Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-1191 2026-01-24 MEDIUM 4.4 The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 1.2.8. This is due to insufficient…
CVE-2026-1189 2026-01-24 MEDIUM 6.4 The LeadBI Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_id' parameter of the 'leadbi_form' shortcode in all versions up to, and…
CVE-2026-1127 2026-01-24 MEDIUM 6.1 The Timeline Event History plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `id` parameter in all versions up to, and including, 3.2 due to insufficient…
CVE-2026-1098 2026-01-24 MEDIUM 6.4 The CM CSS Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' shortcode attribute in all versions up to, and including, 1.2.1 due to…
CVE-2026-0800 2026-01-24 HIGH 7.2 The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in…
CVE-2026-0687 2026-01-24 MEDIUM 4.3 The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mb_gallery' custom post type in all versions…
CVE-2026-0633 2026-01-24 LOW 3.7 The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including,…
CVE-2025-15516 2026-01-24 MEDIUM 4.3 The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_callback_store_user_meta() function in versions 4.1.0 to…
CVE-2025-14907 2026-01-24 MEDIUM 4.3 The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification…
CVE-2025-14630 2026-01-24 MEDIUM 4.3 The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation…
CVE-2025-13205 2026-01-24 MEDIUM 4.3 The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in…
CVE-2025-13194 2026-01-24 MEDIUM 4.3 The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in…
CVE-2025-13139 2026-01-24 MEDIUM 4.3 The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due…
CVE-2026-1257 2026-01-24 HIGH 7.5 The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'get_template' shortcode.…
CVE-2026-1103 2026-01-24 MEDIUM 5.4 The AIKTP plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization checks on the /aiktp/getToken REST API endpoint in all versions up to,…
CVE-2026-1099 2026-01-24 MEDIUM 6.4 The Administrative Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'login' and 'logout' shortcode attributes in all versions up to, and including, 0.3.4 due…
CVE-2026-1097 2026-01-24 MEDIUM 6.4 The ThemeRuby Multi Authors – Assign Multiple Writers to Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after' shortcode attributes in all…
CVE-2026-1095 2026-01-24 MEDIUM 6.4 The Canto Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fx' shortcode attribute in all versions up to, and including, 1.0 due to insufficient…
CVE-2026-1088 2026-01-24 MEDIUM 4.3 The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation…
CVE-2026-1084 2026-01-24 MEDIUM 4.4 The Cookie consent for developers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple settings fields in all versions up to, and including, 1.7.1 due to…
CVE-2026-1081 2026-01-24 MEDIUM 4.3 The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce…
CVE-2026-1076 2026-01-24 MEDIUM 4.3 The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation…
CVE-2026-1075 2026-01-24 MEDIUM 4.3 The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on…
CVE-2026-1070 2026-01-24 MEDIUM 4.3 The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation…
CVE-2026-0807 2026-01-24 HIGH 7.2 The Frontis Blocks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.6. This is due to insufficient restriction on the…
CVE-2026-0806 2026-01-24 MEDIUM 4.9 The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the…
CVE-2025-14985 2026-01-24 MEDIUM 6.4 The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alpha_block_css’ parameter in all versions up to, and including, 1.5.0 due to insufficient input…
CVE-2025-14941 2026-01-24 MEDIUM 6.4 The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. This is due to missing…
CVE-2025-14906 2026-01-24 MEDIUM 4.3 The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce…
CVE-2025-14903 2026-01-24 MEDIUM 4.3 The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on…
CVE-2025-14843 2026-01-24 MEDIUM 5.3 The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a…
CVE-2025-14797 2026-01-24 MEDIUM 5.4 The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This…
CVE-2025-14629 2026-01-24 MEDIUM 5.3 The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'delete_file' function in all versions up…
CVE-2025-14609 2026-01-24 MEDIUM 5.3 The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the…
CVE-2025-13676 2026-01-24 MEDIUM 6.1 The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and…
CVE-2025-13374 2026-01-24 CRITICAL 9.8 The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalrav_upload_file AJAX action in all versions up…
CVE-2025-12836 2026-01-24 MEDIUM 6.4 The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field in versions up to, and including, 1.2.20 due…
CVE-2026-24649 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24648 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24647 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24646 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24645 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24644 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24643 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24642 2026-01-24 N/A 0.0 Rejected reason: Not used
CVE-2026-24469 2026-01-24 HIGH 7.5 C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest…
CVE-2026-24422 2026-01-24 MEDIUM 5.3 phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The…
CVE-2026-24420 2026-01-24 MEDIUM 6.5 phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive…
CVE-2025-13952 2026-01-24 N/A 0.0 A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader…
CVE-2026-24421 2026-01-24 MEDIUM 6.5 phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions.…
« Anterior Página 48 de 3917 Siguiente »