Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-14085 2025-12-05 MEDIUM 6.3 A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control…
CVE-2025-12189 2025-12-05 MEDIUM 4.3 The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in…
CVE-2025-6966 2025-12-05 N/A 0.0 NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file…
CVE-2025-13620 2025-12-05 MEDIUM 5.3 The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 3.1.3. This is due to the…
CVE-2025-13739 2025-12-05 MEDIUM 6.4 The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `cryptx` shortcode in all versions up to, and including, 4.0.4 due to insufficient input…
CVE-2025-13682 2025-12-05 MEDIUM 4.4 The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization…
CVE-2025-13678 2025-12-05 MEDIUM 6.4 The Thai Lottery Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `thailottery` shortcode in all versions up to, and including, 2.5. This is due…
CVE-2025-13614 2025-12-05 HIGH 8.1 The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cool_tag_cloud' shortcode in all versions up to, and including, 2.29 due to…
CVE-2025-12879 2025-12-05 HIGH 8.8 The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation…
CVE-2025-12876 2025-12-05 MEDIUM 5.3 The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pto_delete_file AJAX action in…
CVE-2025-12851 2025-12-05 HIGH 8.1 The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.32 via the 'controller' parameter. This makes it…
CVE-2025-13684 2025-12-05 MEDIUM 4.3 The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the ark_rp_options_page…
CVE-2025-12130 2025-12-05 MEDIUM 4.3 The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This…
CVE-2025-13515 2025-12-05 MEDIUM 6.1 The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.1.3 due to insufficient input…
CVE-2025-12850 2025-12-05 HIGH 7.5 The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping…
CVE-2025-12374 2025-12-05 CRITICAL 9.8 The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to authentication bypass in all versions…
CVE-2025-12373 2025-12-05 MEDIUM 4.3 The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
CVE-2025-12355 2025-12-05 MEDIUM 5.3 The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_update_order_status' AJAX endpoint in all versions up to,…
CVE-2025-12354 2025-12-05 MEDIUM 4.3 The Live CSS Preview plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_frontend_save' AJAX endpoint in all versions…
CVE-2025-12186 2025-12-05 MEDIUM 4.4 The Weekly Planner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization…
CVE-2025-12093 2025-12-05 MEDIUM 5.3 The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and…
CVE-2025-66270 2025-12-05 MEDIUM 4.7 The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on…
CVE-2025-32901 2025-12-05 MEDIUM 4.3 In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.
CVE-2025-32900 2025-12-05 MEDIUM 4.3 In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This…
CVE-2025-13860 2025-12-05 MEDIUM 6.4 The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `h_tags` parameter in all versions up to, and including, 1.0.0 due to…
CVE-2025-13625 2025-12-05 MEDIUM 6.1 The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 0.9.2 due to insufficient…
CVE-2025-13623 2025-12-05 MEDIUM 6.1 The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATH_INFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization…
CVE-2025-13622 2025-12-05 MEDIUM 6.1 The Jabbernotification plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATH_INFO in all versions up to, and including, 0.99-RC2 due to insufficient input sanitization…
CVE-2025-13621 2025-12-05 MEDIUM 6.1 The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce…
CVE-2025-13528 2025-12-05 MEDIUM 5.3 The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_export' function in all versions…
CVE-2025-13512 2025-12-05 MEDIUM 6.1 The CoSign Single Signon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 0.3.1 due to insufficient…
CVE-2025-13360 2025-12-05 MEDIUM 4.3 The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce…
CVE-2025-13144 2025-12-05 MEDIUM 4.3 The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation…
CVE-2025-12370 2025-12-05 MEDIUM 4.3 The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that…
CVE-2025-12368 2025-12-05 MEDIUM 6.4 The Sermon Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `sermon-views` shortcode in all versions up to, and including, 2.30.0. This is due to…
CVE-2025-12191 2025-12-05 MEDIUM 5.4 The PDF Catalog for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdfcatalog' AJAX action in all versions up to, and including, 1.1.18 due…
CVE-2025-12190 2025-12-05 MEDIUM 4.3 The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or…
CVE-2025-12181 2025-12-05 HIGH 8.8 The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including,…
CVE-2025-12165 2025-12-05 MEDIUM 4.3 The Webcake – Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webcake_save_config' AJAX endpoint in…
CVE-2025-12163 2025-12-05 MEDIUM 6.4 The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization…
CVE-2025-12154 2025-12-05 HIGH 8.8 The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb() function in all versions up to, and…
CVE-2025-12153 2025-12-05 HIGH 8.8 The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including,…
CVE-2025-12133 2025-12-05 MEDIUM 4.3 The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wp_ajax_eprolo_delete_tracking and wp_ajax_eprolo_save_tracking_data AJAX endpoints in all…
CVE-2025-12128 2025-12-05 MEDIUM 4.3 The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due…
CVE-2025-12124 2025-12-05 MEDIUM 4.4 The FitVids for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.1 due to insufficient input…
CVE-2025-10055 2025-12-05 MEDIUM 4.3 The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce…
CVE-2025-32899 2025-12-05 MEDIUM 4.3 In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over…
CVE-2025-32898 2025-12-05 MEDIUM 4.7 The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04…
CVE-2025-13494 2025-12-05 MEDIUM 5.3 The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP…
CVE-2025-13362 2025-12-05 MEDIUM 4.3 The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on…
« Anterior Página 603 de 4286 Siguiente »