Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-9854
2025-10-03
MEDIUM
6.4
The A Simple Multilanguage Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'asmp-switcher' shortcode in all versions up to, and including, 1.0 due…
CVE-2025-9630
2025-10-03
MEDIUM
4.3
The WP SinoType plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce…
CVE-2025-9561
2025-10-03
HIGH
8.8
The AP Background plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization and insufficient file validation within the advParallaxBackAdminSaveSlider() handler in versions 3.8.1 to…
CVE-2025-9372
2025-10-03
MEDIUM
5.5
The Ultimate Multi Design Video Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4 due to insufficient input sanitization…
CVE-2025-9333
2025-10-03
MEDIUM
5.5
The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization…
CVE-2025-9332
2025-10-03
MEDIUM
5.5
The Interactive Human Anatomy with Clickable Body Parts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6…
CVE-2025-9286
2025-10-03
CRITICAL
9.8
The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to,…
CVE-2025-9213
2025-10-03
HIGH
8.8
The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken'…
CVE-2025-9212
2025-10-03
HIGH
7.5
The WP Dispatcher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wp_dispatcher_process_upload() function in all versions up to, and…
CVE-2025-9209
2025-10-03
CRITICAL
9.8
The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Authentication Bypass in versions 3.0.0 to 3.1.9.2. This is due to the plugin exposing user…
CVE-2025-9206
2025-10-03
MEDIUM
6.4
The Meks Easy Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title field in all version up to, and including, 2.1.4. This is…
CVE-2025-9204
2025-10-03
MEDIUM
6.4
The X Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Youtube Video ID field in all versions up to, and including, 1.0.14.…
CVE-2025-9200
2025-10-03
HIGH
7.5
The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nh_ynaa_comments() function in all…
CVE-2025-9199
2025-10-03
MEDIUM
6.5
The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including,…
CVE-2025-9198
2025-10-03
MEDIUM
6.5
The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient…
CVE-2025-9194
2025-10-03
MEDIUM
4.3
The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean() function in all versions up to, and…
CVE-2025-9130
2025-10-03
MEDIUM
6.4
The Unify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's unify_checkout shortcode in all versions up to, and including, 3.4.7 due to…
CVE-2025-9129
2025-10-03
MEDIUM
6.4
The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin for WordPress's flexi-form-tag shortcode in all versions up to, and including, 4.28 due to…
CVE-2025-9080
2025-10-03
MEDIUM
6.4
The Generic Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget fields in version 1.2.4 and earlier. This is due to insufficient input sanitization…
CVE-2025-9077
2025-10-03
MEDIUM
6.4
The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Animated Text' field of the Typeout Widget in version 1.1.9 and…
CVE-2025-9045
2025-10-03
MEDIUM
6.4
The Easy Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in versions less than, or equal to, 2.2.8 due to insufficient…
CVE-2025-8776
2025-10-03
MEDIUM
6.4
The Epic Bootstrap Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘icol’ parameter in all versions up to, and including, 1.0 due to insufficient…
CVE-2025-8669
2025-10-03
MEDIUM
4.3
The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the reset_customize_section function. This…
CVE-2025-7825
2025-10-03
MEDIUM
6.3
The Schema Plugin For Divi, Gutenberg & Shortcodes plugin for WordPress is vulnerable to Object Instantiation in all versions up to, and including, 4.3.2 via deserialization of untrusted…
CVE-2025-7721
2025-10-03
CRITICAL
9.8
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including,…
CVE-2025-49641
2025-10-03
N/A
0.0
A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of…
CVE-2025-40636
2025-10-03
N/A
0.0
SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability allows an attacker to retrieve database content via the ‘cip_vvisitcounter’ cookie at all endpoints where the plugin counts…
CVE-2025-27237
2025-10-03
N/A
0.0
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege…
CVE-2025-27236
2025-10-03
N/A
0.0
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows…
CVE-2025-27231
2025-10-03
N/A
0.0
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To…
CVE-2025-10726
2025-10-03
CRITICAL
9.1
The WPRecovery plugin for WordPress is vulnerable to SQL Injection via the 'data[id]' parameter in all versions up to, and including, 2.0. This is due to insufficient escaping…
CVE-2025-10582
2025-10-03
HIGH
8.8
The WP Dispatcher plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on…
CVE-2025-10311
2025-10-03
MEDIUM
4.3
The Comment Info Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing nonce validation…
CVE-2025-10309
2025-10-03
MEDIUM
4.3
The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on…
CVE-2025-10306
2025-10-03
LOW
3.8
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process_backup_batch() function.…
CVE-2025-10302
2025-10-03
MEDIUM
4.3
The Ultimate Viral Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect…
CVE-2025-10212
2025-10-03
MEDIUM
5.3
The SiteAlert (Formerly WP Health) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up…
CVE-2025-10192
2025-10-03
MEDIUM
6.4
The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppe_effect' shortcode in all versions up to, and including, 1.2.4 due to…
CVE-2025-10165
2025-10-03
MEDIUM
6.4
The AP Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'adv_parallax_back' shortcode in all versions up to, and including, 3.8.2 due to insufficient…
CVE-2025-10053
2025-10-03
MEDIUM
4.4
The TableGen – Data Table Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.1 due to…
CVE-2025-0876
2025-10-03
MEDIUM
4.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Isin Basi Advertisement Information Technologies Trade Inc. IT's Workif allows Cross-Site Scripting (XSS).This issue…
CVE-2025-11234
2025-10-03
HIGH
7.5
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to…
CVE-2025-6388
2025-10-03
CRITICAL
9.8
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the custom_actions() function not properly…
CVE-2025-0616
2025-10-03
HIGH
8.2
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Teknolojik Center Telecommunication Industry Trade Co. Ltd. B2B - Netsis Panel allows SQL Injection.This…
CVE-2025-11223
2025-10-03
HIGH
7.8
Installer of Panasonic AutoDownloader version 1.2.8 contains an issue with the DLL search path, which may lead to loading a crafted DLL file in the same directory.
CVE-2025-61671
2025-10-03
N/A
0.0
Rejected reason: Further research determined the issue is not an open source vulnerability.
CVE-2025-61599
2025-10-03
N/A
0.0
Emlog is an open source website building system. A stored Cross-Site Scripting (XSS) vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with…
CVE-2025-61597
2025-10-03
HIGH
7.6
Emlog is an open source website building system. In versions 2.5.21 and below, an HTML template injection allows stored cross‑site scripting (XSS) via the mail template settings. Once…
CVE-2025-61589
2025-10-03
MEDIUM
5.9
Cursor is a code editor built for programming with AI. In versions 1.6 and below, Mermaid (a to render diagrams) allows embedding images which then get rendered by…
CVE-2025-59536
2025-10-03
N/A
0.0
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could…
« Anterior
Página 405 de 3934
Siguiente »
Page load link
Go to Top
