Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-14625 2026-01-07 MEDIUM 6.7 Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules)…
CVE-2025-14614 2026-01-07 MEDIUM 6.7 Insecure Temporary File vulnerability in Altera Quartus Prime Standard  Installer (SFX) on Windows, Altera Quartus Prime Lite  Installer (SFX) on Windows allows Explore for Predictable Temporary File Names.This…
CVE-2025-14468 2026-01-07 MEDIUM 4.3 The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to…
CVE-2025-14465 2026-01-07 MEDIUM 4.3 The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect…
CVE-2025-14460 2026-01-07 MEDIUM 5.3 The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to…
CVE-2025-14453 2026-01-07 MEDIUM 6.4 The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style_css' shortcode attribute in all versions up to, and including, 1.0.4 due to…
CVE-2025-14370 2026-01-07 MEDIUM 5.3 The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the…
CVE-2025-14352 2026-01-07 MEDIUM 5.3 The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.php shortcode handler in all versions up to,…
CVE-2025-14147 2026-01-07 MEDIUM 6.4 The Easy GitHub Gist Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the gist shortcode in all versions up to, and…
CVE-2025-14145 2026-01-07 MEDIUM 6.4 The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter of the nh_row shortcode in all versions…
CVE-2025-14144 2026-01-07 MEDIUM 6.4 The Mstoic Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'start' parameter of the ms_youtube_embeds shortcode in all versions up to, and including, 2.0…
CVE-2025-14131 2026-01-07 MEDIUM 6.1 The WP Widget Changer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.2.5 due to insufficient…
CVE-2025-14130 2026-01-07 MEDIUM 6.1 The Post Like Dislike plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.0 due to insufficient…
CVE-2025-14128 2026-01-07 MEDIUM 6.1 The Stumble! for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.1.1 due to insufficient…
CVE-2025-14127 2026-01-07 MEDIUM 6.1 The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 0.2.1 due to insufficient input…
CVE-2025-14122 2026-01-07 MEDIUM 6.4 The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliding_faq' shortcode in all versions up to, and including, 2.4 due to insufficient…
CVE-2025-14121 2026-01-07 MEDIUM 6.4 The EDD Download Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'edd_download_info_link' shortcode in all versions up to, and including, 1.1 due to insufficient…
CVE-2025-14118 2026-01-07 MEDIUM 6.1 The Starred Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the PHP_SELF variable in all versions up to, and including, 1.4.2 due to insufficient input…
CVE-2025-14114 2026-01-07 MEDIUM 6.4 The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient…
CVE-2025-14113 2026-01-07 MEDIUM 6.4 The Viitor Button Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' shortcode attribute in all versions up to, and including, 3.0.0 due to…
CVE-2025-14112 2026-01-07 MEDIUM 6.4 The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menu_style' shortcode attribute in all versions up to, and including, 2.2.1 due to insufficient…
CVE-2025-14110 2026-01-07 MEDIUM 6.4 The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.21…
CVE-2025-14109 2026-01-07 MEDIUM 6.4 The AH Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'column' shortcode attribute in all versions up to, and including, 1.0.2 due to insufficient…
CVE-2025-14077 2026-01-07 MEDIUM 4.3 The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation…
CVE-2025-14070 2026-01-07 HIGH 7.5 The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'send_test_email' AJAX action in all versions up to,…
CVE-2025-14059 2026-01-07 MEDIUM 6.5 The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path…
CVE-2025-14057 2026-01-07 MEDIUM 4.4 The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 17.0.39 due to insufficient input…
CVE-2025-14053 2026-01-07 MEDIUM 6.4 The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input…
CVE-2025-14028 2026-01-07 MEDIUM 4.4 The Contact Us Simple Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient…
CVE-2025-13990 2026-01-07 MEDIUM 4.3 The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation…
CVE-2025-13974 2026-01-07 MEDIUM 4.4 The Email Customizer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email template content in all versions up to, and including, 2.6.7 due to…
CVE-2025-13887 2026-01-07 MEDIUM 6.4 The AI BotKit – AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in the `ai_botkit_widget` shortcode…
CVE-2025-13849 2026-01-07 MEDIUM 6.4 The Cool YT Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoid' parameter in all versions up to, and including, 1.0 due to insufficient…
CVE-2025-13848 2026-01-07 MEDIUM 6.4 The STM Gallery 1.9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'composicion' parameter in all versions up to, and including, 0.9 due to insufficient…
CVE-2025-13847 2026-01-07 MEDIUM 6.4 The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'time' parameter in all versions up to, and including, 0.2.1 due to insufficient input sanitization…
CVE-2025-13841 2026-01-07 MEDIUM 6.4 The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' and 'verticalalign' parameters of the 'app-store-download' shortcode in all versions up to,…
CVE-2025-13801 2026-01-07 HIGH 7.5 The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via the file parameter. This makes it possible for…
CVE-2025-13722 2026-01-07 MEDIUM 5.3 The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including,…
CVE-2025-13694 2026-01-07 MEDIUM 5.3 The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied…
CVE-2025-13667 2026-01-07 MEDIUM 6.4 The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due…
CVE-2025-13657 2026-01-07 MEDIUM 4.3 The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing or incorrect…
CVE-2025-13531 2026-01-07 MEDIUM 6.4 The Stylish Order Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'product_name' parameter in all versions up to, and including, 1.0 due to…
CVE-2025-13529 2026-01-07 MEDIUM 5.3 The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and…
CVE-2025-13527 2026-01-07 MEDIUM 4.3 The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the…
CVE-2025-13521 2026-01-07 MEDIUM 4.3 The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect…
CVE-2025-13520 2026-01-07 MEDIUM 4.3 The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce…
CVE-2025-13519 2026-01-07 MEDIUM 6.1 The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect…
CVE-2025-13497 2026-01-07 MEDIUM 6.4 The Recras WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'recrasname' shortcode attribute in all versions up to, and including, 6.4.1. This is due…
CVE-2025-13496 2026-01-07 MEDIUM 5.3 The Moosend Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the moosend_landings_auth_get function in all versions up…
CVE-2025-13493 2026-01-07 HIGH 7.5 The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization…
« Anterior Página 461 de 4268 Siguiente »