Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-68072
2026-01-22
N/A
0.0
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through
CVE-2025-68059
2026-01-22
N/A
0.0
Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through
CVE-2025-68058
2026-01-22
N/A
0.0
Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through
CVE-2025-68057
2026-01-22
N/A
0.0
Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through
CVE-2025-68047
2026-01-22
N/A
0.0
Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through
CVE-2025-68046
2026-01-22
N/A
0.0
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects…
CVE-2025-68041
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codisto Omnichannel for WooCommerce codistoconnect allows Stored XSS.This issue affects Omnichannel for WooCommerce: from n/a through
CVE-2025-68039
2026-01-22
N/A
0.0
Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through
CVE-2025-68035
2026-01-22
N/A
0.0
Insertion of Sensitive Information Into Sent Data vulnerability in tabbyai Tabby Checkout tabby-checkout allows Retrieve Embedded Sensitive Data.This issue affects Tabby Checkout: from n/a through
CVE-2025-68034
2026-01-22
N/A
0.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through
CVE-2025-68030
2026-01-22
N/A
0.0
Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis Blocks frontis-blocks allows Server Side Request Forgery.This issue affects Frontis Blocks: from n/a through
CVE-2025-68027
2026-01-22
N/A
0.0
Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through
CVE-2025-68020
2026-01-22
N/A
0.0
Missing Authorization vulnerability in WANotifier WANotifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WANotifier: from n/a through
CVE-2025-68019
2026-01-22
N/A
0.0
Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through
CVE-2025-68018
2026-01-22
N/A
0.0
Missing Authorization vulnerability in ilmosys Order Listener for WooCommerce woc-order-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Listener for WooCommerce: from n/a through
CVE-2025-68017
2026-01-22
N/A
0.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator:…
CVE-2025-68016
2026-01-22
N/A
0.0
Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For WooCommerce:…
CVE-2025-68015
2026-01-22
N/A
0.0
Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from…
CVE-2025-68013
2026-01-22
N/A
0.0
Missing Authorization vulnerability in cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway Authorize.Net CIM for WooCommerce:…
CVE-2025-68012
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/a through
CVE-2025-68011
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from…
CVE-2025-68010
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in netgsm Netgsm netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through
CVE-2025-68009
2026-01-22
N/A
0.0
Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through
CVE-2025-68008
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through
CVE-2025-68007
2026-01-22
N/A
0.0
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through
CVE-2025-68006
2026-01-22
N/A
0.0
Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through
CVE-2025-68004
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kapil Chugh My Post Order my-posts-order allows Reflected XSS.This issue affects My Post Order: from n/a…
CVE-2025-68003
2026-01-22
N/A
0.0
Missing Authorization vulnerability in renatoatshown Shown Connector shown-connector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shown Connector: from n/a through
CVE-2025-68001
2026-01-22
N/A
0.0
Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a…
CVE-2025-67968
2026-01-22
N/A
0.0
Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM realhomes-crm allows Using Malicious Files.This issue affects Real Homes CRM: from n/a through
CVE-2025-67967
2026-01-22
N/A
0.0
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through
CVE-2025-67966
2026-01-22
N/A
0.0
Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through
CVE-2025-67964
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through
CVE-2025-67963
2026-01-22
N/A
0.0
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ovatheme Movie Booking movie-booking allows Path Traversal.This issue affects Movie Booking: from n/a through
CVE-2025-67961
2026-01-22
N/A
0.0
Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows Server Side Request Forgery.This issue affects WPO365: from n/a through
CVE-2025-67960
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through
CVE-2025-67959
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout workscout allows Reflected XSS.This issue affects WorkScout: from n/a through
CVE-2025-67958
2026-01-22
N/A
0.0
Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through
CVE-2025-67957
2026-01-22
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP Listivo Core listivo-core allows PHP Local File Inclusion.This issue affects Listivo…
CVE-2025-67956
2026-01-22
N/A
0.0
Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through
CVE-2025-67955
2026-01-22
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP MyHome Core myhome-core allows PHP Local File Inclusion.This issue affects MyHome…
CVE-2025-67954
2026-01-22
N/A
0.0
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system:…
CVE-2025-67953
2026-01-22
N/A
0.0
Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through
CVE-2025-67952
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a through < 5.6.2.
CVE-2025-67949
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 94.3.6.
CVE-2025-67947
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through
CVE-2025-67946
2026-01-22
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from…
CVE-2025-67945
2026-01-22
N/A
0.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue affects MailerLite – WooCommerce…
CVE-2025-67944
2026-01-22
N/A
0.0
Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through
CVE-2025-67943
2026-01-22
N/A
0.0
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through
« Anterior
Página 65 de 3922
Siguiente »
Page load link
Go to Top
