CVE-2025-31384 - Aviplugins Videos Reflected Cross-Site Scripting (XSS)
CVE ID : CVE-2025-31384
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31384
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Aviplugins Videos allows Reflected XSS.This issue affects Videos: from n/a through 1.0.5.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31389 - Sequel.Io Sequel Cross-site Scripting (XSS)
CVE ID : CVE-2025-31389
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sequel.Io Sequel allows Reflected XSS.This issue affects Sequel: from n/a through 1.0.11.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31389
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sequel.Io Sequel allows Reflected XSS.This issue affects Sequel: from n/a through 1.0.11.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31403 - Shiptrack SQL Injection Vulnerability
CVE ID : CVE-2025-31403
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31403
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shiptrack Booking Calendar and Notification allows Blind SQL Injection.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31405 - Zankover Fami WooCommerce Compare PHP Local File Inclusion
CVE ID : CVE-2025-31405
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami WooCommerce Compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through 1.0.5.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31405
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami WooCommerce Compare allows PHP Local File Inclusion.This issue affects Fami WooCommerce Compare: from n/a through 1.0.5.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31407 - Hutsixdigital Tiger Cross-site Scripting Vulnerability
CVE ID : CVE-2025-31407
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31407
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31416 - Awesome Event Booking Cross-site Scripting (XSS)
CVE ID : CVE-2025-31416
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through 2.8.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31416
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwesomeTOGI Awesome Event Booking allows Reflected XSS.This issue affects Awesome Event Booking: from n/a through 2.8.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31418 - Noonnoo Gravel Cross-site Scripting
CVE ID : CVE-2025-31418
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noonnoo Gravel allows Reflected XSS.This issue affects Gravel: from n/a through 1.6.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31418
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in noonnoo Gravel allows Reflected XSS.This issue affects Gravel: from n/a through 1.6.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3249 - TOTOLINK A6000R Lua Command Injection Vulnerability
CVE ID : CVE-2025-3249
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3249
Published : April 4, 2025, 2:15 p.m. | 44 minutes ago
Description : A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32256 - Devsoftbaltic SurveyJS Missing Authorization Vulnerability
CVE ID : CVE-2025-32256
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Missing Authorization vulnerability in devsoftbaltic SurveyJS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SurveyJS: from n/a through 1.12.20.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32256
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Missing Authorization vulnerability in devsoftbaltic SurveyJS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects SurveyJS: from n/a through 1.12.20.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32257 - 1 Click WordPress Migration Information Disclosure
CVE ID : CVE-2025-32257
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration allows Retrieve Embedded Sensitive Data. This issue affects 1 Click WordPress Migration: from n/a through 2.2.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32257
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration allows Retrieve Embedded Sensitive Data. This issue affects 1 Click WordPress Migration: from n/a through 2.2.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32258 - InfoGiants Simple Website Logo Missing Authorization Vulnerability
CVE ID : CVE-2025-32258
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Missing Authorization vulnerability in InfoGiants Simple Website Logo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Website Logo: from n/a through 1.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32258
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Missing Authorization vulnerability in InfoGiants Simple Website Logo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Website Logo: from n/a through 1.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32261 - Kuppuraj Advanced All in One Admin Search by WP Spotlight CSRF
CVE ID : CVE-2025-32261
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery. This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through 1.1.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32261
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Kuppuraj Advanced All in One Admin Search by WP Spotlight allows Cross Site Request Forgery. This issue affects Advanced All in One Admin Search by WP Spotlight: from n/a through 1.1.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32262 - RDP Wiki Embed CSRF
CVE ID : CVE-2025-32262
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Robert D Payne RDP Wiki Embed allows Cross Site Request Forgery. This issue affects RDP Wiki Embed: from n/a through 1.2.20.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32262
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Robert D Payne RDP Wiki Embed allows Cross Site Request Forgery. This issue affects RDP Wiki Embed: from n/a through 1.2.20.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32263 - BeRocket Sequential Order Numbers for WooCommerce CSRF Vulnerability
CVE ID : CVE-2025-32263
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in BeRocket Sequential Order Numbers for WooCommerce allows Cross Site Request Forgery. This issue affects Sequential Order Numbers for WooCommerce: from n/a through 3.6.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32263
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in BeRocket Sequential Order Numbers for WooCommerce allows Cross Site Request Forgery. This issue affects Sequential Order Numbers for WooCommerce: from n/a through 3.6.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32264 - UltraAddons Elementor Lite CSRF Vulnerability
CVE ID : CVE-2025-32264
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam UltraAddons Elementor Lite allows Cross Site Request Forgery. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32264
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam UltraAddons Elementor Lite allows Cross Site Request Forgery. This issue affects UltraAddons Elementor Lite: from n/a through 2.0.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32265 - JobWP CSRF Vulnerability
CVE ID : CVE-2025-32265
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.3.9.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32265
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.3.9.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32266 - WordPress Buy CSRF
CVE ID : CVE-2025-32266
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in wp-buy 404 Image Redirection (Replace Broken Images) allows Cross Site Request Forgery. This issue affects 404 Image Redirection (Replace Broken Images): from n/a through 1.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32266
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in wp-buy 404 Image Redirection (Replace Broken Images) allows Cross Site Request Forgery. This issue affects 404 Image Redirection (Replace Broken Images): from n/a through 1.4.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32267 - WordPress to Hootsuite CSRF
CVE ID : CVE-2025-32267
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media – WordPress to Hootsuite allows Cross Site Request Forgery. This issue affects Post to Social Media – WordPress to Hootsuite: from n/a through 1.5.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32267
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media – WordPress to Hootsuite allows Cross Site Request Forgery. This issue affects Post to Social Media – WordPress to Hootsuite: from n/a through 1.5.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32268 - 15.to QR Code Tag for WC CSRF Attack Vector
CVE ID : CVE-2025-32268
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in www.15.to QR Code Tag for WC allows Cross Site Request Forgery. This issue affects QR Code Tag for WC: from n/a through 1.9.36.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32268
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in www.15.to QR Code Tag for WC allows Cross Site Request Forgery. This issue affects QR Code Tag for WC: from n/a through 1.9.36.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32269 - Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms CSRF Vulnerability
CVE ID : CVE-2025-32269
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Cross Site Request Forgery. This issue affects WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through 1.1.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32269
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Cross Site Request Forgery. This issue affects WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through 1.1.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32270 - Broadstreet CSRF Vulnerability
CVE ID : CVE-2025-32270
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Broadstreet Broadstreet allows Cross Site Request Forgery. This issue affects Broadstreet: from n/a through 1.51.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32270
Published : April 4, 2025, 4:15 p.m. | 1 hour, 15 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Broadstreet Broadstreet allows Cross Site Request Forgery. This issue affects Broadstreet: from n/a through 1.51.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...