Lista CVE - 2025 / Gennaio
Visualizzazione 3401 - 3500 di 4277 CVE per Gennaio 2025 (Pagina 35 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-24613 | 2025-01-24 | WordPress FV Thoughtful Comments plugin <= 0.3.5 - Broken Access Control vulnerability |
| CVE-2025-24634 | 2025-01-24 | WordPress Orbisius Simple Notice plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24652 | 2025-01-24 | WordPress WP Duplicate plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-24627 | 2025-01-24 | WordPress Blur Text Plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24638 | 2025-01-24 | WordPress Create with Code plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24623 | 2025-01-24 | WordPress Really Simple Security plugin <= 9.1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24625 | 2025-01-24 | WordPress Taxonomy/Term and Role based Discounts for WooCommerce plugin <= 5.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24650 | 2025-01-24 | WordPress Tourfic plugin <= 2.15.3 - Arbitrary File Upload vulnerability |
| CVE-2025-24647 | 2025-01-24 | WordPress WooCommerce Cloak Affiliate Links plugin <= 1.0.35 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24644 | 2025-01-24 | WordPress WooCommerce PDF Invoices plugin <= 4.7.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24657 | 2025-01-24 | WordPress Wishlist for WooCommerce plugin <=2.1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24663 | 2025-01-24 | WordPress Simple Download Monitor plugin <= 3.9.25 - SQL Injection vulnerability |
| CVE-2025-24649 | 2025-01-24 | WordPress Admin and Site Enhancements (ASE) Plugin <= 7.6.2 - Broken Access Control vulnerability |
| CVE-2025-24659 | 2025-01-24 | WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.6 - SQL Injection vulnerability |
| CVE-2025-24668 | 2025-01-24 | WordPress PPOM for WooCommerce plugin <= 33.0.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24672 | 2025-01-24 | WordPress Form Builder CP Plugin <= 1.2.41 - SQL Injection vulnerability |
| CVE-2025-24658 | 2025-01-24 | WordPress Auction Nudge – Your eBay on Your Site plugin <= 7.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24669 | 2025-01-24 | WordPress SERPed.net Plugin <= 4.4 - SQL Injection vulnerability |
| CVE-2025-24673 | 2025-01-24 | WordPress Ketchup Shortcodes Plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24679 | 2025-01-24 | WordPress Internal Links Manager plugin <= 2.5.2 - Broken Access Control vulnerability |
| CVE-2025-24666 | 2025-01-24 | WordPress Hyve Lite plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24675 | 2025-01-24 | WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24702 | 2025-01-24 | WordPress Xagio SEO plugin <= 7.0.0.20 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24687 | 2025-01-24 | WordPress Show/Hide Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24682 | 2025-01-24 | WordPress Super Block Slider plugin <= 2.7.9 - Broken Access Control vulnerability |
| CVE-2025-24678 | 2025-01-24 | WordPress Listamester Plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24681 | 2025-01-24 | WordPress Product Carousel Slider & Grid Ultimate for WooCommerce Plugin <= 1.10.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24693 | 2025-01-24 | WordPress Advanced Notifications plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2025-24691 | 2025-01-24 | WordPress People Lists plugin <= 1.3.10 - Broken Access Control vulnerability |
| CVE-2025-24701 | 2025-01-24 | WordPress Chained Quiz Plugin <= 1.3.2.9 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-24695 | 2025-01-24 | WordPress Extensions For CF7 Plugin <= 3.2.0 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-24683 | 2025-01-24 | WordPress RSVP and Event Management Plugin <= 2.7.14 - SQL Injection vulnerability |
| CVE-2025-24674 | 2025-01-24 | WordPress ShMapper by Teplitsa Plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24704 | 2025-01-24 | WordPress Magic the Gathering Card Tooltips plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24705 | 2025-01-24 | WordPress WooCommerce Quick View plugin <= 1.1.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-24714 | 2025-01-24 | WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24711 | 2025-01-24 | WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24698 | 2025-01-24 | WordPress Essential Real Estate plugin <= 5.1.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24712 | 2025-01-24 | WordPress Radius Blocks – WordPress Gutenberg Blocks Plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24709 | 2025-01-24 | WordPress Plethora Plugins Tabs + Accordions plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24706 | 2025-01-24 | WordPress MultiVendorX plugin <= 4.2.13 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24696 | 2025-01-24 | WordPress Gutenberg Blocks and Page Layouts Plugin <= 1.9.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24720 | 2025-01-24 | WordPress Sticky Buttons Plugin <= 4.1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24722 | 2025-01-24 | WordPress FAQ Builder AYS Plugin <= 1.7.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24713 | 2025-01-24 | WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24715 | 2025-01-24 | WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24703 | 2025-01-24 | WordPress Comment Edit Core – Simple Comment Editing Plugin <= 3.0.33 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2025-24717 | 2025-01-24 | WordPress Modal Window Plugin <= 6.1.4 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24727 | 2025-01-24 | WordPress Contact Form to Email Plugin <= 1.3.52 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24716 | 2025-01-24 | WordPress Herd Effects Plugin <= 6.2.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24739 | 2025-01-24 | WordPress FluentSMTP plugin <= 2.2.80 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24724 | 2025-01-24 | WordPress Side Menu Lite Plugin <= 5.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-24732 | 2025-01-24 | WordPress BookingPress Plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24731 | 2025-01-24 | WordPress IP2Location Country Blocker plugin <= 2.38.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24719 | 2025-01-24 | WordPress Widget Countdown plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24723 | 2025-01-24 | WordPress Booking Calendar Contact Form Plugin <= 1.2.55 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24728 | 2025-01-24 | WordPress Bug Library plugin <= 2.1.4 - SQL Injection vulnerability |
| CVE-2025-24738 | 2025-01-24 | WordPress Call Now Button plugin <= 1.4.13 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-24730 | 2025-01-24 | WordPress WP VR plugin <= 8.5.14 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24725 | 2025-01-24 | WordPress Thim Elementor Kit Plugin <= 1.2.8 - Broken Access Control vulnerability |
| CVE-2025-24726 | 2025-01-24 | WordPress Contact Form 7 Widget plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24733 | 2025-01-24 | WordPress Post Grid Master plugin <= 3.4.12 - Local File Inclusion vulnerability |
| CVE-2025-24721 | 2025-01-24 | WordPress Easy YouTube Gallery plugin <= 1.0.4 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24729 | 2025-01-24 | WordPress ElementInvader Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24756 | 2025-01-24 | WordPress Roi Calculator plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2025-24750 | 2025-01-24 | WordPress ExactMetrics plugin <= 8.1.0 - Broken Access Control vulnerability |
| CVE-2025-24751 | 2025-01-24 | WordPress CoBlocks plugin <= 3.1.13 - Broken Access Control vulnerability |
| CVE-2025-24753 | 2025-01-24 | WordPress Kadence Blocks plugin <= 3.3.1 - Broken Access Control vulnerability |
| CVE-2025-24755 | 2025-01-24 | WordPress PDF Invoices for WooCommerce plugin <= 4.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24746 | 2025-01-24 | WordPress Popup Maker plugin <= 1.20.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24736 | 2025-01-24 | WordPress Post Duplicator plugin <= 2.35 - Broken Access Control vulnerability |
| CVE-2024-35122 | 2025-01-24 | IBM i denial of service |
| CVE-2025-24587 | 2025-01-24 | WordPress Email Subscription Popup plugin <= 1.2.23 - SQL Injection vulnerability |
| CVE-2019-15690 | 2025-01-24 | LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability... |
| CVE-2025-0702 | 2025-01-24 | JoeyBling bootplus SysFileController.java unrestricted upload |
| CVE-2025-24362 | 2025-01-24 | CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts |
| CVE-2025-0703 | 2025-01-24 | JoeyBling bootplus SysFileController.java path traversal |
| CVE-2025-0704 | 2025-01-24 | JoeyBling bootplus QrCodeController.java qrCode resource consumption |
| CVE-2024-52807 | 2025-01-24 | XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher` |
| CVE-2025-24363 | 2025-01-24 | The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information |
| CVE-2025-0705 | 2025-01-24 | JoeyBling bootplus QrCodeController.java qrCode redirect |
| CVE-2025-0706 | 2025-01-24 | JoeyBling bootplus admin.html cross site scripting |
| CVE-2025-0707 | 2025-01-24 | Rise Group Rise Mode Temp CPU Startup CRYPTBASE.dll untrusted search path |
| CVE-2025-0708 | 2025-01-24 | fumiao opencms Add Model Management Page addOrUpdate cross site scripting |
| CVE-2025-0709 | 2025-01-24 | Dcat-Admin Roles Page roles cross site scripting |
| CVE-2025-0710 | 2025-01-24 | CampCodes School Management Software Notice Board Page notice-list cross site scripting |
| CVE-2025-21262 | 2025-01-24 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2025-24360 | 2025-01-25 | Opening a malicious website while running a Nuxt dev server could allow read-only access to code |
| CVE-2025-24361 | 2025-01-25 | Opening a malicious website while running a Nuxt dev server could allow read-only access to code |
| CVE-2025-0357 | 2025-01-25 | WPBookit <= 1.6.9 - Unauthenticated Arbitrary File Upload |
| CVE-2024-13709 | 2025-01-25 | Linear <= 2.8.1 - Cross-Site Request Forgery to Cache Reset |
| CVE-2025-0411 | 2025-01-25 | 7-Zip Mark-of-the-Web Bypass Vulnerability |
| CVE-2025-0682 | 2025-01-25 | ThemeREX Addons <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2024-13721 | 2025-01-25 | Plethora Plugins Tabs + Accordions <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor |
| CVE-2024-10552 | 2025-01-25 | Flexmls® IDX Plugin <= 3.14.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via API parameters |
| CVE-2024-12600 | 2025-01-25 | Custom Product Tabs Lite for WooCommerce <= 1.9.0 - Authenticated (Shop Manager+) PHP Object Injection |
| CVE-2024-12816 | 2025-01-25 | NOTICE BOARD BY TOWKIR <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12512 | 2025-01-25 | Ask Me Anything (Anonymously) <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12076 | 2025-01-25 | Target Video Easy Publish <= 3.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-12529 | 2025-01-25 | brodos.net Onlineshop Plugin <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |