control Vulnerability
CVE-2025-46531	2025-04-24	WordPress WP AVCL Automation Helper (formerly WPFlyLeads) <= 3.4 - Server Side Request Forgery (SSRF) Vulnerability
CVE-2025-46447	2025-04-24	WordPress Fable Extra <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46481	2025-04-24	WordPress Flickr Shortcode Importer <= 2.2.3 - PHP Object Injection Vulnerability
CVE-2025-46507	2025-04-24	WordPress Unsafe Mimetypes plugin <= 0.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
CVE-2025-46523	2025-04-24	WordPress COVID-19 (Coronavirus) Update Your Customers <= 1.5.1 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-46473	2025-04-24	WordPress Social Counter <= 2.0.5 - PHP Object Injection Vulnerability
CVE-2025-46498	2025-04-24	WordPress Zalo Official Live Chat <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2024-30148	2025-04-24	HCL Leap is affected by improper access control
CVE-2024-30147	2025-04-24	HCL Leap is affected by a cross-site scripting (XSS) vulnerability
CVE-2024-30114	2025-04-24	HCL Leap is affected by a cross-site scripting (XSS) vulnerability
CVE-2024-30113	2025-04-24	HCL Leap is affected by a cross-site scripting (XSS) vulnerability
CVE-2023-45720	2025-04-24	HCL Leap is affected by a disclosure of private personal information vulnerability
CVE-2023-37534	2025-04-24	HCL Leap is affected by a Cross-site scripting (XSS) vulnerability
CVE-2025-31324	2025-04-24	Missing Authorization check in SAP NetWeaver (Visual Composer development server)
CVE-2025-43858	2025-04-24	YoutubeDLSharp allows command injection on windows system due to non sanitized arguments
CVE-2025-43859	2025-04-24	h11 accepts some malformed Chunked-Encoding bodies
CVE-2025-26382	2025-04-24	Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool
CVE-2024-30127	2025-04-24	HCL Leap is affected by missing "no cache" headers
CVE-2023-37516	2025-04-24	HCL Leap is affected by missing "no cache" headers
CVE-2022-44760	2025-04-24	HCL Leap is affected by an unrestricted upload of file with dangerous type vulnerability
CVE-2022-44759	2025-04-24	HCL Leap is affected by Cross-site scripting (XSS)
CVE-2025-43861	2025-04-24	ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection
CVE-2025-3749	2025-04-24	Breeze Display <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via cal_size Parameter
CVE-2025-1294	2025-04-24	eForm <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting
CVE-2025-46271	2025-04-24	Planet Technology Network Products OS Command Injection
CVE-2025-46272	2025-04-24	Planet Technology Network Products OS Command Injection
CVE-2025-46273	2025-04-24	Planet Technology Network Products Use of Hard-coded Credentials
CVE-2025-46274	2025-04-24	Planet Technology Network Products Use of Hard-coded Credentials
CVE-2025-46275	2025-04-24	Planet Technology Network Products Missing Authentication for Critical Function
CVE-2025-3606	2025-04-24	Vestel AC Charger Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2025-2185	2025-04-24	ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration
CVE-2024-57375	2025-04-25	Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service (application crash) via certain deselect actions.
CVE-2025-25775	2025-04-25	Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.
CVE-2025-28076	2025-04-25	Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago, (2) user, (3) filter,...
CVE-2025-28128	2025-04-25	An issue in Mytel Telecom Online Account System v1.0 allows attackers to bypass the OTP verification process via a crafted request.
CVE-2025-28354	2025-04-25	An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request.
CVE-2025-32979	2025-04-25	NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users.
CVE-2025-32980	2025-04-25	NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration.
CVE-2025-32981	2025-04-25	NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File.
CVE-2025-32982	2025-04-25	NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module.
CVE-2025-32983	2025-04-25	NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace.
CVE-2025-32984	2025-04-25	NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter.
CVE-2025-32985	2025-04-25	NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.
CVE-2025-32986	2025-04-25	NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint.
CVE-2025-46544	2025-04-25	In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.
CVE-2025-46545	2025-04-25	In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the...
CVE-2025-46546	2025-04-25	In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/,...
CVE-2025-46547	2025-04-25	In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a...
CVE-2025-46595	2025-04-25	An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any...