Vulnerabilites CVE

Base de donnees CVE enrichie avec CISA KEV et NVD

Total: 330,272 CVEs

CVE ID	CVSS	Severite	KEV	Publie
CVE-2025-32202 Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress insert-or-embed-articulate-content-into-wordpress all...	N/A	NONE	—	4/10/2025
CVE-2025-32205 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in piotnetdotcom Piotnet Forms piotnetforms.This issue affects Piotnet Forms: from n/a through <= 1.0.30.	N/A	NONE	—	4/10/2025
CVE-2025-32206 Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects processing-projects allows Upload a Web Shell to a Web Server.This issue affects Processing Projects: from n...	N/A	NONE	—	4/10/2025
CVE-2025-32208 Missing Authorization vulnerability in Hive Support Hive Support hive-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support: from n/a through ...	N/A	NONE	—	4/10/2025
CVE-2025-32209 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Path Traversal.T...	N/A	NONE	—	4/10/2025
CVE-2025-32210 Missing Authorization vulnerability in CreativeMindsSolutions CM Registration and Invitation Codes cm-invitation-codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issu...	N/A	NONE	—	4/10/2025
CVE-2025-32212 Missing Authorization vulnerability in Specia Theme Specia Companion specia-companion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Specia Companion: from ...	N/A	NONE	—	4/10/2025
CVE-2025-32213 Missing Authorization vulnerability in flothemesplugins Flo Forms flo-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through <= 1....	N/A	NONE	—	4/10/2025
CVE-2025-32214 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support hive-support allows Stored XSS.This issue affects Hive Support: from n/a...	N/A	NONE	—	4/10/2025
CVE-2025-32215 Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Stored XSS.This issue affects Accessibility Suite: from n/a through <= 4.1...	N/A	NONE	—	4/10/2025
CVE-2025-32216 Missing Authorization vulnerability in Spider Themes Spider Elements spider-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spider Elements: from n/...	N/A	NONE	—	4/10/2025
CVE-2025-32221 Missing Authorization vulnerability in Spider Themes EazyDocs eazydocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through <= 2.7.1.	N/A	NONE	—	4/10/2025
CVE-2025-32227 Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum asgaros-forum allows Identity Spoofing.This issue affects Asgaros Forum: from n/a through <= 3.0.0.	N/A	NONE	—	4/10/2025
CVE-2025-46484 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nasir179125 Image Hover Effects For WPBakery Page Builder image-hover-effects-for-visual-composer ...	N/A	NONE	—	4/24/2025
CVE-2025-46485 Missing Authorization vulnerability in Carlo La Pera WP Customize Login Page wp-customize-login-page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Customize Log...	N/A	NONE	—	4/24/2025
CVE-2025-46489 Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce wc-bulk-assign-linked-products allows Accessing Functionality Not Properly Constrained by ACLs.This iss...	N/A	NONE	—	4/24/2025
CVE-2025-46491 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew Muro Multi-Column Taxonomy List multi-column-taxonomy-list allows Stored XSS.This issue af...	N/A	NONE	—	4/24/2025
CVE-2025-46492 Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now PHT Blog call-now-coccoc-pht-blog allows Stored XSS.This issue affects Call Now PHT Blog: from n/a through <= 2.4.1.	N/A	NONE	—	4/24/2025
CVE-2025-46495 Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Caps drop-caps allows Stored XSS.This issue affects Drop Caps: from n/a through <= 2.1.	N/A	NONE	—	4/24/2025
CVE-2025-46496 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oniswap Mini twitter feed mini-twitter-feed allows Stored XSS.This issue affects Mini twitter feed...	N/A	NONE	—	4/24/2025
CVE-2025-46497 Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics navegg allows Stored XSS.This issue affects Navegg Analytics: from n/a through <= 3.3.3.	N/A	NONE	—	4/24/2025
CVE-2025-46498 Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat zalo-official-live-chat allows Cross Site Request Forgery.This issue affects Zalo Official Live Chat: from n/a throu...	N/A	NONE	—	4/24/2025
CVE-2025-46499 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder PayPal Express Checkout paypal-express-checkout allows Stored XSS.This issue affects PayPa...	N/A	NONE	—	4/24/2025
CVE-2025-46501 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biancardi Mixcloud Embed mixcloud-embed allows Stored XSS.This issue affects Mixcloud Embed: from ...	N/A	NONE	—	4/24/2025
CVE-2025-46502 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta custom-taxonomy-category-and-term-fields allows ...	N/A	NONE	—	4/24/2025
CVE-2025-46503 Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Google Photos Grid simple-google-photos-grid allows Server Side Request Forgery.This issue affects Simple Google Photos Grid: from n/...	N/A	NONE	—	4/24/2025
CVE-2025-46523 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devignstudiosltd COVID-19 (Coronavirus) Update Your Customers covid-19-alert allows Stored XSS.Thi...	N/A	NONE	—	4/24/2025
CVE-2025-46524 Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter Post Category wp-filter-post-categories allows Stored XSS.This issue affects WP Filter Post Category: from n/a through <= 2.1.4.	N/A	NONE	—	4/24/2025
CVE-2025-46525 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in msmitley WP Cookie Consent wp-cookie-consent allows Stored XSS.This issue affects WP Cookie Consen...	N/A	NONE	—	4/24/2025
CVE-2025-46528 Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar availability allows Stored XSS.This issue affects Availability Calendar: from n/a through <= 0.2.4.	N/A	NONE	—	4/24/2025
CVE-2025-46529 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StressFree Sites Business Contact Widget business-contact-widget allows Stored XSS.This issue affe...	N/A	NONE	—	4/24/2025
CVE-2025-46530 Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment hacklog-remote-attachment allows Stored XSS.This issue affects Hacklog Remote Attachment: from n/a through <...	N/A	NONE	—	4/24/2025
CVE-2025-46531 Server-Side Request Forgery (SSRF) vulnerability in Ankur Vishwakarma WP AVCL Automation Helper (formerly WPFlyLeads) woozap allows Server Side Request Forgery.This issue affects WP AVCL Automation He...	N/A	NONE	—	4/24/2025
CVE-2025-46532 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haris Zulfiqar Tooltip wp-tooltip allows DOM-Based XSS.This issue affects Tooltip: from n/a throug...	N/A	NONE	—	4/24/2025
CVE-2025-46533 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdrift.no Landing pages and Domain aliases for WordPress landing-pages-and-domain-aliases allows ...	N/A	NONE	—	4/24/2025
CVE-2025-46534 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DanielRiera Image Style Hover image-content-show-hover allows DOM-Based XSS.This issue affects Ima...	N/A	NONE	—	4/24/2025
CVE-2025-46536 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RichardHarrison Carousel-of-post-images carousel-of-post-images allows DOM-Based XSS.This issue af...	N/A	NONE	—	4/24/2025
CVE-2025-46538 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webplanetsoft Inline Text Popup inline-text-popup allows DOM-Based XSS.This issue affects Inline T...	N/A	NONE	—	4/24/2025
CVE-2025-46540 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Mok GNA Search Shortcode gna-search-shortcode allows Stored XSS.This issue affects GNA Searc...	N/A	NONE	—	4/24/2025
CVE-2025-39413 Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap simple-sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a throu...	8.8	HIGH	—	4/30/2025
CVE-2025-27007 Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82.	N/A	NONE	—	5/1/2025
CVE-2025-39361 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Stored XSS.This issue affects Royal ...	5.4	MEDIUM	—	5/7/2025
CVE-2025-47439 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Chill Download Monitor download-monitor allows PHP Local File Inclusion.This...	N/A	NONE	—	5/7/2025
CVE-2025-47440 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Greg Winiarski WPAdverts wpadverts allows PHP Local File Inclusion.This issue a...	N/A	NONE	—	5/7/2025
CVE-2025-47441 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Reynolds Progress Bar progress-bar allows Stored XSS.This issue affects Progress Bar: from n...	N/A	NONE	—	5/7/2025
CVE-2025-47442 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CC CC BMI Calculator cc-bmi-calculator allows Stored XSS.This issue affects CC BMI Calculator: fro...	N/A	NONE	—	5/7/2025
CVE-2025-47443 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Widget Countdown widget-countdown allows Stored XSS.This issue affects Widget Countdown: ...	N/A	NONE	—	5/7/2025
CVE-2025-47446 Cross-Site Request Forgery (CSRF) vulnerability in listamester Listamester listamester allows Cross Site Request Forgery.This issue affects Listamester: from n/a through <= 2.3.6.	N/A	NONE	—	5/7/2025
CVE-2025-47447 Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak Cool Author Box hm-cool-author-box-widget allows Cross Site Request Forgery.This issue affects Cool Author Box: from n/a through <= 3....	N/A	NONE	—	5/7/2025
CVE-2025-47448 Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.1.9.	N/A	NONE	—	5/7/2025

Page 57 de 6606

Precedent Suivant

This product uses data from the NVD API but is not endorsed or certified by the NVD.