Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-62613	2025-10-22	N/A	0.0	VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting (XSS)…
CVE-2025-62612	2025-10-22	N/A	0.0	FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF…
CVE-2025-60224	2025-10-22	MEDIUM	6.5	Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through
CVE-2025-60222	2025-10-22	MEDIUM	6.5	Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through
CVE-2025-60221	2025-10-22	MEDIUM	6.5	Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through
CVE-2025-60220	2025-10-22	HIGH	8.2	Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through
CVE-2025-60217	2025-10-22	MEDIUM	5.3	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ypromo PT Luxa Addons pt-luxa-addons allows Path Traversal.This issue affects PT Luxa Addons: from n/a…
CVE-2025-60216	2025-10-22	MEDIUM	5.3	Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through
CVE-2025-60215	2025-10-22	MEDIUM	5.3	Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object Injection.This issue affects Kriya: from n/a through
CVE-2025-60211	2025-10-22	MEDIUM	5.3	Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields:…
CVE-2025-60210	2025-10-22	MEDIUM	6.5	Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through
CVE-2025-60209	2025-10-22	HIGH	8.2	Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets:…
CVE-2025-60208	2025-10-22	MEDIUM	5.3	Cross-Site Request Forgery (CSRF) vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages:…
CVE-2025-60206	2025-10-22	HIGH	8.2	Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through
CVE-2025-60176	2025-10-22	MEDIUM	6.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tattersoftware WP Tesseract wp-tesseract allows Stored XSS.This issue affects WP Tesseract: from n/a through
CVE-2025-60168	2025-10-22	MEDIUM	5.3	Cross-Site Request Forgery (CSRF) vulnerability in integrationshotelrunner HotelRunner Booking Widget hotelrunner allows Stored XSS.This issue affects HotelRunner Booking Widget: from n/a through
CVE-2025-60151	2025-10-22	HIGH	7.5	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through
CVE-2025-60135	2025-10-22	MEDIUM	6.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NIKITAS GEORGOPOULOS WeShare Buttons e-mailit allows Stored XSS.This issue affects WeShare Buttons: from n/a through
CVE-2025-60134	2025-10-22	MEDIUM	5.3	Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Media Categories wp-media-categories allows Cross Site Request Forgery.This issue affects WP Media Categories: from n/a through
CVE-2025-59578	2025-10-22	HIGH	7.5	Insertion of Sensitive Information Into Sent Data vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects ShopMagic: from n/a through
CVE-2025-52741	2025-10-22	CRITICAL	9.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barry Kooij Post Connector post-connector allows Reflected XSS.This issue affects Post Connector: from n/a through
CVE-2025-49907	2025-10-22	HIGH	8.2	Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through
CVE-2025-49906	2025-10-22	MEDIUM	5.3	Missing Authorization vulnerability in StellarWP WPComplete wpcomplete allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPComplete: from n/a through
CVE-2025-49903	2025-10-22	MEDIUM	5.3	Missing Authorization vulnerability in bdthemes ZoloBlocks zoloblocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ZoloBlocks: from n/a through
CVE-2025-49901	2025-10-22	MEDIUM	6.5	Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows Authentication Abuse.This issue affects Simple Link Directory: from n/a through < 14.8.1.
CVE-2025-49899	2025-10-22	MEDIUM	5.3	Missing Authorization vulnerability in jjlemstra Whydonate wp-whydonate allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Whydonate: from n/a through
CVE-2025-49380	2025-10-22	MEDIUM	5.3	Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through
CVE-2025-49378	2025-10-22	MEDIUM	6.5	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through
CVE-2025-49377	2025-10-22	HIGH	7.5	Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through
CVE-2025-49376	2025-10-22	HIGH	7.5	Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through
CVE-2025-49374	2025-10-22	MEDIUM	5.3	Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through
CVE-2025-49937	2025-10-22	N/A	0.0	Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from…
CVE-2025-49936	2025-10-22	N/A	0.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue affects WoodMart: from n/a through < 8.3.2.
CVE-2025-49935	2025-10-22	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects WoodMart: from…
CVE-2025-49934	2025-10-22	N/A	0.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetBlocks For Elementor jet-blocks allows Stored XSS.This issue affects JetBlocks For Elementor: from n/a through
CVE-2025-49933	2025-10-22	N/A	0.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetBlog jet-blog allows Reflected XSS.This issue affects JetBlog: from n/a through
CVE-2025-49932	2025-10-22	N/A	0.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetBlog jet-blog allows Stored XSS.This issue affects JetBlog: from n/a through
CVE-2025-49931	2025-10-22	N/A	0.0	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrocoBlock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through
CVE-2025-49930	2025-10-22	N/A	0.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetSearch jet-search allows Reflected XSS.This issue affects JetSearch: from n/a through
CVE-2025-49929	2025-10-22	N/A	0.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ultimate Blocks Ultimate Blocks ultimate-blocks allows Stored XSS.This issue affects Ultimate Blocks: from n/a through
CVE-2025-49928	2025-10-22	N/A	0.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetWooBuilder jet-woo-builder allows DOM-Based XSS.This issue affects JetWooBuilder: from n/a through
CVE-2025-49927	2025-10-22	N/A	0.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrocoBlock JetWooBuilder jet-woo-builder allows Stored XSS.This issue affects JetWooBuilder: from n/a through
CVE-2025-49926	2025-10-22	N/A	0.0	Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through
CVE-2025-49925	2025-10-22	N/A	0.0	Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through
CVE-2025-49924	2025-10-22	N/A	0.0	Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through
CVE-2025-49923	2025-10-22	N/A	0.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows DOM-Based XSS.This issue affects Seriously Simple Podcasting: from n/a…
CVE-2025-49922	2025-10-22	N/A	0.0	Missing Authorization vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPeMatico RSS Feed Fetcher: from n/a through
CVE-2025-49921	2025-10-22	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CrocoBlock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from…
CVE-2025-49920	2025-10-22	N/A	0.0	Missing Authorization vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Web Accessibility By accessiBe: from n/a through
CVE-2025-49917	2025-10-22	N/A	0.0	Server-Side Request Forgery (SSRF) vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Server Side Request Forgery.This issue affects Icegram Express Pro: from n/a through

« Anterior Página 720 de 4303 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte