Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-12452 2025-11-04 MEDIUM 6.1 The Visit Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the widgets.php page.…
CVE-2025-12416 2025-11-04 MEDIUM 6.1 The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to…
CVE-2025-12415 2025-11-04 MEDIUM 6.1 The MapMap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation…
CVE-2025-12413 2025-11-04 MEDIUM 5.4 The Social Media WPCF7 Stop Words plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing…
CVE-2025-12412 2025-11-04 MEDIUM 6.1 The Top Bar Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect…
CVE-2025-12410 2025-11-04 MEDIUM 6.1 The SH Contextual Help plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing or incorrect…
CVE-2025-12403 2025-11-04 MEDIUM 6.1 The Associados Amazon Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect…
CVE-2025-12402 2025-11-04 MEDIUM 6.1 The LinkedIn Resume plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.00. This is due to missing or incorrect nonce…
CVE-2025-12400 2025-11-04 MEDIUM 6.1 The LMB^Box Smileys plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2. This is due to missing or incorrect nonce…
CVE-2025-12396 2025-11-04 MEDIUM 4.4 The clubmember plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.2 due to insufficient input sanitization and…
CVE-2025-12393 2025-11-04 MEDIUM 4.4 The Free Quotation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.6 due to insufficient input sanitization…
CVE-2025-12389 2025-11-04 MEDIUM 4.3 The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_setting() function in all versions…
CVE-2025-12371 2025-11-04 MEDIUM 4.4 The Nari Accountant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via account settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization…
CVE-2025-12369 2025-11-04 MEDIUM 6.4 The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `geojsonmarker` shortcode in all versions up to, and including, 4.7. This is…
CVE-2025-12350 2025-11-04 MEDIUM 5.3 The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_ajax_nopriv_dominokit_option_admin_action AJAX endpoint in all versions up to, and including,…
CVE-2025-12188 2025-11-04 MEDIUM 4.3 The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2025-12158 2025-11-04 CRITICAL 9.8 The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and…
CVE-2025-12157 2025-11-04 MEDIUM 5.3 The Simple User Capabilities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_reset_capability' AJAX endpoint in all versions…
CVE-2025-12156 2025-11-04 MEDIUM 4.3 The Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing…
CVE-2025-12065 2025-11-04 MEDIUM 4.4 The WP Carticon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carticon_js_script' parameter in all versions up to, and including, 1.0.0 due to insufficient input…
CVE-2025-11890 2025-11-04 HIGH 7.5 The Crypto Payment Gateway with Payeer for WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 1.0.3. This is due to…
CVE-2025-11812 2025-11-04 MEDIUM 6.4 The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'reuse_builder_single_post_title' shortcode in all versions up to, and including, 1.7. This is due to…
CVE-2025-11758 2025-11-04 MEDIUM 6.5 The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including,…
CVE-2025-11753 2025-11-04 MEDIUM 4.4 The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient…
CVE-2025-11733 2025-11-04 HIGH 7.2 The Footnotes Made Easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.0.7 due to insufficient input…
CVE-2025-11724 2025-11-04 HIGH 8.8 The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, 3.2.3. This is…
CVE-2025-11704 2025-11-04 HIGH 7.5 The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the `elegance-menu` shortcode.…
CVE-2025-10896 2025-11-04 HIGH 8.8 Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions…
CVE-2025-47370 2025-11-04 MEDIUM 6.5 Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.
CVE-2025-47368 2025-11-04 HIGH 7.8 Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.
CVE-2025-47367 2025-11-04 HIGH 7.8 Memory corruption while accessing a buffer during IOCTL processing.
CVE-2025-47365 2025-11-04 HIGH 7.8 Memory corruption while processing large input data from a remote source via a communication interface.
CVE-2025-47362 2025-11-04 MEDIUM 6.1 Information disclosure while processing message from client with invalid payload.
CVE-2025-47361 2025-11-04 HIGH 7.8 Memory corruption when triggering a subsystem crash with an out-of-range identifier.
CVE-2025-47360 2025-11-04 HIGH 7.8 Memory corruption while processing client message during device management.
CVE-2025-47357 2025-11-04 HIGH 8.0 Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions.
CVE-2025-47353 2025-11-04 HIGH 7.8 Memory corruption while processing request sent from GVM.
CVE-2025-47352 2025-11-04 HIGH 7.8 Memory corruption while processing audio streaming operations.
CVE-2025-27074 2025-11-04 HIGH 8.8 Memory corruption while processing a GP command response.
CVE-2025-27070 2025-11-04 HIGH 7.8 Memory corruption while performing encryption and decryption commands.
CVE-2025-27064 2025-11-04 MEDIUM 6.1 Information disclosure while registering commands from clients with diag through diagHal.
CVE-2025-12401 2025-11-04 MEDIUM 6.1 The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce…
CVE-2025-12070 2025-11-04 MEDIUM 4.3 The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing nonce validation on the…
CVE-2025-12069 2025-11-04 MEDIUM 4.3 The WP Global Screen Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing nonce…
CVE-2025-11008 2025-11-04 CRITICAL 9.8 The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible…
CVE-2025-11007 2025-11-04 CRITICAL 9.8 The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in versions 2.2.1 to…
CVE-2025-12324 2025-11-04 MEDIUM 6.4 The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `table` shortcode attributes in all versions up to,…
CVE-2025-11841 2025-11-04 MEDIUM 6.4 The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Chart Data attributes in all versions up to, and…
CVE-2025-43434 2025-11-04 MEDIUM 4.3 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted…
CVE-2025-43433 2025-11-04 HIGH 8.8 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously…
« Anterior Página 16 de 3627 Siguiente »