CVE List - 2025 / May
Showing 2201 - 2300 of 3984 CVEs for May 2025 (Page 23 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-13357 | 2025-05-15 | Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.52 - Author+ Stored XSS |
| CVE-2024-13382 | 2025-05-15 | Calculated Fields Form < 5.2.64 - Admin+ Stored XSS |
| CVE-2024-13383 | 2025-05-15 | HD Quiz < 2.0.0 - Editor+ Stored XSS |
| CVE-2024-13384 | 2025-05-15 | Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.24 - Admin+ Stored XSS |
| CVE-2024-13482 | 2025-05-15 | Icegram Engage < 3.1.32 - Admin+ Stored XSS |
| CVE-2024-13486 | 2025-05-15 | Icegram Engage < 3.1.32 - Admin+ Stored XSS |
| CVE-2024-13616 | 2025-05-15 | VikBooking < 1.7.2 - Admin+ Stored XSS |
| CVE-2024-13619 | 2025-05-15 | LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes < 8.0.1 - Reflected XSS |
| CVE-2024-13621 | 2025-05-15 | The GDPR Framework By Data443 < 2.2.0 - Admin+ Stored XSS |
| CVE-2024-13727 | 2025-05-15 | MemberSpace – Membership Plugin and Paid Subscriptions < 2.1.14 - Reflected XSS |
| CVE-2024-13729 | 2025-05-15 | Podlove Podcast Publisher < 4.1.24 - Admin+ Stored XSS |
| CVE-2024-13730 | 2025-05-15 | Podlove Podcast Publisher < 4.2.1 - Admin+ Stored XSS |
| CVE-2024-13823 | 2025-05-15 | 360 Product Rotation <= 1.5.8 - Reflected XSS |
| CVE-2024-13828 | 2025-05-15 | Badgearoo <= 1.0.14 - Reflected XSS |
| CVE-2024-13865 | 2025-05-15 | drm-protected-video-streaming <= 4.2.1 - Reflected XSS |
| CVE-2024-5026 | 2025-05-15 | CM Tooltip Glossary < 4.3.4 - Admin+ Stored XSS |
| CVE-2024-5440 | 2025-05-15 | If-So Dynamic Content Personalization < 1.8.0.3 - Contributor+ Shortcode Stored XSS |
| CVE-2024-6159 | 2025-05-15 | Push Notification for Post and BuddyPress <=1.93 - Multiple Unauthenticated SQLi |
| CVE-2024-6335 | 2025-05-15 | Tracking Code Manager < 2.3.0- Admin+ Stored Cross-Site Scripting |
| CVE-2024-6462 | 2025-05-15 | DL Yandex Metrika <= 1.2 - Admin+ Stored XSS |
| CVE-2024-6478 | 2025-05-15 | CTT Expresso para WooCommerce < 3.2.13 - Admin+ Stored XSS |
| CVE-2024-6486 | 2025-05-15 | ImageMagick Engine < 1.7.11 - Administrator+ OS Command Injection |
| CVE-2024-6584 | 2025-05-15 | Jetpack Boost < 3.4.7 - Admin+ SSRF |
| CVE-2024-6665 | 2025-05-15 | kbucket < 4.1.6 - Admin+ Stored XSS |
| CVE-2024-6667 | 2025-05-15 | kbucket < 4.1.5 - Reflected XSS |
| CVE-2024-6668 | 2025-05-15 | profilepro <= 1.3 - Subscriber+ Stored Cross Site Scripting |
| CVE-2024-6690 | 2025-05-15 | WP Content Copy Protection & No Right Click (premium) < 15.3 - Open Redirect |
| CVE-2024-6693 | 2025-05-15 | WP Content Copy Protection & No Right Click (premium) <= 15.0 - Admin+ Stored XSS |
| CVE-2024-6708 | 2025-05-15 | Profile Builder <= 3.12.0 - Admin+ Stored Cross Site Scripting |
| CVE-2024-6712 | 2025-05-15 | MapFig Studio <= 0.2.1 - Stored XSS via CSRF |
| CVE-2024-6713 | 2025-05-15 | PVN Auth Popup <= 1.0.0 - Admin+ Stored XSS |
| CVE-2024-6718 | 2025-05-15 | PVN Auth Popup <= 1.0.0 - Contributor+ XSS via Shortcode |
| CVE-2024-6719 | 2025-05-15 | Offload Videos – Bunny.net, AWS S3 <= 1.0.1 Subscriber+ CSRF |
| CVE-2024-6797 | 2025-05-15 | DL Robots.txt <= 1.2 - Admin+ Stored XSS |
| CVE-2024-6798 | 2025-05-15 | DL Verification <= 1.2 - Admin+ Stored XSS |
| CVE-2024-6809 | 2025-05-15 | Simple Video Directory < 1.4.3 - Unauthenticated SQLi |
| CVE-2024-7556 | 2025-05-15 | Wordpress Simple Share Plugin <=0.5.3 - Admin+ XSS |
| CVE-2024-7758 | 2025-05-15 | Stylish Price List < 7.1.8 - Contributor+ Stored XSS |
| CVE-2024-7759 | 2025-05-15 | PWA For WP & AMP < 1.7.72 Administrator+ Stored XSS |
| CVE-2024-7761 | 2025-05-15 | Simple Job Board < 2.12.2 - Admin+ Stored XSS |
| CVE-2024-7762 | 2025-05-15 | Simple Job Board < 2.12.6 - Unauthenticated Resumes Download |
| CVE-2024-7769 | 2025-05-15 | Wordpress Clicksold IDX Plugin <= 1.90 - Admin+ XSS |
| CVE-2024-7984 | 2025-05-15 | Joy Of Text Lite – SMS messaging for WordPress <= 2.3.1 - Settings Update via CSRF |
| CVE-2024-8031 | 2025-05-15 | Secure Downloads < 1.2.3 - Admin+ Arbitrary File Download |
| CVE-2024-8032 | 2025-05-15 | Smooth Gallery Replacement <= 1.0 - CSRF to Stored XSS |
| CVE-2024-8050 | 2025-05-15 | Custom Author Base <= 1.1.1 - Settings Update via CSRF |
| CVE-2024-8082 | 2025-05-15 | Widgets Reset <= 0.1 - Settings Update via CSRF |
| CVE-2024-8085 | 2025-05-15 | PeoplePond <= 1.1.9 - CSRF to Stored XSS |
| CVE-2024-8090 | 2025-05-15 | JavaScript Logic <= 0.1 - CSRF to Stored XSS |
| CVE-2024-8094 | 2025-05-15 | Ntz Antispam <= 2.0e - Settings Update via CSRF |
| CVE-2024-8095 | 2025-05-15 | BabelZ – Google Translate Widget <= 1.1.5 - CSRF to Stored XSS |
| CVE-2024-8187 | 2025-05-15 | Smart Post Show <= 3.0.0 - Editor+ Stored XSS |
| CVE-2024-8245 | 2025-05-15 | GamiPress - Reset User <= 1.0.0 - GamiPress User Data Removal via CSRF |
| CVE-2024-8284 | 2025-05-15 | Download Manager <= 3.2.98 - Admin+ Stored XSS |
| CVE-2024-8286 | 2025-05-15 | GDPR Cookie Consent <= 2.6.0 - Bulk Delete via CSRF |
| CVE-2024-8397 | 2025-05-15 | GDPR Cookie Consent <= 2.6.0 - Unauthenticated Stored XSS |
| CVE-2024-8398 | 2025-05-15 | Simple Nav Archives <= 2.1.3 - Settings Update via CSRF |
| CVE-2024-8426 | 2025-05-15 | Pagelayer < 1.8.8 - Admin+ Stored XSS |
| CVE-2024-8492 | 2025-05-15 | Hustle < 7.8.5 - Admin+ Stored XSS |
| CVE-2024-8493 | 2025-05-15 | The Events Calendar < 6.6.4 - Admin+ Stored XSS |
| CVE-2024-8542 | 2025-05-15 | Everest Forms < 3.0.3.1 - Admin+ Stored XSS |
| CVE-2024-8617 | 2025-05-15 | Quiz Maker <= 6.5.9.8 - Admin+ Stored XSS |
| CVE-2024-8618 | 2025-05-15 | Page Builder: Pagelayer < 1.9.0- Admin+ Stored XSS |
| CVE-2024-8619 | 2025-05-15 | Ajax Search Lite <= 4.12.2 - Admin+ Stored XSS |
| CVE-2024-8620 | 2025-05-15 | MapPress Maps for WordPress < 2.93 - Admin+ Stored XSS via Map Settings |
| CVE-2024-8670 | 2025-05-15 | Photo Gallery by 10Web < 1.8.29 - Admin+ Stored XSS |
| CVE-2024-8673 | 2025-05-15 | Z-Downloads < 1.11.7 - Admin+ Stored XSS via SVG Upload |
| CVE-2024-8699 | 2025-05-15 | Z-Downloads < 1.11.5 - Admin+ Arbitrary File Upload |
| CVE-2024-8700 | 2025-05-15 | Event Calendar <= 1.0.4 - Unauthenticated Arbitrary Calendar Deletion |
| CVE-2024-8701 | 2025-05-15 | Event Calendar <= 1.0.4 - Admin+ Stored XSS |
| CVE-2024-8702 | 2025-05-15 | Backup Database <= 4.9 - Admin+ Stored XSS |
| CVE-2024-8703 | 2025-05-15 | Z-Downloads < 1.11.6 - Unauthenticated Stored XSS |
| CVE-2024-8759 | 2025-05-15 | Nested Pages <= 3.2.8 - Editor+ Stored XSS |
| CVE-2024-8851 | 2025-05-15 | Polls CP <= 1.0.75 - Admin+ Stored Cross-Site Scripting |
| CVE-2024-8854 | 2025-05-15 | Polls CP <= 1.0.75 - Admin+ Stored XSS via Custom Styles |
| CVE-2024-9182 | 2025-05-15 | Maspik - Advanced Spam protection < 2.1.3 - Admin+ Stored XSS |
| CVE-2024-9227 | 2025-05-15 | PowerPress Podcasting < 11.9.18 - Author+ XSS |
| CVE-2024-9233 | 2025-05-15 | GS Logo Slider < 3.7.1 - Settings Update via Cross-Site Request Forgery |
| CVE-2024-9236 | 2025-05-15 | Team Members Showcase < 4.4.2 - Editor+ Stored XSS |
| CVE-2024-9238 | 2025-05-15 | AVIF & SVG Uploader <= 1.1.0 - Author+ Stored XSS via SVG Uplaod |
| CVE-2024-9390 | 2025-05-15 | RegistrationMagic < 6.0.2.1 - Stored XSS |
| CVE-2024-9450 | 2025-05-15 | Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking < 1.3.15 - Subscriber+ PayPal Settings Update |
| CVE-2024-9599 | 2025-05-15 | Popup Box < 4.7.8 - Admin+ Stored XSS |
| CVE-2024-9645 | 2025-05-15 | Post Grid and Gutenberg Blocks < 2.2.93 - Contributor+ Stored XSS |
| CVE-2024-9662 | 2025-05-15 | CYAN Backup < 2.5.3 - Admin+ Stored XSS via General Settings |
| CVE-2024-9663 | 2025-05-15 | CYAN Backup < 2.5.3 - Admin+ Stored XSS via Remote Storage Settings |
| CVE-2024-9709 | 2025-05-15 | EKC Tournament Manager < 2.2.2 - Create Tournaments/Teams via CSRF |
| CVE-2024-9711 | 2025-05-15 | EKC Tournament Manager < 2.2.2 - Delete Tournaments via CSRF |
| CVE-2024-9765 | 2025-05-15 | EKC Tournament Manager < 2.2.2 - Local File Download Vulnerability |
| CVE-2024-9831 | 2025-05-15 | Taskbuilder < 3.0.9 - Admin+ SQL Injection |
| CVE-2024-9838 | 2025-05-15 | Auto Affiliate Links < 6.4.7 - Admin+ SQL Injection |
| CVE-2024-9879 | 2025-05-15 | Website File Changes < 2.1.1 - Authenticated SQL Injection |
| CVE-2024-9882 | 2025-05-15 | Salon Booking System < 10.9.4 - Admin+ Stored XSS |
| CVE-2025-0329 | 2025-05-15 | AI ChatBot for WordPress – WPBot < 6.2.4 - Admin+ Stored XSS |
| CVE-2025-0687 | 2025-05-15 | Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS |
| CVE-2025-0688 | 2025-05-15 | Spiritual Gifts Survey <= 0.9.10 - Unauthenticated CSRF to XSS |
| CVE-2025-1033 | 2025-05-15 | Badgearoo <= 1.0.14 - Admin+ Stored XSS |
| CVE-2025-1286 | 2025-05-15 | Download HTML TinyMCE Button <= 1.2 - Reflected XSS |
| CVE-2025-1288 | 2025-05-15 | wooexim <= 5.0.0 - CSRF to Reflected XSS |
| CVE-2025-1289 | 2025-05-15 | Plugin Oficial – Getnet para WooCommerce <= 1.7.3 - Admin+ Stored XSS |