Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-59592
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Acosta Make Column Clickable Elementor allows Stored XSS. This issue affects Make Column Clickable Elementor:…
CVE-2025-59591
2025-09-22
MEDIUM
4.3
Missing Authorization vulnerability in AdvancedCoding wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpDiscuz: from n/a through 7.6.33.
CVE-2025-59590
2025-09-22
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media Library Assistant allows Stored XSS. This issue affects Media Library Assistant: from n/a…
CVE-2025-59589
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad allows DOM-Based XSS. This issue affects Soledad: from n/a through 8.6.8.
CVE-2025-59588
2025-09-22
HIGH
7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad allows PHP Local File Inclusion. This issue affects Soledad: from…
CVE-2025-59587
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance allows DOM-Based XSS. This issue affects Penci Shortcodes & Performance: from…
CVE-2025-59586
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Portfolio allows DOM-Based XSS. This issue affects Penci Portfolio: from n/a through 3.5.
CVE-2025-59585
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Recipe allows DOM-Based XSS. This issue affects Penci Recipe: from n/a through 4.0.
CVE-2025-59584
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Podcast allows DOM-Based XSS. This issue affects Penci Podcast: from n/a through 1.6.
CVE-2025-59583
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Filter Everything allows DOM-Based XSS. This issue affects Penci Filter Everything: from n/a through…
CVE-2025-59582
2025-09-22
MEDIUM
5.3
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More allows Retrieve Embedded Sensitive Data. This issue affects Ajax Load More:…
CVE-2025-59581
2025-09-22
MEDIUM
6.5
Missing Authorization vulnerability in VW THEMES Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ibtana: from n/a through 1.2.5.3.
CVE-2025-59577
2025-09-22
MEDIUM
4.3
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Stylemix MasterStudy LMS allows Leveraging Race Conditions. This issue affects MasterStudy LMS: from n/a through 3.6.20.
CVE-2025-59576
2025-09-22
MEDIUM
6.5
Missing Authorization vulnerability in Stylemix MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.6.20.
CVE-2025-59574
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Travel Engine WP Travel Engine allows Stored XSS. This issue affects WP Travel Engine: from…
CVE-2025-59573
2025-09-22
MEDIUM
5.3
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in CozyThemes Cozy Blocks allows Code Injection. This issue affects Cozy Blocks: from n/a through…
CVE-2025-59572
2025-09-22
HIGH
8.8
Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core allows Cross Site Request Forgery. This issue affects WorkScout-Core: from n/a through n/a.
CVE-2025-59570
2025-09-22
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through…
CVE-2025-59569
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emraan Cheema CubeWP allows Stored XSS. This issue affects CubeWP: from n/a through 1.1.26.
CVE-2025-59568
2025-09-22
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Flow Zoho Flow allows Cross Site Request Forgery. This issue affects Zoho Flow: from n/a through 2.14.1.
CVE-2025-59567
2025-09-22
MEDIUM
5.5
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.8.0.
CVE-2025-59565
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce allows Stored XSS. This issue affects Upsell Order…
CVE-2025-59562
2025-09-22
MEDIUM
5.5
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Academy LMS: from n/a through 3.3.4.
CVE-2025-59561
2025-09-22
MEDIUM
4.3
Missing Authorization vulnerability in hashthemes Smart Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Blocks: from n/a through 2.4.
CVE-2025-59559
2025-09-22
MEDIUM
4.3
Missing Authorization vulnerability in payrexx Payrexx Payment Gateway for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payrexx Payment Gateway for WooCommerce: from n/a…
CVE-2025-59553
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coderz Studio Custom iFrame for Elementor allows DOM-Based XSS. This issue affects Custom iFrame for Elementor:…
CVE-2025-59552
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pdfcrowd Dev Team Save as PDF allows Stored XSS. This issue affects Save as PDF: from…
CVE-2025-59551
2025-09-22
MEDIUM
4.3
Missing Authorization vulnerability in WP Chill Revive.so allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so: from n/a through 2.0.6.
CVE-2025-59549
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps GetResponse Forms allows Stored XSS. This issue affects GetResponse Forms: from n/a through 2.6.0.
CVE-2025-59430
2025-09-22
HIGH
8.2
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables…
CVE-2025-58992
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple allows Stored XSS. This issue affects Product Catalog Simple: from n/a through…
CVE-2025-58974
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5.2.
CVE-2025-58973
2025-09-22
HIGH
7.5
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hashthemes Easy Elementor Addons allows PHP Local File Inclusion. This issue affects…
CVE-2025-58969
2025-09-22
MEDIUM
5.3
Missing Authorization vulnerability in Greg Winiarski Custom Login URL allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Login URL: from n/a through 1.0.2.
CVE-2025-58968
2025-09-22
MEDIUM
5.0
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MaxiBlocks: from n/a through 2.1.3.
CVE-2025-58965
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Inc. Fusion Page Builder : Extension – Gallery allows Stored XSS. This issue affects…
CVE-2025-58962
2025-09-22
MEDIUM
6.4
Server-Side Request Forgery (SSRF) vulnerability in publitio Publitio allows Server Side Request Forgery. This issue affects Publitio: from n/a through 2.2.1.
CVE-2025-58960
2025-09-22
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through…
CVE-2025-58957
2025-09-22
MEDIUM
4.3
Missing Authorization vulnerability in Vikas Ratudi VPSUForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VPSUForm: from n/a through 3.2.20.
CVE-2025-58956
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System allows Stored XSS. This issue affects WP Attractive Donations System: from n/a through n/a.
CVE-2025-58704
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ren Ventura WP Delete User Accounts allows Stored XSS. This issue affects WP Delete User Accounts:…
CVE-2025-58703
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skyword Skyword API Plugin allows Stored XSS. This issue affects Skyword API Plugin: from n/a through…
CVE-2025-58702
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebWizards MarketKing allows Stored XSS. This issue affects MarketKing: from n/a through 2.0.92.
CVE-2025-58691
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Genesis Club Lite allows Stored XSS. This issue affects Genesis Club Lite: from n/a…
CVE-2025-58690
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect allows Stored XSS. This issue affects Doliconnect: from n/a through 9.5.7.
CVE-2025-58689
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tapfiliate Tapfiliate allows Stored XSS. This issue affects Tapfiliate: from n/a through 3.2.2.
CVE-2025-58688
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support allows Stored XSS. This issue affects Casengo Live Chat Support: from n/a through 2.1.4.
CVE-2025-58687
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin allows Stored XSS. This issue affects Current Age Plugin: from n/a through 1.6.
CVE-2025-58686
2025-09-22
HIGH
8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quadlayers Perfect Brands for WooCommerce allows SQL Injection. This issue affects Perfect Brands for…
CVE-2025-58685
2025-09-22
MEDIUM
5.3
Missing Authorization vulnerability in cecabank Cecabank WooCommerce Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cecabank WooCommerce Plugin: from n/a through 0.3.4.
« Anterior
Página 436 de 3933
Siguiente »
Page load link
Go to Top
