CVE List - 2025 / May
Showing 2801 - 2900 of 3984 CVEs for May 2025 (Page 29 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-43835 | 2025-05-19 | WordPress wp-cyr-cho plugin <= 0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-43834 | 2025-05-19 | WordPress cookieBAR plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-43833 | 2025-05-19 | WordPress Absolute Links plugin <= 1.1.1 - SQL Injection vulnerability |
| CVE-2025-39460 | 2025-05-19 | WordPress Eduma theme <= 5.6.4 - Broken Access Control vulnerability |
| CVE-2025-39454 | 2025-05-19 | WordPress Name Directory plugin <= 1.30.0 - Broken Access Control vulnerability |
| CVE-2025-39450 | 2025-05-19 | WordPress JetTabs plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39448 | 2025-05-19 | WordPress JetElements For Elementor plugin <= 2.7.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47282 | 2025-05-19 | Malicious google credential in DNS secret can lead to privilege escalation |
| CVE-2025-22287 | 2025-05-19 | WordPress LTL Freight Quotes – FreightQuote Edition plugin <= 2.3.11 - Broken Access Control vulnerability |
| CVE-2025-26735 | 2025-05-19 | WordPress Grip theme <= 1.0.9 - Local File Inclusion vulnerability |
| CVE-2025-26872 | 2025-05-19 | WordPress Eximius theme <= 2.2 - Arbitrary File Upload vulnerability |
| CVE-2025-26892 | 2025-05-19 | WordPress Celestial Aura plugin <= 2.2 - Arbitrary File Upload vulnerability |
| CVE-2025-26997 | 2025-05-19 | WordPress Wireless Butler plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-27010 | 2025-05-19 | WordPress Tastyc < 2.5.2 - Local File Inclusion Vulnerability |
| CVE-2025-47582 | 2025-05-19 | WordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection Vulnerability |
| CVE-2025-47581 | 2025-05-19 | WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - PHP Object Injection vulnerability |
| CVE-2025-47577 | 2025-05-19 | WordPress TI WooCommerce Wishlist < 2.10.0 - Arbitrary File Upload Vulnerability |
| CVE-2025-43839 | 2025-05-19 | WordPress BP Messages Tool plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-43838 | 2025-05-19 | WordPress Custom PC Builder Lite for WooCommerce <= 1.0.1 - Settings Change Vulnerability |
| CVE-2025-43837 | 2025-05-19 | WordPress Total Donations <= 3.0.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-43836 | 2025-05-19 | WordPress Syndicate Out <= 0.9 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-43832 | 2025-05-19 | WordPress Remote Images Grabber plugin <= 0.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47283 | 2025-05-19 | Bypassing project secret validation can lead to privilege escalation |
| CVE-2025-39459 | 2025-05-19 | WordPress Real Estate 7 theme <= 3.5.2 - Privilege Escalation vulnerability |
| CVE-2025-39458 | 2025-05-19 | WordPress Foton theme <= 2.5.2 - Local File Inclusion vulnerability |
| CVE-2025-39451 | 2025-05-19 | WordPress JetBlocks For Elementor <= 1.3.16 - Broken Access Control Vulnerability |
| CVE-2025-39449 | 2025-05-19 | WordPress JetWooBuilder <= 2.1.18 - Broken Access Control Vulnerability |
| CVE-2025-39447 | 2025-05-19 | WordPress JetElements For Elementor <= 2.7.4.1 - Broken Access Control Vulnerability |
| CVE-2025-47284 | 2025-05-19 | Gardener vulnerable to metadata injection for a project secret that can lead to privilege escalation |
| CVE-2025-39446 | 2025-05-19 | WordPress Booster Plus for WooCommerce plugin <= 7.2.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39445 | 2025-05-19 | WordPress Super Store Finder <= 7.2 - SQL Injection Vulnerability |
| CVE-2025-47934 | 2025-05-19 | OpenPGP.js's message signature verification can be spoofed |
| CVE-2025-39411 | 2025-05-19 | WordPress WhatsApp Click to Chat Plugin for WordPress plugin <= 2.2.12 - Local File Inclusion vulnerability |
| CVE-2025-39410 | 2025-05-19 | WordPress Smart Sections Theme Builder - WPBakery Page Builder Addon plugin <= 1.7.8 - PHP Object Injection vulnerability |
| CVE-2025-39409 | 2025-05-19 | WordPress WordPress Video Robot - The Ultimate Video Importer plugin <= 1.20.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39407 | 2025-05-19 | WordPress Memberpress plugin < 1.12.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39406 | 2025-05-19 | WordPress WPAMS plugin <= 44.0 - Local File Inclusion to Privilege Escalation vulnerability |
| CVE-2025-39405 | 2025-05-19 | WordPress WPAMS plugin <= 44.0 (17-08-2023) - Privilege Escalation vulnerability |
| CVE-2025-39403 | 2025-05-19 | WordPress WPAMS plugin <= 44.0 (17-08-2023) - SQL Injection vulnerability |
| CVE-2025-47935 | 2025-05-19 | Multer vulnerable to Denial of Service via memory leaks from unclosed streams |
| CVE-2025-47944 | 2025-05-19 | Multer vulnerable to Denial of Service from maliciously crafted requests |
| CVE-2025-39402 | 2025-05-19 | WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability |
| CVE-2025-47946 | 2025-05-19 | symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute injection via ComponentAttributes |
| CVE-2025-39401 | 2025-05-19 | WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability |
| CVE-2025-39395 | 2025-05-19 | WordPress WPAMS plugin <= 44.0 (17-08-2023) - SQL Injection vulnerability |
| CVE-2025-39393 | 2025-05-19 | WordPress Hospital Management System plugin <= 47.0 (20-11-2023) - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47949 | 2025-05-19 | samlify SAML Signature Wrapping attack |
| CVE-2025-39392 | 2025-05-19 | WordPress WPAMS plugin <= 44.0 (17-08-2023) - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39389 | 2025-05-19 | WordPress AnalyticsWP <= 2.1.2 - SQL Injection Vulnerability |
| CVE-2025-39386 | 2025-05-19 | WordPress Hospital Management System plugin <= 47.0(20-11-2023) - SQL Injection vulnerability |
| CVE-2025-39380 | 2025-05-19 | WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability |
| CVE-2025-39372 | 2025-05-19 | WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39366 | 2025-05-19 | WordPress wProject theme < 5.8.0 - Subscriber+ Privilege Escalation vulnerability |
| CVE-2025-39365 | 2025-05-19 | WordPress wProject theme < 5.8.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46441 | 2025-05-19 | WordPress Section Widget plugin <= 3.3.1 - Path Traversal vulnerability |
| CVE-2025-39357 | 2025-05-19 | WordPress Hospital Management System plugin <= 47.0(20-11-2023) - SQL Injection vulnerability |
| CVE-2025-39356 | 2025-05-19 | WordPress Foodbakery Sticky Cart plugin <= 3.2 - PHP Object Injection vulnerability |
| CVE-2025-39355 | 2025-05-19 | WordPress FAT Services Booking plugin <= 5.6 - SQL Injection vulnerability |
| CVE-2025-39354 | 2025-05-19 | WordPress Grand Conference theme <= 5.2 - PHP Object Injection vulnerability |
| CVE-2025-39352 | 2025-05-19 | WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability |
| CVE-2025-39350 | 2025-05-19 | WordPress wProject theme < 5.8.0 - Unauthenticated Post/Comment/Attachment Modification/Deletion vulnerability |
| CVE-2025-39349 | 2025-05-19 | WordPress CiyaShop theme <= 4.18.0 - PHP Object Injection vulnerability |
| CVE-2025-39348 | 2025-05-19 | WordPress Grand Restaurant WordPress theme <= 7.0 - PHP Object Injection vulnerability |
| CVE-2025-32928 | 2025-05-19 | WordPress Altair theme <= 5.2.2 - PHP Object Injection vulnerability |
| CVE-2025-32927 | 2025-05-19 | WordPress FoodBakery plugin <= 3.3 - PHP Object Injection vulnerability |
| CVE-2025-32926 | 2025-05-19 | WordPress Grand Restaurant WordPress theme <= 7.0 - Path Traversal to PHP Object Injection vulnerability |
| CVE-2025-32925 | 2025-05-19 | WordPress SUMO Reward Points plugin <= 30.7.0 - Local File Inclusion vulnerability |
| CVE-2025-32924 | 2025-05-19 | WordPress Revy plugin <= 2.1 - SQL Injection vulnerability |
| CVE-2025-31027 | 2025-05-19 | WordPress Tiger theme <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48340 | 2025-05-19 | WordPress User Profile Meta Manager plugin <= 1.02 - CSRF to Privilege Escalation vulnerability |
| CVE-2025-3223 | 2025-05-19 | WorkstationST EGD Configuration Server Path Traversal Vulnerability |
| CVE-2025-1308 | 2025-05-19 | PX Backup Improper Sanitization Vulnerability |
| CVE-2025-4971 | 2025-05-19 | Broadcom Automic Automation Agent Unix privilege escalation |
| CVE-2025-3078 | 2025-05-19 | A passback vulnerability which relates to production printers and office... |
| CVE-2025-3079 | 2025-05-19 | A passback vulnerability which relates to office/small office multifunction printers... |
| CVE-2024-53359 | 2025-05-20 | An issue in Zalo v23.09.01 allows attackers to obtain sensitive... |
| CVE-2025-26086 | 2025-05-20 | An unauthenticated blind SQL injection vulnerability exists in RSI Queue... |
| CVE-2025-44084 | 2025-05-20 | D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker... |
| CVE-2025-44880 | 2025-05-20 | A command injection vulnerability in the component /cgi-bin/adm.cgi of Wavlink... |
| CVE-2025-44881 | 2025-05-20 | A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink... |
| CVE-2025-44882 | 2025-05-20 | A command injection vulnerability in the component /cgi-bin/firewall.cgi of Wavlink... |
| CVE-2025-44883 | 2025-05-20 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-44884 | 2025-05-20 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-44885 | 2025-05-20 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-44886 | 2025-05-20 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-44887 | 2025-05-20 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-44888 | 2025-05-20 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-44890 | 2025-05-20 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-44891 | 2025-05-20 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-44893 | 2025-05-20 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-44894 | 2025-05-20 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-44896 | 2025-05-20 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-44897 | 2025-05-20 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-44898 | 2025-05-20 | FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via... |
| CVE-2025-45862 | 2025-05-20 | TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow... |
| CVE-2025-4322 | 2025-05-20 | Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover |
| CVE-2025-2929 | 2025-05-20 | Order Delivery Date Pro for WooCommerce < 12.4.0 - Reflected XSS |
| CVE-2024-5878 | 2025-05-20 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library |
| CVE-2025-4951 | 2025-05-20 | Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable... |
| CVE-2025-40634 | 2025-05-20 | Stack-based buffer overflow in TP-Link Archer AX50 |