CVE List - 2025 / August
Showing 1701 - 1800 of 3631 CVEs for August 2025 (Page 18 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-54740 | 2025-08-14 | WordPress Print My Blog Plugin <= 3.27.9 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54739 | 2025-08-14 | WordPress Nexter Blocks Plugin <= 4.5.4 - Broken Access Control Vulnerability |
| CVE-2025-54736 | 2025-08-14 | WordPress Savoy Theme <= 3.0.8 - Sensitive Data Exposure Vulnerability |
| CVE-2025-54732 | 2025-08-14 | WordPress WPDM – Premium Packages Plugin <= 6.0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54730 | 2025-08-14 | WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability |
| CVE-2025-54729 | 2025-08-14 | WordPress Webba Booking Plugin <= 6.0.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54728 | 2025-08-14 | WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-54727 | 2025-08-14 | WordPress CM On Demand Search And Replace Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54717 | 2025-08-14 | WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability |
| CVE-2025-54715 | 2025-08-14 | WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.9.0 - Arbitrary File Download Vulnerability |
| CVE-2025-54712 | 2025-08-14 | WordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control Vulnerability |
| CVE-2025-54708 | 2025-08-14 | WordPress B Blocks Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-54054 | 2025-08-14 | WordPress 12 Step Meeting List Plugin <= 3.18.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53587 | 2025-08-14 | WordPress Findgo Theme <= 1.3.57 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53582 | 2025-08-14 | WordPress WordLift Plugin <= 3.54.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53581 | 2025-08-14 | WordPress RSS Feed Pro Plugin <= 1.1.8 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53575 | 2025-08-14 | WordPress Primer MyData for Woocommerce Plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53347 | 2025-08-14 | WordPress Kalium Theme plugin <= 3.18.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53343 | 2025-08-14 | WordPress Modernize Theme <= 3.4.0 - Broken Access Control Vulnerability |
| CVE-2025-53342 | 2025-08-14 | WordPress Modernize Theme <= 3.4.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53341 | 2025-08-14 | WordPress Stratus Theme <= 4.2.5 - Broken Access Control Vulnerability |
| CVE-2025-53330 | 2025-08-14 | WordPress WP Rentals Theme <= 3.13.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-53249 | 2025-08-14 | WordPress Build App Online Plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53241 | 2025-08-14 | WordPress Simplified Plugin <= 1.0.9 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-53221 | 2025-08-14 | WordPress CodeablePress Plugin <= 1.0.0 - Broken Access Control Vulnerability |
| CVE-2025-53219 | 2025-08-14 | WordPress WP-Database-Optimizer-Tools Plugin <= 0.2 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52797 | 2025-08-14 | WordPress StoryMap Plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52771 | 2025-08-14 | WordPress Video Expander Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-52769 | 2025-08-14 | WordPress flexo-social-gallery Plugin <= 1.0006 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52767 | 2025-08-14 | WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-52765 | 2025-08-14 | WordPress NetInsight Analytics Implementation Plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-8975 | 2025-08-14 | givanz Vvveb edit.tpl cross site scripting |
| CVE-2025-8976 | 2025-08-14 | givanz Vvveb Endpoint post cross site scripting |
| CVE-2025-8978 | 2025-08-14 | D-Link DIR-619L boa FirmwareUpgrade data authenticity |
| CVE-2025-8979 | 2025-08-14 | Tenda AC15 Firmware Update check_fw data authenticity |
| CVE-2025-8980 | 2025-08-14 | Tenda G1 Firmware Update check_upload_file data authenticity |
| CVE-2025-8981 | 2025-08-14 | itsourcecode Online Tour and Travel Management System payment.php sql injection |
| CVE-2025-8982 | 2025-08-14 | itsourcecode Online Tour and Travel Management System currency.php sql injection |
| CVE-2025-8983 | 2025-08-14 | itsourcecode Online Tour and Travel Management System expense.php sql injection |
| CVE-2025-8984 | 2025-08-14 | itsourcecode Online Tour and Travel Management System expense_category.php sql injection |
| CVE-2025-8985 | 2025-08-14 | SourceCodester COVID 19 Testing Management System profile.php sql injection |
| CVE-2025-8986 | 2025-08-14 | SourceCodester COVID 19 Testing Management System search-report-result.php sql injection |
| CVE-2025-31987 | 2025-08-14 | HCL Connections Docs is vulnerable to a Denial of Service (DoS) attack |
| CVE-2025-8987 | 2025-08-14 | SourceCodester COVID 19 Testing Management System test-details.php sql injection |
| CVE-2025-8988 | 2025-08-14 | SourceCodester COVID 19 Testing Management System bwdates-report-result.php sql injection |
| CVE-2025-8989 | 2025-08-14 | SourceCodester COVID 19 Testing Management System edit-phlebotomist.php sql injection |
| CVE-2025-8990 | 2025-08-15 | code-projects Online Medicine Guide browsemdcn.php sql injection |
| CVE-2025-8991 | 2025-08-15 | linlinjava litemall Business Logic express logic error |
| CVE-2025-8992 | 2025-08-15 | mtons mblog cross-site request forgery |
| CVE-2025-8993 | 2025-08-15 | itsourcecode Online Tour and Travel Management System expense_report.php sql injection |
| CVE-2025-9000 | 2025-08-15 | Mechrevo Control Center GX V2 reg File uncontrolled search path |
| CVE-2025-9001 | 2025-08-15 | LemonOS HTTP Client main.cpp HTTPGet stack-based overflow |
| CVE-2025-9002 | 2025-08-15 | Surbowl dormitory-management-php login.php sql injection |
| CVE-2025-8342 | 2025-08-15 | WooCommerce OTP Login With Phone Number, OTP Verification <= 1.8.47 - Authentication Bypass |
| CVE-2025-6025 | 2025-08-15 | Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts |
| CVE-2025-8680 | 2025-08-15 | B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery |
| CVE-2025-8867 | 2025-08-15 | Graphina - Elementor Charts and Graphs <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-8676 | 2025-08-15 | B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Sensitive Information Exposure |
| CVE-2025-9003 | 2025-08-15 | D-Link DIR-818LW DHCP Reserved Address bsc_lan.php cross site scripting |
| CVE-2025-9004 | 2025-08-15 | mtons mblog password excessive authentication |
| CVE-2025-9005 | 2025-08-15 | mtons mblog register information exposure |
| CVE-2025-9006 | 2025-08-15 | Tenda CH22 delFileName formdelFileName buffer overflow |
| CVE-2025-9007 | 2025-08-15 | Tenda CH22 editFileName formeditFileName buffer overflow |
| CVE-2025-9008 | 2025-08-15 | itsourcecode Online Tour and Travel Management System sms_setting.php sql injection |
| CVE-2025-31961 | 2025-08-15 | HCL Connections is vulnerable to broken access control |
| CVE-2025-9009 | 2025-08-15 | itsourcecode Online Tour and Travel Management System email_setup.php sql injection |
| CVE-2025-9010 | 2025-08-15 | itsourcecode Online Tour and Travel Management System booking_report.php sql injection |
| CVE-2025-9011 | 2025-08-15 | PHPGurukul Online Shopping Portal Project signup.php sql injection |
| CVE-2025-9012 | 2025-08-15 | PHPGurukul Online Shopping Portal Project bill-ship-addresses.php sql injection |
| CVE-2025-9013 | 2025-08-15 | PHPGurukul Online Shopping Portal Project password-recovery.php sql injection |
| CVE-2025-9016 | 2025-08-15 | Mechrevo Control Center GX V2 Powershell Script Command uncontrolled search path |
| CVE-2025-8013 | 2025-08-15 | Quttera Web Malware Scanner <= 3.5.1.41 - Authenticated (Administrator+) Server-Side Request Forgery |
| CVE-2025-8451 | 2025-08-15 | Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.2.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'data-gallery-items' |
| CVE-2025-6679 | 2025-08-15 | Contact Form by Bit Form - Bit Form <= 2.20.3 - Unauthenticated Arbitrary File Upload |
| CVE-2025-9017 | 2025-08-15 | PHPGurukul Zoo Management System add-foreigner-ticket.php cross site scripting |
| CVE-2025-9019 | 2025-08-15 | tcpreplay tcpprep cidr.c mask_cidr6 heap-based overflow |
| CVE-2025-8604 | 2025-08-15 | WP Table Builder – WordPress Table Plugin <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-9020 | 2025-08-15 | PX4 PX4-Autopilot Mavlink Shell Closing mavlink_receiver.cpp handle_message_serial_control use after free |
| CVE-2025-9021 | 2025-08-15 | SourceCodester Online Bank Management System transfer.php sql injection |
| CVE-2025-9022 | 2025-08-15 | SourceCodester Online Bank Management System statements.php sql injection |
| CVE-2025-7650 | 2025-08-15 | BizCalendar Web <= 1.1.0.50 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2025-7641 | 2025-08-15 | Assistant for NextGEN Gallery <= 1.0.9 - Unauthenticated Arbitrary Directory Deletion |
| CVE-2025-7688 | 2025-08-15 | Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-7778 | 2025-08-15 | Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function |
| CVE-2025-8091 | 2025-08-15 | EventON Lite <= 2.4.6 - Authenticated (Contributor+) Information Disclosure |
| CVE-2025-8080 | 2025-08-15 | Alobaidi Captcha <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings |
| CVE-2025-8720 | 2025-08-15 | Plugin README Parser <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via target Parameter |
| CVE-2025-7507 | 2025-08-15 | elink – Embed Content <= 1.1.0 - Authenticated (Contributor+) Insufficient Input Validation |
| CVE-2025-8905 | 2025-08-15 | Inpersttion For Theme <= 1.0 - Authenticated (Contributor+) Arbitrary Function Call |
| CVE-2025-7662 | 2025-08-15 | Gestion de tarifs <= 1.4 - Authenticated (Contributor+) SQL Injection |
| CVE-2025-5844 | 2025-08-15 | Radius Blocks <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via subHeadingTagName Parameter |
| CVE-2025-9023 | 2025-08-15 | Tenda AC7/AC18 SetLEDCfg formSetSchedLed buffer overflow |
| CVE-2025-9024 | 2025-08-15 | PHPGurukul Beauty Parlour Management System book-appointment.php sql injection |
| CVE-2025-9025 | 2025-08-15 | code-projects Simple Cafe Ordering System portal.php sql injection |
| CVE-2025-9026 | 2025-08-15 | D-Link DIR-860L Simple Service Discovery Protocol cgibin ssdpcgi_main os command injection |
| CVE-2025-9027 | 2025-08-15 | code-projects Online Medicine Guide addelivery.php sql injection |
| CVE-2025-9028 | 2025-08-15 | code-projects Online Medicine Guide adphar.php sql injection |
| CVE-2025-26709 | 2025-08-15 | Unauthorized Access Vulnerability in ZTE F50 |
| CVE-2025-9046 | 2025-08-15 | Tenda AC20 setMacFilterCfg sub_46A2AC stack-based overflow |
| CVE-2025-9047 | 2025-08-15 | projectworlds Visitor Management System visitor_out.php sql injection |