Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-57928 2025-09-22 MEDIUM 5.3 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Team AWP Classifieds allows Code Injection. This issue affects AWP Classifieds: from n/a…
CVE-2025-57927 2025-09-22 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Dashboard Notepad allows Cross Site Request Forgery. This issue affects Dashboard Notepad: from n/a through 1.42.
CVE-2025-57926 2025-09-22 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Passster allows Stored XSS. This issue affects Passster: from n/a through 4.2.18.
CVE-2025-57925 2025-09-22 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart Team allows PHP Local File Inclusion. This issue affects…
CVE-2025-57924 2025-09-22 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Automattic Developer allows Cross Site Request Forgery. This issue affects Developer: from n/a through 1.2.6.
CVE-2025-57923 2025-09-22 MEDIUM 5.3 Insertion of Sensitive Information Into Sent Data vulnerability in Ideal Postcodes UK Address Postcode Validation allows Retrieve Embedded Sensitive Data. This issue affects UK Address Postcode Validation: from…
CVE-2025-57922 2025-09-22 MEDIUM 5.3 Insertion of Sensitive Information Into Sent Data vulnerability in Coordinadora Mercantil S.A. Envíos Coordinadora Woocommerce allows Retrieve Embedded Sensitive Data. This issue affects Envíos Coordinadora Woocommerce: from n/a…
CVE-2025-57921 2025-09-22 MEDIUM 5.3 Missing Authorization vulnerability in N-Media Frontend File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frontend File Manager: from n/a through 23.2.
CVE-2025-57920 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CK MacLeod Category Featured Images Extended allows Stored XSS. This issue affects Category Featured Images Extended:…
CVE-2025-57919 2025-09-22 HIGH 7.2 Deserialization of Untrusted Data vulnerability in ConveyThis Language Translate Widget for WordPress – ConveyThis allows Object Injection. This issue affects Language Translate Widget for WordPress – ConveyThis: from…
CVE-2025-57918 2025-09-22 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in ERA404 LinkedInclude allows Stored XSS. This issue affects LinkedInclude: from n/a through 3.0.4.
CVE-2025-57917 2025-09-22 MEDIUM 4.3 Missing Authorization vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printcart Web to Print…
CVE-2025-57916 2025-09-22 MEDIUM 4.3 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Nurul Amin WP System Information allows Retrieve Embedded Sensitive Data. This issue affects WP System Information:…
CVE-2025-57915 2025-09-22 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in César Martín TOCHAT.BE allows Cross Site Request Forgery. This issue affects TOCHAT.BE: from n/a through 1.3.4.
CVE-2025-57914 2025-09-22 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Matat Technologies Deliver via Shipos for WooCommerce allows Cross Site Request Forgery. This issue affects Deliver via Shipos for WooCommerce: from n/a…
CVE-2025-57913 2025-09-22 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eleopard Behance Portfolio Manager allows Stored XSS. This issue affects Behance Portfolio Manager: from n/a through…
CVE-2025-57912 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dialogity Dialogity Free Live Chat allows Stored XSS. This issue affects Dialogity Free Live Chat: from…
CVE-2025-57911 2025-09-22 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Adverts allows DOM-Based XSS. This issue affects Adverts: from n/a through 1.4.
CVE-2025-57910 2025-09-22 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AnyClip Video Platform AnyClip Luminous Studio allows Stored XSS. This issue affects AnyClip Luminous Studio: from…
CVE-2025-57909 2025-09-22 MEDIUM 6.5 Missing Authorization vulnerability in Rouergue Création Editor Custom Color Palette allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Editor Custom Color Palette: from n/a through…
CVE-2025-57908 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Product Time Countdown for WooCommerce allows Stored XSS. This issue affects Product Time Countdown for…
CVE-2025-57907 2025-09-22 MEDIUM 5.3 Missing Authorization vulnerability in Heureka Group Heureka allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Heureka: from n/a through 1.1.0.
CVE-2025-57906 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in epeken Epeken All Kurir allows Stored XSS. This issue affects Epeken All Kurir: from n/a through…
CVE-2025-57905 2025-09-22 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Amin Y AgreeMe Checkboxes For WooCommerce allows Cross Site Request Forgery. This issue affects AgreeMe Checkboxes For WooCommerce: from n/a through 1.1.3.
CVE-2025-57904 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-EXPERTS.IN Sales Count Manager for WooCommerce allows Stored XSS. This issue affects Sales Count Manager for…
CVE-2025-57903 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSuperiors Developer WooCommerce Additional Fees On Checkout (Free) allows Stored XSS. This issue affects WooCommerce Additional…
CVE-2025-57902 2025-09-22 MEDIUM 6.5 Cross-Site Request Forgery (CSRF) vulnerability in Md Taufiqur Rahman RIS Version Switcher – Downgrade or Upgrade WP Versions Easily allows Cross Site Request Forgery. This issue affects RIS…
CVE-2025-57901 2025-09-22 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DAEXT Import Markdown allows Stored XSS. This issue affects Import Markdown: from n/a through 1.14.
CVE-2025-57900 2025-09-22 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.4.2.
CVE-2025-57899 2025-09-22 MEDIUM 5.3 Missing Authorization vulnerability in AresIT WP Compress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Compress: from n/a through 6.50.54.
CVE-2025-57898 2025-09-22 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Vega WP Frontend Admin allows Stored XSS. This issue affects WP Frontend Admin: from n/a…
CVE-2025-57685 2025-09-22 N/A 0.0 The LB-Link routers, including the BL-AC2100_AZ3 V1.0.4, BL-WR4000 v2.5.0, BL-WR9000_AE4 v2.4.9, BL-AC1900_AZ2 v1.0.2, BL-X26_AC8 v1.2.8, and BL-LTE300_DA4 V1.2.3 models, are vulnerable to unauthorized command injection. Attackers can exploit…
CVE-2025-55887 2025-09-22 N/A 0.0 Cross-Site Scripting (XSS) vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper…
CVE-2025-53570 2025-09-22 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DELUCKS DELUCKS SEO allows Stored XSS. This issue affects DELUCKS SEO: from n/a through 2.7.0.
CVE-2025-53469 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator allows Stored XSS. This issue affects BMI Adult &…
CVE-2025-53468 2025-09-22 HIGH 8.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in [email protected] Wp tabber widget allows SQL Injection. This issue affects Wp tabber widget: from…
CVE-2025-53467 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Login-Logout allows Stored XSS. This issue affects Login-Logout: from n/a through 3.8.
CVE-2025-53466 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeSolz Better Find and Replace allows Stored XSS. This issue affects Better Find and Replace: from…
CVE-2025-53465 2025-09-22 HIGH 7.2 Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector allows Object Injection. This issue affects GSheets Connector: from n/a through 1.1.1.
CVE-2025-53464 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ironikus WP Mailto Links allows Stored XSS. This issue affects WP Mailto Links: from n/a through…
CVE-2025-53463 2025-09-22 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Mega – Absolute Addons for WPBakery Page Builder allows DOM-Based XSS. This issue…
CVE-2025-53462 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SAPO SAPO Feed allows Stored XSS. This issue affects SAPO Feed: from n/a through 2.4.2.
CVE-2025-53461 2025-09-22 MEDIUM 4.4 Server-Side Request Forgery (SSRF) vulnerability in Binsaifullah Beaf allows Server Side Request Forgery. This issue affects Beaf: from n/a through 1.6.2.
CVE-2025-53460 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi AffiliateWP – External Referral Links allows Stored XSS. This issue affects AffiliateWP – External…
CVE-2025-53459 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ads by WPQuads Ads by WPQuads allows Stored XSS. This issue affects Ads by WPQuads: from…
CVE-2025-53458 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davaxi Goracash allows Stored XSS. This issue affects Goracash: from n/a through 1.1.
CVE-2025-53457 2025-09-22 MEDIUM 4.4 Server-Side Request Forgery (SSRF) vulnerability in activewebsight SEO Backlink Monitor allows Server Side Request Forgery. This issue affects SEO Backlink Monitor: from n/a through 1.6.0.
CVE-2025-53456 2025-09-22 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in activewebsight SEO Backlink Monitor allows Cross Site Request Forgery. This issue affects SEO Backlink Monitor: from n/a through 1.6.0.
CVE-2025-53455 2025-09-22 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CashBill CashBill.pl – Płatności WooCommerce allows Stored XSS. This issue affects CashBill.pl – Płatności WooCommerce: from…
CVE-2025-53454 2025-09-22 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Ultimate WP Mail allows Stored XSS. This issue affects Ultimate WP Mail: from n/a through…
« Anterior Página 433 de 3933 Siguiente »