CVE List - 2025 / May
Showing 3401 - 3500 of 3984 CVEs for May 2025 (Page 35 of 40)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-46515 | 2025-05-23 | WordPress Category Widget plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46493 | 2025-05-23 | WordPress Crossword Compiler Puzzles <= 5.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46490 | 2025-05-23 | WordPress Crossword Compiler Puzzles <= 5.2 - Arbitrary File Upload Vulnerability |
| CVE-2025-46488 | 2025-05-23 | WordPress Visual Builder plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-46487 | 2025-05-23 | WordPress EC Authorize.net plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46486 | 2025-05-23 | WordPress Nomupay Payment Processing Gateway <= 7.1.7 - Arbitrary File Download Vulnerability |
| CVE-2025-46474 | 2025-05-23 | WordPress SEUR Oficial <= 2.2.23 - Local File Inclusion Vulnerability |
| CVE-2025-46468 | 2025-05-23 | WordPress Fable Extra <= 1.0.6 - Local File Inclusion Vulnerability |
| CVE-2025-46463 | 2025-05-23 | WordPress Mailing Group Listserv <= 3.0.4 - SQL Injection Vulnerability |
| CVE-2025-46460 | 2025-05-23 | WordPress Easy Guide <= 1.0.0 - SQL Injection Vulnerability |
| CVE-2025-46458 | 2025-05-23 | WordPress occupancyplan plugin <= 1.0.3.0 - CSRF to SQL Injection vulnerability |
| CVE-2025-46456 | 2025-05-23 | WordPress Theme Blvd Sliders plugin <= 1.2.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46455 | 2025-05-23 | WordPress WP HRM LITE <= 1.1 - SQL Injection Vulnerability |
| CVE-2025-46454 | 2025-05-23 | WordPress Meta Keywords & Description <= 0.8 - Local File Inclusion Vulnerability |
| CVE-2025-46448 | 2025-05-23 | WordPress Document Management System <= 1.24 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46446 | 2025-05-23 | WordPress Libro de Reclamaciones <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-46444 | 2025-05-23 | WordPress Ads Pro plugin <= 4.88 - Local File Inclusion vulnerability |
| CVE-2025-46440 | 2025-05-23 | WordPress kStats Reloaded plugin <= 0.7.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46437 | 2025-05-23 | WordPress Tayori Form plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39536 | 2025-05-23 | WordPress JobHunt Job Alerts <= 3.6 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-39506 | 2025-05-23 | WordPress Nasa Core Plugin <= 6.3.2 - Local File Inclusion vulnerability |
| CVE-2025-39505 | 2025-05-23 | WordPress Goodlayers Hotel plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39504 | 2025-05-23 | WordPress Goodlayers Hotel plugin <= 3.1.4 - SQL Injection vulnerability |
| CVE-2025-39503 | 2025-05-23 | WordPress Goodlayers Hotel plugin <= 3.1.4 - PHP Object Injection vulnerability |
| CVE-2025-39502 | 2025-05-23 | WordPress Goodlayers Hostel Plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39501 | 2025-05-23 | WordPress Goodlayers Hostel Plugin <= 3.1.2 - SQL Injection vulnerability |
| CVE-2025-39500 | 2025-05-23 | WordPress Goodlayers Hostel Plugin <= 3.1.2 - PHP Object Injection vulnerability |
| CVE-2025-39499 | 2025-05-23 | WordPress Medicare Theme <= 2.1.0 - PHP Object Injection vulnerability |
| CVE-2025-39495 | 2025-05-23 | WordPress Avantage Theme <= 2.4.6 - PHP Object Injection vulnerability |
| CVE-2025-39494 | 2025-05-23 | WordPress Wilmër theme < 3.4.2 - Local File Inclusion Vulnerability |
| CVE-2025-39490 | 2025-05-23 | WordPress Backpack Traveler <= 2.7 - Local File Inclusion Vulnerability |
| CVE-2025-39489 | 2025-05-23 | WordPress CouponXL <= 4.5.0 - Privilege Escalation Vulnerability |
| CVE-2025-39485 | 2025-05-23 | WordPress GrandTour Theme <= 5.5.1 - PHP Object Injection vulnerability |
| CVE-2025-39480 | 2025-05-23 | WordPress Car Dealer <= 1.6.6 - PHP Object Injection Vulnerability |
| CVE-2025-32309 | 2025-05-23 | WordPress Healsoul <= 2.0.2 - Local File Inclusion Vulnerability |
| CVE-2025-32302 | 2025-05-23 | WordPress Winnex <= 1.3.2 - Local File Inclusion Vulnerability |
| CVE-2025-32294 | 2025-05-23 | WordPress Oxpitan <= 1.3.1 - Local File Inclusion Vulnerability |
| CVE-2025-32293 | 2025-05-23 | WordPress Finance Consultant <= 2.8 - PHP Object Injection Vulnerability |
| CVE-2025-32292 | 2025-05-23 | WordPress Jarvis – Night Club, Concert, Festival WordPress <= 1.8.11 - PHP Object Injection Vulnerability |
| CVE-2025-32289 | 2025-05-23 | WordPress Yozi <= 2.0.52 - Local File Inclusion Vulnerability |
| CVE-2025-32286 | 2025-05-23 | WordPress Butcher <= 2.40 - Local File Inclusion Vulnerability |
| CVE-2025-32285 | 2025-05-23 | WordPress Butcher theme <= 2.40 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32284 | 2025-05-23 | WordPress Pet World <= 2.8 - PHP Object Injection Vulnerability |
| CVE-2025-31927 | 2025-05-23 | WordPress Acerola <= 1.6.5 - PHP Object Injection Vulnerability |
| CVE-2025-31924 | 2025-05-23 | WordPress Crafts & Arts <= 2.5 - PHP Object Injection Vulnerability |
| CVE-2025-31918 | 2025-05-23 | WordPress Simple Business Directory Pro <= 15.4.8 - Privilege Escalation Vulnerability |
| CVE-2025-31916 | 2025-05-23 | WordPress JP Students Result Management System Premium plugin 1.1.7 - Arbitrary File Upload vulnerability |
| CVE-2025-31914 | 2025-05-23 | WordPress Pixel WordPress Form BuilderPlugin & Autoresponder <= 1.0.2 - SQL Injection Vulnerability |
| CVE-2025-31913 | 2025-05-23 | WordPress Ogami <= 1.53 - Local File Inclusion Vulnerability |
| CVE-2025-31912 | 2025-05-23 | WordPress Enzio - Responsive Business WordPress Theme <= 1.1.8 - Local File Inclusion Vulnerability |
| CVE-2025-31636 | 2025-05-23 | WordPress WP Post Modules for Elementor plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31633 | 2025-05-23 | WordPress Kiamo - Responsive Business Service WordPress Theme <= 1.3.3 - Local File Inclusion Vulnerability |
| CVE-2025-31632 | 2025-05-23 | WordPress La Boom <= 2.7 - Local File Inclusion Vulnerability |
| CVE-2025-31631 | 2025-05-23 | WordPress Fish House <= 1.2.7 - PHP Object Injection Vulnerability |
| CVE-2025-31430 | 2025-05-23 | WordPress The Business <= 1.6.1 - PHP Object Injection Vulnerability |
| CVE-2025-31423 | 2025-05-23 | WordPress Umberto <= 1.2.8 - PHP Object Injection Vulnerability |
| CVE-2025-31397 | 2025-05-23 | WordPress Bus Ticket Booking with Seat Reservation for WooCommerce plugin <= 1.7 - SQL Injection vulnerability |
| CVE-2025-31069 | 2025-05-23 | WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - PHP Object Injection Vulnerability |
| CVE-2025-31064 | 2025-05-23 | WordPress Vizeon - Business Consulting <= 1.1.7 - Local File Inclusion Vulnerability |
| CVE-2025-31060 | 2025-05-23 | WordPress Capie <= 1.0.40 - Local File Inclusion Vulnerability |
| CVE-2025-31056 | 2025-05-23 | WordPress WhatsCart plugin <= 1.1.0 - SQL Injection vulnerability |
| CVE-2025-31053 | 2025-05-23 | WordPress KBx Pro Ultimate <= 7.9.8 - Arbitrary File Deletion Vulnerability |
| CVE-2025-31049 | 2025-05-23 | WordPress Dash <= 1.3 - PHP Object Injection Vulnerability |
| CVE-2025-5109 | 2025-05-23 | FreeFloat FTP Server STATUS Command buffer overflow |
| CVE-2025-5110 | 2025-05-23 | FreeFloat FTP Server VERBOSE Command buffer overflow |
| CVE-2025-3580 | 2025-05-23 | An access control vulnerability was discovered in Grafana OSS where... |
| CVE-2025-5111 | 2025-05-23 | FreeFloat FTP Server TYPE Command buffer overflow |
| CVE-2025-5112 | 2025-05-23 | FreeFloat FTP Server MGET Command buffer overflow |
| CVE-2025-5114 | 2025-05-23 | easysoft zentaopms Editor index.php edit deserialization |
| CVE-2018-25110 | 2025-05-23 | Regular Expression Denial of Service (ReDoS) in markedjs/marked |
| CVE-2022-31807 | 2025-05-23 | A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2)... |
| CVE-2022-31812 | 2025-05-23 | A vulnerability has been identified in SiPass integrated (All versions... |
| CVE-2025-32794 | 2025-05-23 | OpenEMR Stored XSS via Patient Name Field in Procedure Orders |
| CVE-2025-32967 | 2025-05-23 | OpenEMR doesn't log password administration properly |
| CVE-2025-43860 | 2025-05-23 | OpemRMS Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics |
| CVE-2025-48376 | 2025-05-23 | Dnn.Platform's Site Import could use an external source with a crafted request |
| CVE-2025-48378 | 2025-05-23 | Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline |
| CVE-2025-48377 | 2025-05-23 | Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode |
| CVE-2025-48375 | 2025-05-23 | Schule Missing Rate Limiting on OTP Email Requests – Susceptible to Abuse & DoS |
| CVE-2025-24916 | 2025-05-23 | Improper Access Control leads to Local Priviledge Escalation |
| CVE-2025-24917 | 2025-05-23 | Improper Access Control leads to Local Privilege Escalation |
| CVE-2025-5119 | 2025-05-23 | Emlog Pro api_controller.php sql injection |
| CVE-2025-48751 | 2025-05-24 | The process_lock crate 0.1.0 for Rust allows data races in... |
| CVE-2025-48752 | 2025-05-24 | In the process-sync crate 0.2.2 for Rust, the drop function... |
| CVE-2025-48753 | 2025-05-24 | In the anode crate 0.1.0 for Rust, data races can... |
| CVE-2025-48754 | 2025-05-24 | In the memory_pages crate 0.1.0 for Rust, division by zero... |
| CVE-2025-48755 | 2025-05-24 | In the spiral-rs crate 0.2.0 for Rust, allocation can be... |
| CVE-2025-48756 | 2025-05-24 | In group_number in the scsir crate 0.2.0 for Rust, there... |
| CVE-2024-13427 | 2025-05-24 | Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link |
| CVE-2025-3869 | 2025-05-24 | 4stats <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-5055 | 2025-05-24 | Smart Forms <= 2.6.98 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-4602 | 2025-05-24 | eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Read |
| CVE-2025-4603 | 2025-05-24 | eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Deletion |
| CVE-2025-4336 | 2025-05-24 | eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file() |
| CVE-2025-5058 | 2025-05-24 | eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_image() |
| CVE-2025-4223 | 2025-05-24 | Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter |
| CVE-2025-5124 | 2025-05-24 | Sony SNC-M1 Administrative Interface default credentials |
| CVE-2025-5126 | 2025-05-24 | FLIR AX8 settingsregional.php setDataTime command injection |
| CVE-2025-5127 | 2025-05-24 | FLIR AX8 prod.php cross site scripting |
| CVE-2025-5128 | 2025-05-24 | ScriptAndTools Real-Estate-website-in-PHP Admin Login Panel admin sql injection |