Total
277648 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1686 | 1 Villatheme | 1 Woocommerce Thank You Page Customizer | 2025-01-15 | 5.3 Medium |
| The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order data which may contain PII. | ||||
| CVE-2022-46810 | 1 Villatheme | 1 Woocommerce Thank You Page Customizer | 2025-01-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. | ||||
| CVE-2022-46812 | 1 Villatheme | 1 Woocommerce Thank You Page Customizer | 2025-01-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. | ||||
| CVE-2025-21298 | 2025-01-15 | 9.8 Critical | ||
| Windows OLE Remote Code Execution Vulnerability | ||||
| CVE-2025-21299 | 2025-01-15 | 7.1 High | ||
| Windows Kerberos Security Feature Bypass Vulnerability | ||||
| CVE-2025-21301 | 2025-01-15 | 6.5 Medium | ||
| Windows Geolocation Service Information Disclosure Vulnerability | ||||
| CVE-2025-22799 | 2025-01-15 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.This issue affects Neon Product Designer: from n/a through 2.1.1. | ||||
| CVE-2025-22798 | 2025-01-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer Responsive jQuery Slider allows Stored XSS.This issue affects Responsive jQuery Slider: from n/a through 1.1.1. | ||||
| CVE-2025-22797 | 2025-01-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oğulcan Özügenç Gallery and Lightbox allows Stored XSS.This issue affects Gallery and Lightbox: from n/a through 1.0.14. | ||||
| CVE-2025-22795 | 2025-01-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thorsten Krug Multilang Contact Form allows Reflected XSS.This issue affects Multilang Contact Form: from n/a through 1.5. | ||||
| CVE-2025-22793 | 2025-01-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bold Bold pagos en linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through 3.1.0. | ||||
| CVE-2025-22788 | 2025-01-15 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codexpert, Inc CoDesigner WooCommerce Builder for Elementor allows Stored XSS.This issue affects CoDesigner WooCommerce Builder for Elementor: from n/a through 4.7.17.2. | ||||
| CVE-2025-22787 | 2025-01-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5. | ||||
| CVE-2025-22786 | 2025-01-15 | 7.5 High | ||
| Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6. | ||||
| CVE-2025-22785 | 2025-01-15 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System allows SQL Injection.This issue affects Course Booking System: from n/a through 6.0.5. | ||||
| CVE-2025-21302 | 2025-01-15 | 8.8 High | ||
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21303 | 2025-01-15 | 8.8 High | ||
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21304 | 2025-01-15 | 7.8 High | ||
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | ||||
| CVE-2025-22784 | 2025-01-15 | 8.6 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Johan Ström Background Control allows Path Traversal.This issue affects Background Control: from n/a through 1.0.5. | ||||
| CVE-2025-22782 | 2025-01-15 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Upload a Web Shell to a Web Server.This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8. | ||||