Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-29003
2025-06-06
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mva7 The Holiday Calendar allows Stored XSS. This issue affects The Holiday Calendar: from n/a through…
CVE-2025-28997
2025-06-06
MEDIUM
5.3
Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0.
CVE-2025-28996
2025-06-06
MEDIUM
4.3
Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5.
CVE-2025-28995
2025-06-06
MEDIUM
5.3
Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.
CVE-2025-28994
2025-06-06
MEDIUM
4.3
Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.
CVE-2025-28989
2025-06-06
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arildur Read More Login allows Stored XSS. This issue affects Read More Login: from n/a through…
CVE-2025-28986
2025-06-06
HIGH
8.2
Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin allows SQL Injection. This issue affects Epicwin Plugin: from n/a through 1.5.
CVE-2025-28985
2025-06-06
MEDIUM
5.4
Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through…
CVE-2025-28984
2025-06-06
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce allows Cross Site Request Forgery. This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through…
CVE-2025-28981
2025-06-06
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options allows Stored XSS. This issue affects WP Mail Options: from n/a through 0.2.3.
CVE-2025-28974
2025-06-06
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP allows Stored XSS. This issue affects Free WP Mail SMTP: from n/a through 1.0.
CVE-2025-28966
2025-06-06
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive allows Stored XSS. This issue affects Recent Posts Slider Responsive: from n/a through 1.0.1.
CVE-2025-28964
2025-06-06
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0.
CVE-2025-28958
2025-06-06
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaiskov Bg Orthodox Calendar allows Stored XSS. This issue affects Bg Orthodox Calendar: from n/a through 0.13.10.
CVE-2025-28954
2025-06-06
HIGH
7.4
Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp allows Path Traversal. This issue affects Backwp: from n/a through 2.0.2.
CVE-2025-28952
2025-06-06
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints allows Cross Site Request Forgery. This issue affects CubePoints: from n/a through 3.2.1.
CVE-2025-28950
2025-06-06
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post Author allows Stored XSS. This issue affects Post Author: from n/a through 1.1.1.
CVE-2025-28948
2025-06-06
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n/a through…
CVE-2025-27360
2025-06-06
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar allows Cross Site Request Forgery. This issue affects Quick Event Calendar: from n/a through 1.4.9.
CVE-2025-27359
2025-06-06
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager allows Cross Site Request Forgery. This issue affects WP Media File Type Manager: from n/a through…
CVE-2025-27334
2025-06-06
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ángel C. Simple Google Static Map allows DOM-Based XSS. This issue affects Simple Google Static Map:…
CVE-2025-26593
2025-06-06
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook allows Cross Site Request Forgery. This issue affects FastBook: from n/a through 1.1.
CVE-2025-26590
2025-06-06
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nir Complete Google Seo Scan allows SQL Injection. This issue affects Complete Google Seo…
CVE-2025-24778
2025-06-06
MEDIUM
5.4
Missing Authorization vulnerability in De paragon No Spam At All allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects No Spam At All: from n/a through…
CVE-2025-24776
2025-06-06
MEDIUM
5.4
Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks: from n/a through 1.0.
CVE-2025-24772
2025-06-06
MEDIUM
5.4
Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 allows Cross Site Request Forgery. This issue affects Pay with Contact Form 7: from n/a through…
CVE-2025-24763
2025-06-06
MEDIUM
5.3
Missing Authorization vulnerability in Pascal Casier bbPress API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects bbPress API: from n/a through 1.0.14.
CVE-2025-24762
2025-06-06
MEDIUM
5.4
Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19.
CVE-2025-23971
2025-06-06
MEDIUM
5.3
Missing Authorization vulnerability in whassan KI Live Video Conferences allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects KI Live Video Conferences: from n/a through 5.5.15.
CVE-2025-23969
2025-06-06
MEDIUM
5.3
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences allows Retrieve Embedded Sensitive Data. This issue affects KI Live Video…
CVE-2023-26003
2025-06-06
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vipul Jariwala WP Post Corrector allows SQL Injection. This issue affects WP Post Corrector:…
CVE-2023-26002
2025-06-06
MEDIUM
4.3
Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5.
CVE-2023-26001
2025-06-06
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marchetti Design Next Event Calendar allows Stored XSS. This issue affects Next Event Calendar: from n/a…
CVE-2023-26000
2025-06-06
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hanhdo205 Bang tinh vay allows Stored XSS. This issue affects Bang tinh vay: from n/a through…
CVE-2023-25997
2025-06-06
MEDIUM
6.5
Missing Authorization vulnerability in SolaPlugins Sola Support Ticket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sola Support Ticket: from n/a through 3.17.
CVE-2023-25995
2025-06-06
HIGH
7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in choicehomemortgage AI Mortgage Calculator allows PHP Local File Inclusion. This issue affects…
CVE-2025-5763
2025-06-06
MEDIUM
4.7
A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads…
CVE-2025-5762
2025-06-06
MEDIUM
6.3
A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file view_hematology.php. The manipulation of…
CVE-2025-5761
2025-06-06
MEDIUM
6.3
A vulnerability, which was classified as critical, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file /edit-family-member.php. The…
CVE-2025-5760
2025-06-06
MEDIUM
4.9
The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1.…
CVE-2025-5239
2025-06-06
MEDIUM
6.4
The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 3.0.10 due to insufficient…
CVE-2025-49077
2025-06-06
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic Pricing and Discount Rules allows Cross Site Request Forgery.This issue affects Dynamic Pricing and Discount Rules: from n/a through 2.2.9.
CVE-2025-49076
2025-06-06
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Innovations The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The…
CVE-2025-49075
2025-06-06
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist allows Stored XSS.This issue affects Wishlist: from n/a through 1.0.43.
CVE-2025-49074
2025-06-06
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemesGrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.4.
CVE-2025-49068
2025-06-06
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.4.8.
CVE-2025-49067
2025-06-06
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Stored XSS.This issue affects Nasa Core: from n/a before 6.4.1.
CVE-2025-48337
2025-06-06
MEDIUM
5.3
Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.
CVE-2025-48335
2025-06-06
MEDIUM
5.4
Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0.
CVE-2025-48329
2025-06-06
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Reflected XSS.This issue affects Real Time Validation…
« Anterior
Página 1096 de 4308
Siguiente »
Page load link
Go to Top
