Lista CVE 2025/28xxx

CVE nel gruppo: 28xxx

CVE-2025-28893 (Clicca per dettagli)

CVE-2025-28894 (WordPress Visual Text Editor plugin <= 1.2.1 - Remote Code Execution (RCE) vulnerability)

CVE-2025-28895 (WordPress List of Posts from each Category plugin for WordPress plugin <= 2.0 - CSRF to Stored XSS vulnerability)

CVE-2025-28896 (WordPress Custom top bar plugin <= 2.0.2 - CSRF to Stored XSS vulnerability)

CVE-2025-28897 (WordPress AS English Admin plugin <= 1.0.0 - Open Redirection vulnerability)

CVE-2025-28898 (WordPress Domain Theme plugin <= 1.3 - CSRF to Stored XSS vulnerability)

CVE-2025-28899 (WordPress WP Multistore Locator plugin <= 2.5.2 - SQL Injection vulnerability)

CVE-2025-28900 (WordPress WP Event Ticketing plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-28901 (WordPress TabGarb Pro plugin <= 2.6 - CSRF to Stored XSS vulnerability)

CVE-2025-28902 (WordPress Members page only for logged in users plugin <= 1.4.2 - CSRF to Stored XSS vulnerability)

CVE-2025-28903 (WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability)

CVE-2025-28904 (WordPress Driving Directions plugin <= 1.4.4 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-28905 (WordPress Web Directory Free plugin <= 1.7.6 - SQL Injection vulnerability)

CVE-2025-28906 (WordPress Featured Posts Grid plugin <= 1.7 - CSRF to Stored XSS vulnerability)

CVE-2025-28907 (WordPress Skitter Slideshow plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-28908 (WordPress WP Last Modified plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-28909 (WordPress pipDisqus plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-28910 (WordPress WP No-Bot Question plugin <= 0.1.7 - Cross Site Request Forgery (CSRF) vulnerability)

CVE-2025-28911 (WordPress WP Hide Admin Bar plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability)

CVE-2025-28912 (WordPress Gravity 2 PDF plugin <= 3.1.3 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-28913 (WordPress Custom Dashboard Page plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability)

CVE-2025-28914 (WordPress WP Add Active Class To Menu Item plugin <=1.0 - Cross Site Request Forgery (CSRF) vulnerability)

CVE-2025-28915 (WordPress wordpress login form to anywhere plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-28916 (WordPress ThemeEgg ToolKit plugin <= 1.2.9 - Arbitrary File Upload vulnerability)

CVE-2025-28917 (WordPress Docpro plugin <= 2.0.1 - Local File Inclusion vulnerability)

CVE-2025-28918 (WordPress Custom Smilies plugin <= 2.9.2 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-28919 (WordPress Featured Image Thumbnail Grid plugin <= 6.6.1 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-28920 (WordPress Easy Image Display plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-28921 (WordPress Responsive Google Map plugin <= 3.1.5 - Broken Access Control vulnerability)

CVE-2025-28922 (WordPress SpatialMatch IDX plugin <= 3.0.9 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-28923 (WordPress Go To Top plugin <= 0.0.8 - CSRF to Stored XSS vulnerability)

CVE-2025-28924 (WordPress No Disposable Email plugin <= 2.5.1 - CSRF to Stored XSS vulnerability)

CVE-2025-28925 (WordPress ZenphotoPress plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-28926 (WordPress WATI Chat and Notification plugin <= 1.1.2 - CSRF to Stored Cross Site Scripting (XSS) vulnerability)

CVE-2025-28927 (WordPress Post Read Time plugin <= 1.2.6 - Stored Cross Site Scripting (XSS) vulnerability)

CVE-2025-28928 (WordPress Display Template Name plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability)

CVE-2025-28929 (WordPress Are you robot google recaptcha for WordPress plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-28930 (WordPress Tabbed Login Widget plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-28931 (WordPress List Mixcloud plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-28932 (WordPress WordPress Hashtags plugin <= 0.3.2 - CSRF to Stored XSS vulnerability)

CVE-2025-28933 (WordPress Insert Code plugin <= 2.4 - CSRF to Stored XSS vulnerability)

CVE-2025-28934 (WordPress MaxA/B plugin <= 2.2.2 - CSRF to Stored XSS vulnerability)

CVE-2025-28935 (WordPress Simple Post Series plugin <= 2.4.4 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-28936 (WordPress Fancybox Plus plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability)

CVE-2025-28937 (WordPress Lunar plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-28938 (WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability)

CVE-2025-28939 (WordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerability)

CVE-2025-28940 (WordPress WP Google Calendar Manager plugin <= 2.1 - SQL Injection vulnerability)

CVE-2025-28941 (WordPress Back To Top Plugin <= 2.0 - Cross Site Request Forgery (CSRF) vulnerability)

CVE-2025-28942 (WordPress SPAM-BYBYE Plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability)

CVE-2025-28943 (WordPress Trust Payments Gateway for WooCommerce plugin <= 1.1.4 - SQL Injection vulnerability)