CVE List - 2025 / May
Showing 2701 - 2800 of 3982 CVEs for May 2025 (Page 28 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-48236 | 2025-05-19 | WordPress bunny.net <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48237 | 2025-05-19 | WordPress Wishlist for WooCommerce <= 3.2.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48238 | 2025-05-19 | WordPress AWcode Toolkit plugin <= 1.0.18 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability |
| CVE-2025-48239 | 2025-05-19 | WordPress Product Notes Tab & Private Admin Notes for WooCommerce <= 3.1.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48240 | 2025-05-19 | WordPress Cost of Goods for WooCommerce <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48242 | 2025-05-19 | WordPress Legal Pages <= 1.4.5 - Broken Access Control Vulnerability |
| CVE-2025-48243 | 2025-05-19 | WordPress reCAPTCHA for all <= 2.26 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48244 | 2025-05-19 | WordPress Exclusive Addons Elementor <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48246 | 2025-05-19 | WordPress The Events Calendar <= 6.11.2.1 - Broken Access Control Vulnerability |
| CVE-2025-48247 | 2025-05-19 | WordPress Shortlinks by Pretty Links <= 3.6.15 - Broken Access Control Vulnerability |
| CVE-2025-48248 | 2025-05-19 | WordPress Sitewide Discount for WooCommerce: Apply Discount to All Products <= 2.2.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48249 | 2025-05-19 | WordPress EAN for WooCommerce <= 5.4.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48250 | 2025-05-19 | WordPress Coupons & Add to Cart by URL Links for WooCommerce <= 1.7.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48251 | 2025-05-19 | WordPress Additional Custom Emails & Recipients for WooCommerce <= 3.5.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48252 | 2025-05-19 | WordPress Back Button Widget <= 1.6.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48253 | 2025-05-19 | WordPress Free Shipping Bar: Amount Left for Free Shipping for WooCommerce <= 2.4.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48254 | 2025-05-19 | WordPress Change Add to Cart Button Text for WooCommerce <= 2.2.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48255 | 2025-05-19 | WordPress Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP <= 6.2.4 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48256 | 2025-05-19 | WordPress Import Social Events <= 1.8.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48257 | 2025-05-19 | WordPress Projectopia <= 5.1.17 - Broken Access Control Vulnerability |
| CVE-2025-48258 | 2025-05-19 | WordPress Mega Menu Block <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48259 | 2025-05-19 | WordPress WP Mapa Politico España plugin <= 3.8.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-48260 | 2025-05-19 | WordPress GDPR CCPA Compliance Support <= 2.7.3 - Broken Access Control Vulnerability |
| CVE-2025-48262 | 2025-05-19 | WordPress Url Rewrite Analyzer <= 1.3.3 - Broken Access Control Vulnerability |
| CVE-2025-48263 | 2025-05-19 | WordPress MultiVendorX <= 4.2.22 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48264 | 2025-05-19 | WordPress Product Code for WooCommerce plugin <= 1.5.0 - CSRF to Database Update vulnerability |
| CVE-2025-48265 | 2025-05-19 | WordPress Year Make Model Search for WooCommerce plugin <= 1.0.11 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-48266 | 2025-05-19 | WordPress Active Products Tables for WooCommerce <= 1.0.6.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48268 | 2025-05-19 | WordPress Bot for Telegram on WooCommerce <= 1.2.6 - Broken Access Control Vulnerability |
| CVE-2025-48269 | 2025-05-19 | WordPress WPAdverts <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48270 | 2025-05-19 | WordPress SKT Blocks <= 2.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48272 | 2025-05-19 | WordPress WP Job Portal <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability |
| CVE-2025-48276 | 2025-05-19 | WordPress Visual Composer Website Builder <= 45.11.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48277 | 2025-05-19 | WordPress Cost Calculator Builder <= 3.2.74 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48278 | 2025-05-19 | WordPress RSVPMarker <= 11.5.6 - SQL Injection Vulnerability |
| CVE-2025-48280 | 2025-05-19 | WordPress AutomatorWP <= 5.2.1.3 - SQL Injection Vulnerability |
| CVE-2025-48282 | 2025-05-19 | WordPress Majestic Support <= 1.1.0 - Broken Access Control Vulnerability |
| CVE-2025-48284 | 2025-05-19 | WordPress Japanized For WooCommerce <= 2.6.40 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48285 | 2025-05-19 | WordPress Falang multilanguage <= 1.3.61 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48288 | 2025-05-19 | WordPress ElementInvader Addons for Elementor <= 1.3.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48341 | 2025-05-19 | WordPress Form Maker by 10Web <= 1.15.33 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48342 | 2025-05-19 | WordPress Dynamic Pricing & Discounts Lite for WooCommerce <= 2.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48344 | 2025-05-19 | WordPress Rootspersona <= 3.7.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48346 | 2025-05-19 | WordPress Embed and Integrate Etsy Shop <= 1.0.4 - Broken Access Control Vulnerability |
| CVE-2025-3908 | 2025-05-19 | The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership... |
| CVE-2025-4937 | 2025-05-19 | SourceCodester Apartment Visitor Management System profile.php sql injection |
| CVE-2025-4938 | 2025-05-19 | PHPGurukul Employee Record Management System registererms.php sql injection |
| CVE-2024-33939 | 2025-05-19 | WordPress LMS by Masteriyo plugin <= 1.7.3 - Broken Authentication vulnerability |
| CVE-2025-4948 | 2025-05-19 | Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup |
| CVE-2025-22678 | 2025-05-19 | WordPress my white theme <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22687 | 2025-05-19 | WordPress tuaug4 theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22789 | 2025-05-19 | WordPress polka dots theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22790 | 2025-05-19 | WordPress moseter theme <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-4939 | 2025-05-19 | PHPGurukul Credit Card Application Management System new-ccapplication.php cross site scripting |
| CVE-2025-31262 | 2025-05-19 | A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may... |
| CVE-2025-31185 | 2025-05-19 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication. |
| CVE-2025-24183 | 2025-05-19 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A local user may be able to modify protected... |
| CVE-2025-24189 | 2025-05-19 | The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously... |
| CVE-2025-24184 | 2025-05-19 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An... |
| CVE-2025-22791 | 2025-05-19 | WordPress offset writing theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-22792 | 2025-05-19 | WordPress Js O3 Lite theme <= 1.5.8.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23979 | 2025-05-19 | WordPress Flashy theme <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23981 | 2025-05-19 | WordPress CarZine theme <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-26621 | 2025-05-19 | OpenCTI vulnerable to Denial of Service through web hook |
| CVE-2025-23983 | 2025-05-19 | WordPress Tijaji theme <= 1.43 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23986 | 2025-05-19 | WordPress Tiki Time theme <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23988 | 2025-05-19 | WordPress ghostwriter theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-4876 | 2025-05-19 | Hardcoded Key Revealed in ConnectWise Password Encryption Utility |
| CVE-2025-32920 | 2025-05-19 | WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47583 | 2025-05-19 | WordPress Salon booking system plugin <= 10.16 - CSRF to Arbitrary Content Deletion vulnerability |
| CVE-2025-47576 | 2025-05-19 | WordPress Bimber - Viral Magazine WordPress Theme theme <= 9.2.5 - Local File Inclusion vulnerability |
| CVE-2025-39364 | 2025-05-19 | WordPress Product Category Slider for WooCommerce plugin <= 4.3.4 - Local File Inclusion vulnerability |
| CVE-2025-39351 | 2025-05-19 | WordPress Grand Restaurant WordPress theme <= 7.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39353 | 2025-05-19 | WordPress Grand Restaurant WordPress theme <= 7.0 - Broken Access Control vulnerability |
| CVE-2025-4940 | 2025-05-19 | 1000 Projects Daily College Class Work Report Book admin_info.php sql injection |
| CVE-2025-39368 | 2025-05-19 | WordPress Rootspersona plugin <= 3.7.5 - Broken Access Control vulnerability |
| CVE-2025-39369 | 2025-05-19 | WordPress Posts for Page plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39370 | 2025-05-19 | WordPress iCafe Library plugin <= 1.8.3 - SQL Injection vulnerability |
| CVE-2025-39371 | 2025-05-19 | WordPress Author Box Plugin With Different Description plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39373 | 2025-05-19 | WordPress JNews theme <= 11.6.5 - Broken Access Control vulnerability |
| CVE-2025-39374 | 2025-05-19 | WordPress Best Posts Summary plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-39375 | 2025-05-19 | WordPress Easy Child Theme Creator plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-39376 | 2025-05-19 | WordPress Car Park Booking System for WordPress plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2025-39388 | 2025-05-19 | WordPress AnalyticsWP plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2025-26867 | 2025-05-19 | WordPress Bulk theme <= 1.0.11 - Broken Access Control vulnerability |
| CVE-2025-26920 | 2025-05-19 | WordPress Customify theme <= 0.4.8 - Broken Access Control vulnerability |
| CVE-2025-39394 | 2025-05-19 | WordPress AnalyticsWP plugin <= 2.1.2 - Sensitive Data Exposure vulnerability |
| CVE-2025-4941 | 2025-05-19 | PHPGurukul Credit Card Application Management System index.php sql injection |
| CVE-2025-4945 | 2025-05-19 | Libsoup: integer overflow in cookie expiration date handling in libsoup |
| CVE-2025-46543 | 2025-05-19 | WordPress Enhanced Paypal Shortcodes plugin <= 0.5a - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46263 | 2025-05-19 | WordPress Author Box After Posts plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46262 | 2025-05-19 | WordPress Mad Mimi for WordPress plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-43840 | 2025-05-19 | WordPress CheckBot plugin <= 1.05 - CSRF to Stored XSS vulnerability |
| CVE-2025-43841 | 2025-05-19 | WordPress WP Vegas plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39396 | 2025-05-19 | WordPress JetReviews plugin <= 2.3.6 - Local File Inclusion vulnerability |
| CVE-2025-39398 | 2025-05-19 | WordPress Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue theme <= 4.2.2 - Broken Access Control vulnerability |
| CVE-2025-39412 | 2025-05-19 | WordPress Master Slider plugin <= 3.10.8 - Broken Access Control vulnerability |
| CVE-2025-43835 | 2025-05-19 | WordPress wp-cyr-cho plugin <= 0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-43834 | 2025-05-19 | WordPress cookieBAR plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-43833 | 2025-05-19 | WordPress Absolute Links plugin <= 1.1.1 - SQL Injection vulnerability |