Pagina 4 – Azienda Sicura

Lista CVE 2025/25xxx

CVE nel gruppo: 25xxx

CVE-2025-25112 (Clicca per dettagli)

CVE-2025-25113 (WordPress Social Links plugin <= 1.2 - SQL Injection vulnerability)

CVE-2025-25114 (WordPress Implied Cookie Consent plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-25115 (WordPress User Role plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-25116 (WordPress Like dislike plus counter plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-25117 (WordPress Link to URL / Post plugin <=1.3 - SQL Injection vulnerability)

CVE-2025-25118 (WordPress Smart Countdown FX plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-25119 (WordPress WPOptin plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-25120 (WordPress Woocommerce osCommerce Sync plugin <= 2.0.20 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-25121 (WordPress Slide Banners plugin <= 1.3 - Broken Access Control vulnerability)

CVE-2025-25122 (WordPress Theme Options Z Plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability)

CVE-2025-25123 (WordPress WizShop Plugin <= 3.0.2 - Local File Inclusion vulnerability)

CVE-2025-25124 (WordPress Easy Related Posts plugin <= 2.0.2 - CSRF to Stored XSS vulnerability)

CVE-2025-25125 (WordPress Status Updater Plugin <= 9.21 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-25126 (WordPress Fyrebox Quizzes plugin <= 2.7 - CSRF to Stored XSS vulnerability)

CVE-2025-25127 (WordPress ZMSEO plugin <= 1.14.1 - CSRF to Stored XSS vulnerability)

CVE-2025-25128 (WordPress Contact Us By Lord Linus Plugin <= 2.6 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-25129 (WordPress Facilita Form Tracker plugin <= 1.0 - CSRF to Stored XSS vulnerability)

CVE-2025-25130 (WordPress Callback Request plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-25131 (WordPress Delete Comments By Status plugin <= 1.5.3 - Local File Inclusion vulnerability)

CVE-2025-25132 (WordPress RJ Quickcharts plugin <= 0.6.1 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-25133 (WordPress Visitor Details plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-25134 (WordPress WP Frontend Submit Plugin <= 1.1.0 - Reflected Cross-Site Scripting vulnerability)

CVE-2025-25135 (WordPress Theme Demo Bar Plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-25136 (WordPress Custom Links On Admin Dashboard Toolbar plugin <= 3.3 - CSRF to Stored XSS vulnerability)

CVE-2025-25137 (WordPress Optimate Ads plugin <= 1.0.3 - Cross-Site Scripting (XSS) vulnerability)

CVE-2025-25138 (WordPress Social Links plugin <= 1.0.11 - Stored Cross-Site Scripting vulnerability)

CVE-2025-25139 (WordPress On Page SEO + Social Live Chat (Formerly OPS) plugin <= 2.0.0 - CSRF to Stored XSS vulnerability)

CVE-2025-25140 (WordPress WP Custom Post RSS Feed plugin <= 1.0.0 - CSRF to Stored XSS vulnerability)

CVE-2025-25141 (WordPress Simple User Profile plugin <= 1.9 - CSRF to Stored XSS vulnerability)

CVE-2025-25142 (WordPress Fami Sales Popup plugin <= 2.0.0 - Local File Inclusion vulnerability)

CVE-2025-25143 (WordPress WP Less Compiler plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-25144 (WordPress GlobalQuran Plugin <= 1.0 - CSRF to Settings Change vulnerability)

CVE-2025-25145 (WordPress Theasys plugin <= 1.0.1 - CSRF to Stored XSS vulnerability)

CVE-2025-25146 (WordPress Infusionsoft Analytics Plugin <= 2.0 - Cross-Site Request Forgery (CSRF) vulnerability)

CVE-2025-25147 (WordPress Songkick Concerts and Festivals plugin <= 0.9.7 - Cross Site Request Forgery (CSRF) vulnerability)

CVE-2025-25148 (WordPress Auto SEO plugin <= 2.5.6 - CSRF to Stored XSS vulnerability)

CVE-2025-25149 (WordPress Read More Copy Link plugin <= 1.0.2 - CSRF to Stored XSS vulnerability)

CVE-2025-25150 (WordPress Login-box plugin <= 2.0.4 - CSRF to Stored XSS vulnerability)

CVE-2025-25151 (Directory Listings WordPress uListing plugin <= 2.1.6 - SQL Injection vulnerability)

CVE-2025-25152 (WordPress uListing Plugin <= 2.1.6 - SQL Injection vulnerability)

CVE-2025-25153 (WordPress Smart DoFollow plugin <= 1.0.2 - CSRF to Stored XSS vulnerability)

CVE-2025-25154 (WordPress Simple Auto Tag plugin <= 1.1 - CSRF to Stored XSS vulnerability)

CVE-2025-25155 (WordPress Custom Comment Notifications plugin <= 1.0.8 - CSRF to Stored XSS vulnerability)

CVE-2025-25156 (WordPress Music Sheet Viewer plugin <= 4.1 - Arbitrary File Read vulnerability)

CVE-2025-25157 (WordPress Quote Comments plugin <= 2.2.1 - CSRF to Stored XSS vulnerability)

CVE-2025-25158 (WordPress WP Church Center Plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-25159 (WordPress Uncomplicated SEO plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-25160 (WordPress WP doodlez plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-25161 (WordPress Style Tweaker plugin <= 0.11 - CSRF to Stored XSS vulnerability)

CVE-2025-25162 (WordPress WP Find Your Nearest Plugin <= 0.3.1 - CSRF to Settings Change vulnerability)

CVE-2025-25163 (WordPress Sports Rankings and Lists plugin <= 2.3 - Arbitrary File Download vulnerability)

CVE-2025-25164 (WordPress Plugin A/B Image Optimizer Plugin <= 3.3 - Arbitrary File Download vulnerability)

CVE-2025-25165 (WordPress Meta Accelerator plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-25166 (WordPress Staff Directory Plugin: Company Directory Plugin <= 4.3 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-25167 (WordPress InLocation plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-25168 (WordPress BookPress – For Book Authors Plugin <= 1.2.7 - Broken Access Control vulnerability)

CVE-2025-25169 (WordPress BookPress – For Book Authors Plugin <= 1.2.7 - CSRF to Stored XSS vulnerability)

CVE-2025-25170 (WordPress Authors Autocomplete Meta Box plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-25175 (WordPress Migrate Posts Plugin <=1.0 - Post Based Cross Site Scripting (XSS) vulnerability)

CVE-2025-25181 (Clicca per dettagli)

CVE-2025-25182 (Clicca per dettagli)

CVE-2025-25183 (Stroom Authentication/Authorization Bypass when using AWS ALB)

CVE-2025-25184 (vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache)

CVE-2025-25185 (Possible Log Injection in Rack::CommonLogger)

CVE-2025-25186 (GPT Academic allows arbitary file read by tarfile uncompress within softlink)

CVE-2025-25187 (Net::IMAP vulnerable to possible DoS by memory exhaustion)

CVE-2025-25188 (Cross-site Scripting in Goto Anything allows arbitrary code execution in Joplin)

CVE-2025-25189 (DNSSEC validation may accept broken authentication chains)

CVE-2025-25190 ([XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script)

CVE-2025-25191 ([XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server)

CVE-2025-25192 (Group-Office has a Stored XSS Vulnerability via user’s name field)

CVE-2025-25193 (GLPI allows unauthorized access to debug mode)

CVE-2025-25194 (Denial of Service attack on windows app using Netty)

CVE-2025-25195 (Server-Side Request Forgery (SSRF) in activitypub_federation)

CVE-2025-25196 (Zulip events can leak private channel names)

CVE-2025-25198 (OpenFGA Authorization Bypass)

CVE-2025-25199 (mailcow: dockerized vulnerable to password reset poisoning)

CVE-2025-25200 (BCryptGenerateSymmetricKey memory leak)

CVE-2025-25201 (Koa has Inefficient Regular Expression Complexity)

Precedente Successivo