CVE List - 2025 / April
Showing 2801 - 2900 of 4038 CVEs for April 2025 (Page 29 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-39432 | 2025-04-17 | WordPress bbPress2 shortcode whitelist plugin <= 2.2.1 - CSRF to XSS vulnerability |
| CVE-2025-39431 | 2025-04-17 | WordPress Amazon Showcase WordPress Plugin plugin <= 2.2 - CSRF to XSS vulnerability |
| CVE-2025-39430 | 2025-04-17 | WordPress mLanguage plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39429 | 2025-04-17 | WordPress Széchenyi 2020 Logo <= 1.1 - Local File Inclusion Vulnerability |
| CVE-2025-39428 | 2025-04-17 | WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39427 | 2025-04-17 | WordPress WP Post to PDF Enhanced plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39426 | 2025-04-17 | WordPress illow – Cookies Consent plugin <= 0.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39425 | 2025-04-17 | WordPress Style Manager plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-39424 | 2025-04-17 | WordPress Simple Maps plugin <= 0.98 - CSRF to XSS vulnerability |
| CVE-2025-39423 | 2025-04-17 | WordPress Add to Header plugin <= 1.0 - CSRF to XSS vulnerability |
| CVE-2025-39422 | 2025-04-17 | WordPress WP Social Bookmarking plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39421 | 2025-04-17 | WordPress WP Sticky Side Buttons plugin <= 2.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39420 | 2025-04-17 | WordPress WP Twitter Button plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39419 | 2025-04-17 | WordPress Revision Diet plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-39418 | 2025-04-17 | WordPress RSS Manager plugin <= 0.06 - CSRF to Stored XSS vulnerability |
| CVE-2025-39417 | 2025-04-17 | WordPress Redirect wordpress to welcome or landing page plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-39416 | 2025-04-17 | WordPress translit it! plugin <= 1.6 - CSRF to Stored XSS vulnerability |
| CVE-2025-39415 | 2025-04-17 | WordPress Social Media Links plugin <= 1.0.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-39414 | 2025-04-17 | WordPress spam-stopper plugin <= 3.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-26968 | 2025-04-17 | WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability |
| CVE-2025-22796 | 2025-04-17 | WordPress WP-Asambleas Plugin <= 2.85.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22774 | 2025-04-17 | WordPress CRUDLab Scroll to Top Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22771 | 2025-04-17 | WordPress The Great Firewords of China plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22692 | 2025-04-17 | WordPress Sponsered Link plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22655 | 2025-04-17 | WordPress CWD - Stealth Links plugin <= 1.3 - SQL Injection vulnerability |
| CVE-2025-22651 | 2025-04-17 | WordPress Stylish Google Sheet Reader plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22636 | 2025-04-17 | WordPress VR-Frases plugin <= 3.0.1 - Reflected XSS to SQL Injection vulnerability |
| CVE-2025-22565 | 2025-04-17 | WordPress vooPlayer v4 Plugin <= 4.0.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22340 | 2025-04-17 | WordPress Data Dash plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-12530 | 2025-04-17 | Insecure Dynamic-Link Library (DLL) Load vulnerability |
| CVE-2025-39596 | 2025-04-17 | WordPress Quentn WP <= 1.2.8 - Privilege Escalation Vulnerability |
| CVE-2025-39595 | 2025-04-17 | WordPress Quentn WP <= 1.2.8 - SQL Injection Vulnerability |
| CVE-2025-39594 | 2025-04-17 | WordPress Arigato Autoresponder and Newsletter plugin <= 2.7.2.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39588 | 2025-04-17 | WordPress Ultimate Store Kit Elementor Addons <= 2.4.0 - Deserialization of untrusted data Vulnerability |
| CVE-2025-39587 | 2025-04-17 | WordPress Cost Calculator Builder <= 3.2.65 - SQL Injection Vulnerability |
| CVE-2025-39586 | 2025-04-17 | WordPress ProfileGrid <= 5.9.4.8 - SQL Injection Vulnerability |
| CVE-2025-39583 | 2025-04-17 | WordPress BERTHA AI <= 1.12.10.2 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-39580 | 2025-04-17 | WordPress Dashi <= 3.1.8 - Broken Access Control Vulnerability |
| CVE-2025-39569 | 2025-04-17 | WordPress Taskbuilder <= 4.0.1 - SQL Injection Vulnerability |
| CVE-2025-39568 | 2025-04-17 | WordPress StoreContrl Woocommerce <= 4.1.3 - Arbitrary File Download Vulnerability |
| CVE-2025-39567 | 2025-04-17 | WordPress Web Directory Free plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39562 | 2025-04-17 | WordPress Payment Form for PayPal Pro <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-39559 | 2025-04-17 | WordPress Bring Fraktguiden for WooCommerce plugin <= 1.11.4 - Broken Access Control vulnerability |
| CVE-2025-39558 | 2025-04-17 | WordPress CRM Perks plugin <= 1.1.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39554 | 2025-04-17 | WordPress AI Text to Speech plugin <= 3.0.3 - Broken Access Control vulnerability |
| CVE-2025-39551 | 2025-04-17 | WordPress FluentBoards <= 1.47 - PHP Object Injection Vulnerability |
| CVE-2025-39550 | 2025-04-17 | WordPress FluentCommunity <= 1.2.15 - PHP Object Injection Vulnerability |
| CVE-2025-39542 | 2025-04-17 | WordPress Xelion Webchat <= 9.1.0 - Privilege Escalation Vulnerability |
| CVE-2025-39535 | 2025-04-17 | WordPress Vitepos <= 3.1.7 - Broken Authentication Vulnerability |
| CVE-2025-39533 | 2025-04-17 | WordPress Starfish Review Generation & Marketing plugin <= 3.1.14 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2025-39532 | 2025-04-17 | WordPress Spice Blocks <= 2.0.7.1 - Broken Access Control Vulnerability |
| CVE-2025-39527 | 2025-04-17 | WordPress Rating by BestWebSoft <= 1.7 - PHP Object Injection Vulnerability |
| CVE-2025-39526 | 2025-04-17 | WordPress Hotel Booking Plugin <= 3.6 - Local File Inclusion vulnerability |
| CVE-2025-39521 | 2025-04-17 | WordPress Contact Form vCard Generator plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39519 | 2025-04-17 | WordPress Bulk Page Stub Creator plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32686 | 2025-04-17 | WordPress Team Members <= 3.4.0 - PHP Object Injection Vulnerability |
| CVE-2025-32682 | 2025-04-17 | WordPress MapSVG Lite plugin <= 8.5.34 - Arbitrary File Upload Vulnerability |
| CVE-2025-32674 | 2025-04-17 | WordPress Product Excel Import Export & Bulk Edit for WooCommerce plugin <= 4.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-32670 | 2025-04-17 | WordPress Spark GF Failed Submissions plugin <= 1.3.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32666 | 2025-04-17 | WordPress Hive Support plugin <= 1.2.2- Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32665 | 2025-04-17 | WordPress Office Locator plugin <= 1.3.0 - SQL Injection vulnerability |
| CVE-2025-32662 | 2025-04-17 | WordPress uListing plugin <= 2.2.0 - Deserialization of untrusted data vulnerability |
| CVE-2025-32660 | 2025-04-17 | WordPress JS Job Manager plugin <= 2.0.2 - Arbitrary File Upload vulnerability |
| CVE-2025-32658 | 2025-04-17 | WordPress HelpGent plugin <= 2.2.4 - PHP Object Injection vulnerability |
| CVE-2025-32655 | 2025-04-17 | WordPress Restrict User Registration plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-32653 | 2025-04-17 | WordPress Cart66 Cloud Plugin <= 2.3.7 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32652 | 2025-04-17 | WordPress Solace Extra plugin <= 1.3.1 - Arbitrary File Upload vulnerability |
| CVE-2025-32651 | 2025-04-17 | WordPress SERPed.net Plugin <= 4.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32649 | 2025-04-17 | WordPress GB Gallery Slideshow Plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32648 | 2025-04-17 | WordPress Projectopia - Project Magement Plugin <= 5.1.16 - Privilege Escalation vulnerability |
| CVE-2025-32647 | 2025-04-17 | WordPress Question Answer Plugin <= 1.2.70 - PHP Object Injection vulnerability |
| CVE-2025-32646 | 2025-04-17 | WordPress Question Answer Plugin <= 1.2.70 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32639 | 2025-04-17 | WordPress Affiliate Links plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32638 | 2025-04-17 | WordPress ShopApper plugin <= 0.4.39 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32637 | 2025-04-17 | WordPress WP Donate Plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32636 | 2025-04-17 | WordPress Local Magic Plugin <= 2.6.0 - SQL Injection vulnerability |
| CVE-2025-32635 | 2025-04-17 | WordPress Hive Support plugin <= 1.2.2 - Sensitive Data Exposure vulnerability |
| CVE-2025-32634 | 2025-04-17 | WordPress Run Contests, Raffles, and Giveaways Plugin <= 2.0.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32630 | 2025-04-17 | WordPress WP-BusinessDirectory Plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32628 | 2025-04-17 | WordPress Crowdfunding for WooCommerce Plugin <= 3.1.12 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32626 | 2025-04-17 | WordPress JS Job Manager plugin <= 2.0.2 - SQL Injection vulnerability |
| CVE-2025-32625 | 2025-04-17 | WordPress Mobile Blocks Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32622 | 2025-04-17 | WordPress OTP-less one tap Sign in Plugin <= 2.0.58 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32620 | 2025-04-17 | WordPress Doppler Forms plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2025-32615 | 2025-04-17 | WordPress Clinked Client Portal Plugin <= 1.10 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32613 | 2025-04-17 | WordPress Debug Log Manager plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32611 | 2025-04-17 | WordPress WooCommerce TBC Credit Card Payment Gateway (Free) Plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32609 | 2025-04-17 | WordPress Verowa Connect Plugin <= 3.0.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32608 | 2025-04-17 | WordPress Movylo Marketing Automation Plugin <= 2.0.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32606 | 2025-04-17 | WordPress Listings for Buildium plugin <= 0.1.4 - CSRF to Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2025-32605 | 2025-04-17 | WordPress MemberPress Discord Addon Plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32604 | 2025-04-17 | WordPress AWSA Shipping Plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32602 | 2025-04-17 | WordPress WooMS Plugin <= 9.12 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32596 | 2025-04-17 | WordPress Real Estate Manager plugin <= 7.3 - Arbitrary Code Execution vulnerability |
| CVE-2025-32594 | 2025-04-17 | WordPress Simple WP Events plugin <= 1.8.17 - Sensitive Data Exposure vulnerability |
| CVE-2025-32593 | 2025-04-17 | WordPress Add Product Frontend for WooCommerce plugin <= 1.0.6 - Arbitrary Content Deletion vulnerability |
| CVE-2025-32592 | 2025-04-17 | WordPress TableOn Plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32590 | 2025-04-17 | WordPress Web2application Plugin <= 5.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32588 | 2025-04-17 | WordPress Credova_Financial plugin <= 2.4.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32583 | 2025-04-17 | WordPress PDF 2 Post Plugin <= 2.4.0 - Remote Code Execution (RCE) vulnerability |