Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2024-8398
2025-05-15
MEDIUM
4.3
The Simple Nav Archives WordPress plugin through 2.1.3 does not have CSRF check in place when updating its settings, which…
CVE-2024-8397
2025-05-15
MEDIUM
5.4
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors…
CVE-2024-8286
2025-05-15
MEDIUM
6.5
The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to…
CVE-2024-8284
2025-05-15
MEDIUM
4.8
The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-8245
2025-05-15
MEDIUM
4.3
The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow…
CVE-2024-8031
2025-05-15
MEDIUM
6.5
The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes…
CVE-2024-7984
2025-05-15
MEDIUM
4.3
The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings,…
CVE-2024-7769
2025-05-15
MEDIUM
4.8
The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-7762
2025-05-15
HIGH
7.5
The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to…
CVE-2024-7761
2025-05-15
MEDIUM
6.1
In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you…
CVE-2024-7759
2025-05-15
MEDIUM
4.8
The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow…
CVE-2024-7556
2025-05-15
MEDIUM
4.8
The Simple Share WordPress plugin through 0.5.3 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-6809
2025-05-15
CRITICAL
9.8
The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a parameter before using it in…
CVE-2024-6798
2025-05-15
MEDIUM
4.8
The DL Verification WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-6667
2025-05-15
MEDIUM
6.1
The KBucket: Your Curated Content in WordPress plugin before 4.1.5 does not sanitise and escape a parameter before outputting it…
CVE-2024-6665
2025-05-15
MEDIUM
4.8
The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which…
CVE-2024-6584
2025-05-15
CRITICAL
9.1
The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET requests to arbitrary URLs.
CVE-2023-6786
2025-05-15
MEDIUM
6.1
The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to…
CVE-2023-7088
2025-05-15
MEDIUM
5.4
The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which…
CVE-2023-7086
2025-05-15
MEDIUM
5.4
The SVG Uploads Support WordPress plugin through 2.1.1 does not sanitize uploaded SVG files, which could allow users with a…
CVE-2024-9305
2024-10-16
HIGH
8.1
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions…
CVE-2024-57776
2025-01-16
MEDIUM
4.6
A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts…
CVE-2024-57774
2025-01-16
MEDIUM
4.8
A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts…
CVE-2024-57773
2025-01-16
MEDIUM
4.8
A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts…
CVE-2024-57771
2025-01-16
MEDIUM
4.8
A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts…
CVE-2024-57772
2025-01-16
MEDIUM
4.8
A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts…
CVE-2024-12587
2025-01-11
MEDIUM
6.1
The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-12715
2025-01-09
MEDIUM
6.1
The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-12714
2025-01-09
MEDIUM
6.1
The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in…
CVE-2024-10568
2024-12-12
MEDIUM
4.7
The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow…
CVE-2024-10518
2024-12-12
MEDIUM
4.8
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does…
CVE-2024-10517
2024-12-12
MEDIUM
4.8
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does…
CVE-2024-10499
2024-12-12
HIGH
7.2
The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API…
CVE-2024-11972
2024-12-31
CRITICAL
9.8
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install…
CVE-2024-11842
2024-12-27
MEDIUM
4.3
The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating…
CVE-2024-11841
2024-12-16
MEDIUM
5.4
The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting…
CVE-2024-48074
2024-10-28
HIGH
8.0
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command…
CVE-2024-8983
2024-10-08
MEDIUM
4.8
Custom Twitter Feeds WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject…
CVE-2024-7313
2024-08-26
MEDIUM
6.1
The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the…
CVE-2024-6879
2024-08-26
MEDIUM
4.7
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying…
CVE-2024-6715
2024-08-23
MEDIUM
6.1
The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39
CVE-2024-3282
2024-08-23
MEDIUM
4.8
The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could…
CVE-2024-45404
2024-12-12
HIGH
8.1
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of…
CVE-2024-11107
2024-12-10
MEDIUM
6.1
The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page,…
CVE-2024-10708
2024-12-10
MEDIUM
4.9
The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high…
CVE-2022-38946
2024-12-09
CRITICAL
9.8
Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.
CVE-2022-38947
2024-12-09
CRITICAL
9.8
SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code.
CVE-2024-10480
2024-12-06
MEDIUM
4.3
The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could…
CVE-2024-10893
2024-12-03
MEDIUM
4.8
The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow…
CVE-2024-9934
2024-11-06
MEDIUM
6.1
The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page,…
« Anterior
Página 424 de 3527
Siguiente »
Page load link
Go to Top
