CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-22683 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper NotificationX notificationx allows Stored XSS.This issue affects NotificationX: from n... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22684 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hakan Ozevin WP BASE Booking wp-base-booking-of-appointments-services-and-events allows Stored XSS... | 7.1 | HIGH | — | 0 |
| CVE-2025-22685 Cross-Site Request Forgery (CSRF) vulnerability in CheGevara29 Tags to Keywords tags-to-meta-keywords allows Stored XSS.This issue affects Tags to Keywords: from n/a through <= 1.0.1. | 7.1 | HIGH | — | 0 |
| CVE-2025-22686 Missing Authorization vulnerability in WesternDeal CF7 Google Sheets Connector cf7-google-sheets-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CF... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-22688 Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars unlimited-page-sidebars allows Stored XSS.This issue affects Unlimited Page Sidebars: from n/a through <= 0.2.6. | 7.1 | HIGH | — | 0 |
| CVE-2025-22690 Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration digitimber-cpanel-integration allows Stored XSS.This issue affects DigiTimber cPanel Integration: from n/a t... | 7.1 | HIGH | — | 0 |
| CVE-2025-22691 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows SQL Injection.This issue affects WP Travel: from n/a through ... | 7.6 | HIGH | — | 0 |
| CVE-2025-22693 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows SQL Injection.T... | 7.6 | HIGH | — | 0 |
| CVE-2025-22694 Missing Authorization vulnerability in Dotstore Hide Shipping Method For WooCommerce hide-shipping-method-for-woocommerce.This issue affects Hide Shipping Method For WooCommerce: from n/a through <= 1... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-22695 Authorization Bypass Through User-Controlled Key vulnerability in NirWp Team Nirweb support nirweb-support.This issue affects Nirweb support: from n/a through <= 3.0.3. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-22701 Server-Side Request Forgery (SSRF) vulnerability in shinetheme Traveler Layout Essential For Elementor traveler-layout-essential-for-elementor.This issue affects Traveler Layout Essential For Elemento... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-22703 Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder forge allows Stored XSS.This issue affects Forge – Front-End Page Builder: from n/a through <= 1.4.6. | 7.1 | HIGH | — | 0 |
| CVE-2025-22704 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abinav Thakuri WordPress Signature wordpress-signature allows Reflected XSS.This issue affects Wor... | 7.1 | HIGH | — | 0 |
| CVE-2025-22775 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in idiatech Catalog Importer, Scraper & Crawler intelligent-importer allows Reflected XSS.This issue ... | 7.1 | HIGH | — | 0 |
| CVE-2025-23491 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikash Srivastava VSTEMPLATE Creator vstemplate-creator allows Reflected XSS.This issue affects VS... | 7.1 | HIGH | — | 0 |
| CVE-2025-23527 Missing Authorization vulnerability in hemnathmouli WC Wallet wc-wallet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WC Wallet: from n/a through <= 2.2.0. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-23561 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robertkay MLL Audio Player MP3 Ajax music-let-loose-mp3-audio-player allows Stored XSS.This issue ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-23581 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in digitalzoomstudio Demo User DZS demo-user-dzs-showcase-your-admin-safely allows Stored XSS.This is... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-23582 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haider Ali Bulk Categories Assign bulk-categories-assign allows Reflected XSS.This issue affects B... | 7.1 | HIGH | — | 0 |
| CVE-2025-23588 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in baonguyenyam WOW Best CSS Compiler best-css-compiler allows Reflected XSS.This issue affects WOW B... | 7.1 | HIGH | — | 0 |
| CVE-2025-23590 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dezdy.com Dezdy dezdy-mcommerce allows Reflected XSS.This issue affects Dezdy: from n/a through <=... | 7.1 | HIGH | — | 0 |
| CVE-2025-23591 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blulogistics1 blu Logistics blu-logistics allows Reflected XSS.This issue affects blu Logistics: f... | 7.1 | HIGH | — | 0 |
| CVE-2025-23593 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kvvaradha EmailPress emailpress allows Reflected XSS.This issue affects EmailPress: from n/a throu... | 7.1 | HIGH | — | 0 |
| CVE-2025-23594 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uzzal Mondal Google Map With Fancybox location-piker allows Reflected XSS.This issue affects Googl... | 7.1 | HIGH | — | 0 |
| CVE-2025-23599 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aarvansh Infotech eMarksheet emarksheet allows Reflected XSS.This issue affects eMarksheet: from n... | 7.1 | HIGH | — | 0 |
| CVE-2025-23614 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in niksudan WordPress Additional Logins wp-additional-logins allows Reflected XSS.This issue affects ... | 7.1 | HIGH | — | 0 |
| CVE-2025-23685 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebTechGlobal RomanCart romancart-on-wordpress allows Reflected XSS.This issue affects RomanCart: ... | 7.1 | HIGH | — | 0 |
| CVE-2025-23747 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nitesh Awesome Timeline awesome-timeline allows Stored XSS.This issue affects Awesome Timeline: fr... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-23755 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tosend.it PAFacile pafacile allows Reflected XSS.This issue affects PAFacile: from n/a through <= ... | 7.1 | HIGH | — | 0 |
| CVE-2025-23799 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tubegtld .TUBE Video Curator tube-video-curator allows Reflected XSS.This issue affects .TUBE Vide... | 7.1 | HIGH | — | 0 |
| CVE-2025-23819 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Marco Milesi WP Cloud cloud allows Absolute Path Traversal.This issue affects WP Cloud: from n/a through... | 7.5 | HIGH | — | 0 |
| CVE-2025-23920 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sourcing Team ApplicantPro applicantpro allows Reflected XSS.This issue affects ApplicantPro: from... | 7.1 | HIGH | — | 0 |
| CVE-2025-23923 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wackey Lockets lockets allows Reflected XSS.This issue affects Lockets: from n/a through <= 0.999. | 7.1 | HIGH | — | 0 |
| CVE-2025-23984 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brainvireinfo Dynamic URL SEO dynamic-url-seo allows Reflected XSS.This issue affects Dynamic URL ... | 7.1 | HIGH | — | 0 |
| CVE-2025-24536 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThriveDesk ThriveDesk thrivedesk allows Reflected XSS.This issue affects ThriveDesk: from n/a thro... | 7.1 | HIGH | — | 0 |
| CVE-2025-24541 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dinamiko DK White Label dk-white-label allows Reflected XSS.This issue affects DK White Label: fro... | 7.1 | HIGH | — | 0 |
| CVE-2025-24544 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dashed-slug.net Bitcoin and Altcoin Wallets wallets allows Reflected XSS.This issue affects Bitcoi... | 7.1 | HIGH | — | 0 |
| CVE-2025-24545 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bannersky BSK Forms Validation bsk-gravity-forms-custom-validation allows Reflected XSS.This issue... | 7.1 | HIGH | — | 0 |
| CVE-2025-24557 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plainware PlainInventory z-inventory-manager allows Reflected XSS.This issue affects PlainInventor... | 7.1 | HIGH | — | 0 |
| CVE-2025-24559 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a th... | 7.1 | HIGH | — | 0 |
| CVE-2025-24569 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder pdf-generator-addon-for-elementor-page-b... | 7.5 | HIGH | — | 0 |
| CVE-2025-24574 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev WooCommerce Receipt Uploader pepro-bacs-receipt-upload-for-woocommerce a... | 7.1 | HIGH | — | 0 |
| CVE-2025-24576 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Landing Page Cat landing-page-cat allows Reflected XSS.This issue affects Landing Page ... | 7.1 | HIGH | — | 0 |
| CVE-2025-24605 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RealMag777 WOLF bulk-editor allows Path Traversal.This issue affects WOLF: from n/a through <= 1.0.8.5. | 4.9 | MEDIUM | — | 0 |
| CVE-2025-24620 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hkharpreetkumar1 AIO Shortcodes aio-shortcodes allows Stored XSS.This issue affects AIO Shortcodes... | 7.1 | HIGH | — | 0 |
| CVE-2025-24629 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpgear Import Excel to Gravity Forms gf-excel-import allows Reflected XSS.This issue affects Impor... | 7.1 | HIGH | — | 0 |
| CVE-2025-24630 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Sikshya LMS sikshya allows Reflected XSS.This issue affects Sikshya LMS: from n/a thro... | 7.1 | HIGH | — | 0 |
| CVE-2025-24631 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Email Assign Templates bp-email-assign-templates allows Reflected XSS.This issue affect... | 7.1 | HIGH | — | 0 |
| CVE-2025-24639 Insertion of Sensitive Information Into Sent Data vulnerability in Greys Korea for WooCommerce korea-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Korea for WooCommerce: f... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-24642 Missing Authorization vulnerability in theme funda Setup Default Featured Image setup-default-feature-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects S... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.