Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-1988 2026-02-14 HIGH 7.5 The Flexi Product Slider and Grid for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.5 via the `flexipsg_carousel`…
CVE-2026-1987 2026-02-14 MEDIUM 5.4 The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the `scheduler_widget_ajax_save_event()` function…
CVE-2026-1985 2026-02-14 MEDIUM 6.4 The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 3D Model Gutenberg block in all versions up to, and including, 1.0.2. This is due…
CVE-2026-1944 2026-02-14 MEDIUM 5.3 The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbk_save() function in all versions up…
CVE-2026-1939 2026-02-14 MEDIUM 6.4 The Percent to Infograph plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `percent_to_graph` shortcode in all versions up to, and including, 1.0 due to insufficient…
CVE-2026-1915 2026-02-14 MEDIUM 6.4 The Simple Plyr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'poster' parameter in the 'plyr' shortcode in all versions up to, and including, 0.0.1…
CVE-2026-1910 2026-02-14 MEDIUM 6.4 The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lang' attribute of the 'upmenu-menu' shortcode in all versions up…
CVE-2026-1905 2026-02-14 MEDIUM 6.4 The Sphere Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in the 'show_sphere_image' shortcode in all versions up to, and including, 1.0.2…
CVE-2026-1903 2026-02-14 MEDIUM 6.4 The Ravelry Designs Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'layout' attribute of the 'sb_ravelry_designs' shortcode in all versions up to, and including,…
CVE-2026-1901 2026-02-14 MEDIUM 6.4 The QuestionPro Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'questionpro' shortcode in all versions up to, and including, 1.0 due to insufficient input…
CVE-2026-1796 2026-02-14 MEDIUM 6.1 The StyleBidet plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 1.0.0 due to insufficient input sanitization…
CVE-2026-1795 2026-02-14 MEDIUM 6.1 The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient…
CVE-2026-1792 2026-02-14 MEDIUM 6.1 The Geo Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL path in all versions up to, and including, 1.0 due to insufficient input…
CVE-2026-1394 2026-02-14 MEDIUM 4.3 The WP Quick Contact Us plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce…
CVE-2026-1306 2026-02-14 CRITICAL 9.8 The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions…
CVE-2026-1303 2026-02-14 MEDIUM 5.3 The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the…
CVE-2026-1187 2026-02-14 MEDIUM 6.4 The ZoomifyWP Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filename' parameter of the 'zoomify' shortcode in all versions up to, and including, 1.1…
CVE-2026-1096 2026-02-14 MEDIUM 6.4 The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'google_map_view' shortcode in all versions up to, and including,…
CVE-2026-0753 2026-02-14 HIGH 7.2 The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sscf_name' parameter in all versions up to, and including, 1.6.2 due to…
CVE-2026-0751 2026-02-14 MEDIUM 6.4 The Payment Page | Payment Form for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricing_plan_select_text_font_family' parameter in all versions up to, and including,…
CVE-2026-0745 2026-02-14 HIGH 7.2 The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the…
CVE-2026-0736 2026-02-14 MEDIUM 6.4 The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_inpost_head_script[synth_header_script]' post meta field in all versions up to, and including,…
CVE-2026-0735 2026-02-14 MEDIUM 4.4 The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tab_color_picker_language_switch' parameter in all versions up to, and including, 1.6.10 due to insufficient…
CVE-2026-0727 2026-02-14 MEDIUM 5.4 The Accordion and Accordion Slider plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.4.5. This is due to the plugin not…
CVE-2026-0693 2026-02-14 MEDIUM 4.4 The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is…
CVE-2026-0559 2026-02-14 MEDIUM 6.4 The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm_lms_courses_grid_display' shortcode in all versions…
CVE-2026-0557 2026-02-14 MEDIUM 6.4 The WP Data Access plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpda_app' shortcode in all versions up to, and including, 5.5.63 due to…
CVE-2025-6792 2026-02-14 MEDIUM 5.3 The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest…
CVE-2025-15483 2026-02-14 MEDIUM 4.4 The Link Hopper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hop_name’ parameter in all versions up to, and including, 2.5 due to insufficient input…
CVE-2025-14873 2026-02-14 MEDIUM 4.3 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This…
CVE-2025-14852 2026-02-14 MEDIUM 4.3 The MDirector Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.8. This is due to missing nonce verification on…
CVE-2026-1932 2026-02-14 MEDIUM 5.3 The Appointment Booking Calendar Plugin – Bookr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update-appointment REST API…
CVE-2026-2469 2026-02-14 HIGH 7.6 Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the id() function in…
CVE-2026-2144 2026-02-14 HIGH 8.1 The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the…
CVE-2026-2027 2026-02-14 MEDIUM 4.4 The AMP Enhancer – Compatibility Layer for Official AMP Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AMP Custom CSS setting in all versions up…
CVE-2026-1983 2026-02-14 MEDIUM 4.3 The SEATT: Simple Event Attendance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing nonce…
CVE-2026-1912 2026-02-14 MEDIUM 6.4 The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2…
CVE-2026-1904 2026-02-14 MEDIUM 6.4 The Simple Wp colorfull Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'accordion' shortcode in all versions up to, and…
CVE-2026-1754 2026-02-14 MEDIUM 6.1 The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.3 due to insufficient input sanitization…
CVE-2026-1164 2026-02-14 MEDIUM 6.1 The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2.5 due to insufficient…
CVE-2026-0692 2026-02-14 HIGH 7.5 The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.0. This is due to the plugin…
CVE-2026-26303 2026-02-14 N/A 0.0 Rejected reason: Not used
CVE-2026-26302 2026-02-14 N/A 0.0 Rejected reason: Not used
CVE-2026-26301 2026-02-14 N/A 0.0 Rejected reason: Not used
CVE-2026-26300 2026-02-14 N/A 0.0 Rejected reason: Not used
CVE-2026-26299 2026-02-14 N/A 0.0 Rejected reason: Not used
CVE-2026-26298 2026-02-14 N/A 0.0 Rejected reason: Not used
CVE-2026-26297 2026-02-14 N/A 0.0 Rejected reason: Not used
CVE-2026-26296 2026-02-14 N/A 0.0 Rejected reason: Not used
CVE-2026-26295 2026-02-14 N/A 0.0 Rejected reason: Not used
« Anterior Página 299 de 4232 Siguiente »