Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-30935	2025-06-06	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NickDuncan Contact Form allows DOM-Based XSS. This issue…
CVE-2025-30934	2025-06-06	MEDIUM	5.3	Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects 診断ジェネレータ作成プラグイン: from n/a…
CVE-2025-30932	2025-06-06	MEDIUM	5.4	Missing Authorization vulnerability in WP Compress WP Compress for MainWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue…
CVE-2025-30931	2025-06-06	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamil Shafeev «Подсказки» от DaData.ru allows Stored XSS.…
CVE-2025-30930	2025-06-06	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unreal Themes ACF: Yandex Maps Field allows Stored…
CVE-2025-30928	2025-06-06	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vicchi WP Biographia allows Stored XSS. This issue…
CVE-2025-30927	2025-06-06	MEDIUM	4.3	Missing Authorization vulnerability in Wordapp Team Wordapp allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordapp: from…
CVE-2025-30638	2025-06-06	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PowieT Powie's Uptime Robot allows Stored XSS. This…
CVE-2025-30637	2025-06-06	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This…
CVE-2025-30636	2025-06-06	MEDIUM	5.4	Missing Authorization vulnerability in Ability, Inc Accessibility Suite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility…
CVE-2025-30634	2025-06-06	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IWEBIX WP Featured Content Slider allows Stored XSS.…
CVE-2025-30632	2025-06-06	MEDIUM	5.4	Cross-Site Request Forgery (CSRF) vulnerability in pozzad Global Translator allows Cross Site Request Forgery. This issue affects Global Translator: from…
CVE-2025-30630	2025-06-06	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pozzad Global Translator allows Stored XSS. This issue…
CVE-2025-30629	2025-06-06	MEDIUM	4.3	Cross-Site Request Forgery (CSRF) vulnerability in Codehaveli Bitly URL Shortener allows Cross Site Request Forgery. This issue affects Bitly URL…
CVE-2025-30627	2025-06-06	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regolithsjk Elegant Visitor Counter allows Stored XSS. This…
CVE-2025-30625	2025-06-06	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Pramschufer AppBanners allows Stored XSS. This issue…
CVE-2025-30624	2025-06-06	MEDIUM	4.3	Missing Authorization vulnerability in WordLift WordLift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordLift: from n/a…
CVE-2025-29013	2025-06-06	MEDIUM	5.4	Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order allows Exploiting Incorrectly Configured Access Control Security Levels. This issue…
CVE-2025-29011	2025-06-06	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer YouTube Simple Gallery allows Stored XSS.…
CVE-2025-29010	2025-06-06	MEDIUM	4.3	Missing Authorization vulnerability in eleopard Behance Portfolio Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Behance…
CVE-2025-29008	2025-06-06	MEDIUM	4.9	Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark allows Server Side Request Forgery. This issue affects SocialMark: from n/a through…
CVE-2025-29006	2025-06-06	MEDIUM	5.3	Missing Authorization vulnerability in centangle Direct Checkout for WooCommerce Lite allows Accessing Functionality Not Properly Constrained by ACLs. This issue…
CVE-2025-29005	2025-06-06	MEDIUM	4.3	Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR Management Lite allows Cross Site Request Forgery. This issue affects HR Management…
CVE-2025-29003	2025-06-06	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mva7 The Holiday Calendar allows Stored XSS. This…
CVE-2025-28997	2025-06-06	MEDIUM	5.3	Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP…
CVE-2025-28996	2025-06-06	MEDIUM	4.3	Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP…
CVE-2025-28995	2025-06-06	MEDIUM	5.3	Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects…
CVE-2025-28994	2025-06-06	MEDIUM	4.3	Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects…
CVE-2025-28989	2025-06-06	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arildur Read More Login allows Stored XSS. This…
CVE-2025-28986	2025-06-06	HIGH	8.2	Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin allows SQL Injection. This issue affects Epicwin Plugin: from n/a through…
CVE-2025-28985	2025-06-06	MEDIUM	5.4	Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue…
CVE-2025-28984	2025-06-06	MEDIUM	4.3	Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce allows Cross Site Request Forgery. This issue affects…
CVE-2025-28981	2025-06-06	HIGH	7.1	Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options allows Stored XSS. This issue affects WP Mail Options: from…
CVE-2025-28974	2025-06-06	HIGH	7.1	Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP allows Stored XSS. This issue affects Free WP Mail…
CVE-2025-28966	2025-06-06	HIGH	7.1	Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive allows Stored XSS. This issue affects Recent Posts Slider…
CVE-2025-28964	2025-06-06	HIGH	7.1	Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through…
CVE-2025-28958	2025-06-06	HIGH	7.1	Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaiskov Bg Orthodox Calendar allows Stored XSS. This issue affects Bg Orthodox Calendar:…
CVE-2025-28954	2025-06-06	HIGH	7.4	Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp allows Path Traversal. This issue affects Backwp: from n/a through 2.0.2.
CVE-2025-28952	2025-06-06	MEDIUM	4.3	Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints allows Cross Site Request Forgery. This issue affects CubePoints: from n/a…
CVE-2025-28950	2025-06-06	HIGH	7.1	Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post Author allows Stored XSS. This issue affects Post Author: from n/a…
CVE-2025-28948	2025-06-06	HIGH	7.1	Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay…
CVE-2025-27360	2025-06-06	MEDIUM	4.3	Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar allows Cross Site Request Forgery. This issue affects Quick…
CVE-2025-27359	2025-06-06	MEDIUM	4.3	Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager allows Cross Site Request Forgery. This issue affects…
CVE-2025-27334	2025-06-06	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ángel C. Simple Google Static Map allows DOM-Based…
CVE-2025-26593	2025-06-06	MEDIUM	4.3	Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook allows Cross Site Request Forgery. This issue affects FastBook: from n/a through…
CVE-2025-26590	2025-06-06	HIGH	7.6	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nir Complete Google Seo Scan allows…
CVE-2025-24778	2025-06-06	MEDIUM	5.4	Missing Authorization vulnerability in De paragon No Spam At All allows Exploiting Incorrectly Configured Access Control Security Levels. This issue…
CVE-2025-24776	2025-06-06	MEDIUM	5.4	Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks:…
CVE-2025-24772	2025-06-06	MEDIUM	5.4	Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 allows Cross Site Request Forgery. This issue affects…
CVE-2025-24763	2025-06-06	MEDIUM	5.3	Missing Authorization vulnerability in Pascal Casier bbPress API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects bbPress…

« Anterior Página 294 de 3506 Siguiente »