CVE List - 2025 / April
Showing 3501 - 3600 of 4038 CVEs for April 2025 (Page 36 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-46480 | 2025-04-24 | WordPress Nepali Post Date <= 5.1.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46484 | 2025-04-24 | WordPress Image Hover Effects For WPBakery Page Builder <= 2.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46492 | 2025-04-24 | WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability |
| CVE-2025-46495 | 2025-04-24 | WordPress Drop Caps plugin <= 2.1 - CSRF to XSS vulnerability |
| CVE-2025-46497 | 2025-04-24 | WordPress Navegg Analytics plugin <= 3.3.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-46499 | 2025-04-24 | WordPress PayPal Express Checkout plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-46502 | 2025-04-24 | WordPress LSD Custom taxonomy and category meta plugin <= 1.3.2 - CSRF to XSS vulnerability |
| CVE-2025-46504 | 2025-04-24 | WordPress Vasaio QR Code plugin <= 1.2.5 - CSRF to XSS vulnerability |
| CVE-2025-46506 | 2025-04-24 | WordPress WpZon – Amazon Affiliate Plugin plugin <= 1.3 - CSRF to XSS vulnerability |
| CVE-2025-46508 | 2025-04-24 | WordPress Advanced lazy load plugin <= 1.6.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-46510 | 2025-04-24 | WordPress Contact Form 7 Calendar plugin <= 3.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46512 | 2025-04-24 | WordPress Custom Functions Plugin plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46514 | 2025-04-24 | WordPress Milat jQuery Automatic Popup plugin <= 1.3.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46516 | 2025-04-24 | WordPress Twitter Card Generator plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46520 | 2025-04-24 | WordPress Related Posts via Taxonomies plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46522 | 2025-04-24 | WordPress Tabs plugin <= 4.0.3 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46524 | 2025-04-24 | WordPress WP Filter Post Category plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46528 | 2025-04-24 | WordPress Availability Calendar <= 0.2.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46530 | 2025-04-24 | WordPress Hacklog Remote Attachment <= 1.3.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46532 | 2025-04-24 | WordPress Tooltip <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46534 | 2025-04-24 | WordPress Image Style Hover <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46536 | 2025-04-24 | WordPress Carousel-of-post-images <= 1.07 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46538 | 2025-04-24 | WordPress Inline Text Popup <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46540 | 2025-04-24 | WordPress GNA Search Shortcode <= 0.9.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46542 | 2025-04-24 | WordPress Xpert Tab <= 1.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46438 | 2025-04-24 | WordPress GTDB Guitar Tuners <= 4.2.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46445 | 2025-04-24 | WordPress External Markdown <= 0.0.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46449 | 2025-04-24 | WordPress WoWHead Tooltips <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46453 | 2025-04-24 | WordPress Zoho Creator Forms <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46457 | 2025-04-24 | WordPress Wp Custom CMS Block plugin <= 2.1 - CSRF to Stored XSS vulnerability |
| CVE-2025-46461 | 2025-04-24 | WordPress RRSSB <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46467 | 2025-04-24 | WordPress RAphicon <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46471 | 2025-04-24 | WordPress WP Custom Post Popup <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46475 | 2025-04-24 | WordPress Able Player <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46479 | 2025-04-24 | WordPress BBCode Deluxe <= 2020.08.01.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46483 | 2025-04-24 | WordPress Peadig’s Google +1 Button <= 0.1.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46491 | 2025-04-24 | WordPress Multi-Column Taxonomy List <= 1.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46496 | 2025-04-24 | WordPress Mini twitter feed <= 3.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46501 | 2025-04-24 | WordPress Mixcloud Embed <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46505 | 2025-04-24 | WordPress Peekaboo <= 1.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46509 | 2025-04-24 | WordPress 360 View <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46513 | 2025-04-24 | WordPress All in One Time Clock Lite <= 1.3.324 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-46517 | 2025-04-24 | WordPress Blog Manager WP <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46521 | 2025-04-24 | WordPress WS Force Login Page <= 3.0.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46525 | 2025-04-24 | WordPress WP Cookie Consent <= 1.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46529 | 2025-04-24 | WordPress Business Contact Widget <= 2.7.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46533 | 2025-04-24 | WordPress Landing pages and Domain aliases for WordPress <= 0.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46541 | 2025-04-24 | WordPress WP-reCAPTCHA-bp <= 4.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46442 | 2025-04-24 | WordPress Loan Calculator plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2025-46451 | 2025-04-24 | WordPress Floating Social Bar <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46459 | 2025-04-24 | WordPress Confirm User Registration <= 2.1.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46469 | 2025-04-24 | WordPress Send From <= 2.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46477 | 2025-04-24 | WordPress WP Customize Login Page <= 1.6.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46485 | 2025-04-24 | WordPress WP Customize Login Page <= 1.6.5 - Broken Access Control Vulnerability |
| CVE-2025-46489 | 2025-04-24 | WordPress Bulk Assign Linked Products For WooCommerce <= 2.1 - Broken Access Control Vulnerability |
| CVE-2025-46503 | 2025-04-24 | WordPress Simple Google Photos Grid <= 1.5 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-46511 | 2025-04-24 | WordPress BeerXML Shortcode <= 0.71 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-46519 | 2025-04-24 | WordPress Media Library Downloader <= 1.3.1 - Broken Access Control Vulnerability |
| CVE-2025-46531 | 2025-04-24 | WordPress WP AVCL Automation Helper (formerly WPFlyLeads) <= 3.4 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-46447 | 2025-04-24 | WordPress Fable Extra <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46481 | 2025-04-24 | WordPress Flickr Shortcode Importer <= 2.2.3 - PHP Object Injection Vulnerability |
| CVE-2025-46507 | 2025-04-24 | WordPress Unsafe Mimetypes plugin <= 0.1.4 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-46523 | 2025-04-24 | WordPress COVID-19 (Coronavirus) Update Your Customers <= 1.5.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46473 | 2025-04-24 | WordPress Social Counter <= 2.0.5 - PHP Object Injection Vulnerability |
| CVE-2025-46498 | 2025-04-24 | WordPress Zalo Official Live Chat <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2024-30148 | 2025-04-24 | HCL Leap is affected by improper access control |
| CVE-2024-30147 | 2025-04-24 | HCL Leap is affected by a cross-site scripting (XSS) vulnerability |
| CVE-2024-30114 | 2025-04-24 | HCL Leap is affected by a cross-site scripting (XSS) vulnerability |
| CVE-2024-30113 | 2025-04-24 | HCL Leap is affected by a cross-site scripting (XSS) vulnerability |
| CVE-2023-45720 | 2025-04-24 | HCL Leap is affected by a disclosure of private personal information vulnerability |
| CVE-2023-37534 | 2025-04-24 | HCL Leap is affected by a Cross-site scripting (XSS) vulnerability |
| CVE-2025-31324 | 2025-04-24 | Missing Authorization check in SAP NetWeaver (Visual Composer development server) |
| CVE-2025-43858 | 2025-04-24 | YoutubeDLSharp allows command injection on windows system due to non sanitized arguments |
| CVE-2025-43859 | 2025-04-24 | h11 accepts some malformed Chunked-Encoding bodies |
| CVE-2025-26382 | 2025-04-24 | Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool |
| CVE-2024-30127 | 2025-04-24 | HCL Leap is affected by missing "no cache" headers |
| CVE-2023-37516 | 2025-04-24 | HCL Leap is affected by missing "no cache" headers |
| CVE-2022-44760 | 2025-04-24 | HCL Leap is affected by an unrestricted upload of file with dangerous type vulnerability |
| CVE-2022-44759 | 2025-04-24 | HCL Leap is affected by Cross-site scripting (XSS) |
| CVE-2025-43861 | 2025-04-24 | ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection |
| CVE-2025-3749 | 2025-04-24 | Breeze Display <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via cal_size Parameter |
| CVE-2025-1294 | 2025-04-24 | eForm <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-46271 | 2025-04-24 | Planet Technology Network Products OS Command Injection |
| CVE-2025-46272 | 2025-04-24 | Planet Technology Network Products OS Command Injection |
| CVE-2025-46273 | 2025-04-24 | Planet Technology Network Products Use of Hard-coded Credentials |
| CVE-2025-46274 | 2025-04-24 | Planet Technology Network Products Use of Hard-coded Credentials |
| CVE-2025-46275 | 2025-04-24 | Planet Technology Network Products Missing Authentication for Critical Function |
| CVE-2025-3606 | 2025-04-24 | Vestel AC Charger Exposure of Sensitive System Information to an Unauthorized Control Sphere |
| CVE-2025-2185 | 2025-04-24 | ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration |
| CVE-2024-57375 | 2025-04-25 | Andamiro Pump It Up 20th Anniversary (aka Double X or... |
| CVE-2025-25775 | 2025-04-25 | Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL... |
| CVE-2025-28076 | 2025-04-25 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and... |
| CVE-2025-28128 | 2025-04-25 | An issue in Mytel Telecom Online Account System v1.0 allows... |
| CVE-2025-28354 | 2025-04-25 | An issue in the Printer Manager Systm of Entrust Corp... |
| CVE-2025-32979 | 2025-04-25 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by... |
| CVE-2025-32981 | 2025-04-25 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage... |
| CVE-2025-32982 | 2025-04-25 | NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema... |
| CVE-2025-32983 | 2025-04-25 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via... |
| CVE-2025-32984 | 2025-04-25 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS)... |
| CVE-2025-32985 | 2025-04-25 | NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can... |