CVE List - 2025 / July
Showing 2001 - 2100 of 3776 CVEs for July 2025 (Page 21 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-54024 | 2025-07-16 | WordPress WPAdverts plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54026 | 2025-07-16 | WordPress GymBase Theme Classes plugin <= 1.4 - SQL Injection Vulnerability |
| CVE-2025-54030 | 2025-07-16 | WordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54033 | 2025-07-16 | WordPress Theme Builder For Elementor plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54035 | 2025-07-16 | WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54036 | 2025-07-16 | WordPress Webba Booking plugin <= 5.1.20 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54037 | 2025-07-16 | WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability |
| CVE-2025-54038 | 2025-07-16 | WordPress Restaurant Menu by MotoPress plugin <= 2.4.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54039 | 2025-07-16 | WordPress Animator plugin <= 3.0.16 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54041 | 2025-07-16 | WordPress Wallet System for WooCommerce plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54042 | 2025-07-16 | WordPress WP Post Hide plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54043 | 2025-07-16 | WordPress SMTP for Amazon SES plugin <= 1.9 - SQL Injection Vulnerability |
| CVE-2025-54047 | 2025-07-16 | WordPress Cost Calculator plugin <= 7.4 - Broken Access Control Vulnerability |
| CVE-2025-54050 | 2025-07-16 | WordPress Responsive Addons for Elementor plugin <= 1.7.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54051 | 2025-07-16 | WordPress LightBox Block plugin <= 1.1.30 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48301 | 2025-07-16 | WordPress SMTP for SendGrid – YaySMTP plugin <= 1.5 - SQL Injection Vulnerability |
| CVE-2025-48299 | 2025-07-16 | WordPress YayExtra plugin <= 1.5.5 - SQL Injection Vulnerability |
| CVE-2025-48295 | 2025-07-16 | WordPress Easy Elementor Addons plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48294 | 2025-07-16 | WordPress FG Drupal to WordPress plugin <= 3.90.0 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-48167 | 2025-07-16 | WordPress Chatbox Manager plugin <= 1.2.5 - Broken Access Control Vulnerability |
| CVE-2025-48166 | 2025-07-16 | WordPress Stop and Block bots plugin Anti bots <= 1.48 - Broken Access Control Vulnerability |
| CVE-2025-48161 | 2025-07-16 | WordPress YaySMTP plugin <= 1.3 - SQL Injection Vulnerability |
| CVE-2025-48156 | 2025-07-16 | WordPress Image Wall plugin <= 3.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48155 | 2025-07-16 | WordPress Residential Address Detection plugin <= 2.5.9 - Broken Access Control Vulnerability |
| CVE-2025-48153 | 2025-07-16 | WordPress Import CDN-Remote Images plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-48150 | 2025-07-16 | WordPress Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin plugin <= 4.48 - Broken Access Control Vulnerability |
| CVE-2024-9343 | 2025-07-16 | In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console. |
| CVE-2024-10029 | 2025-07-16 | In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console. |
| CVE-2024-10031 | 2025-07-16 | In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system. |
| CVE-2024-10032 | 2025-07-16 | In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console. |
| CVE-2025-53754 | 2025-07-16 | Hard-coded Credentials Vulnerability in Digisol DG-GR6821AC Router |
| CVE-2024-9408 | 2025-07-16 | In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints. |
| CVE-2025-53755 | 2025-07-16 | Cleartext Storage Vulnerability in Digisol DG-GR6821AC Router |
| CVE-2025-53756 | 2025-07-16 | Cleartext Transmission Vulnerability in Digisol DG-GR6821AC Router |
| CVE-2025-53757 | 2025-07-16 | Insecure Cookie Flags Vulnerability in Digisol DG-GR6821AC Router |
| CVE-2025-52836 | 2025-07-16 | WordPress The E-Commerce ERP <= 2.1.1.3 - Privilege Escalation Vulnerability |
| CVE-2025-52819 | 2025-07-16 | WordPress Pakke Envíos plugin <= 1.0.2 - SQL Injection Vulnerability |
| CVE-2025-52804 | 2025-07-16 | WordPress Nuss theme <= 1.3.3 - Broken Access Control Vulnerability |
| CVE-2025-52803 | 2025-07-16 | WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-52787 | 2025-07-16 | WordPress Tennis Court Bookings plugin <= 1.2.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-52786 | 2025-07-16 | WordPress Media Folder plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-52779 | 2025-07-16 | WordPress Dot html,php,xml etc pages plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-52777 | 2025-07-16 | WordPress Pay with Contact Form 7 plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-52714 | 2025-07-16 | WordPress Traveler < 3.2.2 - SQL Injection Vulnerability |
| CVE-2025-50028 | 2025-07-16 | WordPress Ultimate Push Notifications plugin <= 1.1.9 - Broken Access Control Vulnerability |
| CVE-2025-49888 | 2025-07-16 | WordPress PW WooCommerce On Sale! plugin <= 1.39 - Broken Access Control Vulnerability |
| CVE-2025-49884 | 2025-07-16 | WordPress Internal Linking of Related Contents plugin <= 1.1.8 - Broken Access Control Vulnerability |
| CVE-2025-49876 | 2025-07-16 | WordPress ProfileGrid <= 5.9.5.2 - SQL Injection Vulnerability |
| CVE-2025-49319 | 2025-07-16 | WordPress Wishlist for WooCommerce <= 3.2.3 - Broken Access Control Vulnerability |
| CVE-2025-49034 | 2025-07-16 | WordPress Funnel Builder by FunnelKit plugin <= 3.10.2 - SQL Injection vulnerability |
| CVE-2025-49031 | 2025-07-16 | WordPress SMu Manual DoFollow plugin <= 1.8.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48345 | 2025-07-16 | WordPress Contact Form 7 Editor Button plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48339 | 2025-07-16 | WordPress Profiler - What Slowing Down Your WP <= 1.0.0 - Broken Access Control Vulnerability |
| CVE-2025-48300 | 2025-07-16 | WordPress Groundhogg <= 4.2.1 - Arbitrary File Upload Vulnerability |
| CVE-2025-48291 | 2025-07-16 | WordPress Contest Gallery <= 26.0.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-47652 | 2025-07-16 | WordPress Infility Global plugin <= 2.13.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47645 | 2025-07-16 | WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Subscriber+ SQL Injection vulnerability |
| CVE-2025-47554 | 2025-07-16 | WordPress CSS3 Compare Pricing Tables for WordPress plugin <= 11.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-46500 | 2025-07-16 | WordPress Wordpress Auto Spinner plugin <= 3.25.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32574 | 2025-07-16 | WordPress WPGYM plugin <= 65.0 - SQL Injection vulnerability |
| CVE-2025-31427 | 2025-07-16 | WordPress Invico - WordPress Consulting Business Theme <= 1.9 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31422 | 2025-07-16 | WordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability |
| CVE-2025-31072 | 2025-07-16 | WordPress Ofiz - Business Consulting Theme plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-31070 | 2025-07-16 | WordPress HTML5 Radio Player - WPBakery Page Builder Addon plugin <= 2.5 - Arbitrary File Download vulnerability |
| CVE-2025-31055 | 2025-07-16 | WordPress Electrician - Electrical Service WordPress theme <= 1.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30973 | 2025-07-16 | WordPress CoSchool LMS plugin <= 1.4.3 - PHP Object Injection Vulnerability |
| CVE-2025-30959 | 2025-07-16 | WordPress Product XML Feed Manager for WooCommerce <= 2.9.2 - Broken Access Control Vulnerability |
| CVE-2025-30955 | 2025-07-16 | WordPress ListingEasy theme <= 1.9.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-30949 | 2025-07-16 | WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability |
| CVE-2025-30936 | 2025-07-16 | WordPress Torod plugin <= 1.9 - SQL Injection Vulnerability |
| CVE-2025-29009 | 2025-07-16 | WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability |
| CVE-2025-29000 | 2025-07-16 | WordPress Multi-language Responsive Contact Form plugin <= 2.8 - Broken Access Control Vulnerability |
| CVE-2025-28982 | 2025-07-16 | WordPress WP Pipes plugin <= 1.4.3 - SQL Injection Vulnerability |
| CVE-2025-28965 | 2025-07-16 | WordPress URL Shortener <= 3.0.7 - Broken Access Control Vulnerability |
| CVE-2025-28961 | 2025-07-16 | WordPress URL Shortener <= 3.0.7 - PHP Object Injection Vulnerability |
| CVE-2025-28959 | 2025-07-16 | WordPress URL Shortener <= 3.0.7 - SQL Injection Vulnerability |
| CVE-2025-28955 | 2025-07-16 | WordPress Easy Video Player Wordpress & WooCommerce plugin <= 10.0 - Arbitrary File Download Vulnerability |
| CVE-2025-24779 | 2025-07-16 | WordPress Yogi theme <= 2.9.0 - PHP Object Injection Vulnerability |
| CVE-2025-24777 | 2025-07-16 | WordPress Hillter theme <= 3.0.7 - PHP Object Injection Vulnerability |
| CVE-2025-24759 | 2025-07-16 | WordPress WP-BusinessDirectory <= 3.1.3 - SQL Injection Vulnerability |
| CVE-2025-53758 | 2025-07-16 | Default Credential Vulnerability in Digisol DG-GR6821AC Router |
| CVE-2025-34300 | 2025-07-16 | Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE |
| CVE-2025-40923 | 2025-07-16 | Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely |
| CVE-2025-53840 | 2025-07-16 | Icinga DB Web Exposure of Sensitive Information to an Unauthorized Actor vulnerability |
| CVE-2025-40776 | 2025-07-16 | Birthday Attack against Resolvers supporting ECS |
| CVE-2025-53892 | 2025-07-16 | Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror |
| CVE-2025-53923 | 2025-07-16 | Emlog vulnerable to reflected Cross-site Scripting in admin panel |
| CVE-2025-53924 | 2025-07-16 | Emlog vulnerable to stored Cross-site Scripting in links functionality |
| CVE-2025-40918 | 2025-07-16 | Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely |
| CVE-2025-3871 | 2025-07-16 | Broken Access Control Leads to Limited Denial of Service in GoAnywhere MFT 7.8.0 and earlier |
| CVE-2025-40919 | 2025-07-16 | Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely |
| CVE-2025-40913 | 2025-07-16 | Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow |
| CVE-2025-37104 | 2025-07-16 | HPE Telco Service Orchestrator Software, Authenticated SQL Injection |
| CVE-2025-53925 | 2025-07-16 | Emlog has Stored Cross-site Scripting vulnerability in file upload functionality |
| CVE-2025-5994 | 2025-07-16 | Cache poisoning via the ECS-enabled Rebirthday Attack |
| CVE-2025-53926 | 2025-07-16 | Emlog has Stored Cross-site Scripting vulnerability due to error |
| CVE-2025-53929 | 2025-07-16 | WeGIA vulnerable to Stored Cross-Site Scripting (XSS) via endpoint `adicionar_cor.php` parameter `cor` |
| CVE-2025-53930 | 2025-07-16 | WeGIA vulnerable to Stored Cross-Site Scripting (XSS) via endpoint 'adicionar_especie.php' parameter 'especie' |
| CVE-2025-53931 | 2025-07-16 | WeGIA vulnerable to Stored Cross-Site Scripting via endpoint `adicionar_raca.php` parameter `raca` |
| CVE-2025-46959 | 2025-07-16 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |