Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-58690
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect allows Stored XSS. This issue affects Doliconnect: from n/a through 9.5.7.
CVE-2025-58689
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tapfiliate Tapfiliate allows Stored XSS. This issue affects Tapfiliate: from n/a through 3.2.2.
CVE-2025-58688
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support allows Stored XSS. This issue affects Casengo Live Chat Support: from n/a through 2.1.4.
CVE-2025-58687
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in WP CMS Ninja Current Age Plugin allows Stored XSS. This issue affects Current Age Plugin: from n/a through 1.6.
CVE-2025-58686
2025-09-22
HIGH
8.5
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quadlayers Perfect Brands for WooCommerce allows SQL Injection. This issue affects Perfect Brands for…
CVE-2025-58685
2025-09-22
MEDIUM
5.3
Missing Authorization vulnerability in cecabank Cecabank WooCommerce Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cecabank WooCommerce Plugin: from n/a through 0.3.4.
CVE-2025-58684
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Logo Showcase allows Stored XSS. This issue affects Logo Showcase: from n/a through 3.0.9.
CVE-2025-58683
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luke Mlsna Last Updated Shortcode allows Stored XSS. This issue affects Last Updated Shortcode: from n/a…
CVE-2025-58682
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timur Kamaev Kama Click Counter allows Stored XSS. This issue affects Kama Click Counter: from n/a…
CVE-2025-58681
2025-09-22
MEDIUM
5.3
Missing Authorization vulnerability in Jürgen Müller Easy Quotes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Quotes: from n/a through 1.2.4.
CVE-2025-58680
2025-09-22
MEDIUM
6.5
Missing Authorization vulnerability in gutentor Gutentor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutentor: from n/a through 3.5.2.
CVE-2025-58679
2025-09-22
MEDIUM
5.3
Missing Authorization vulnerability in AppMySite AppMySite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AppMySite: from n/a through 3.14.0.
CVE-2025-58678
2025-09-22
MEDIUM
6.5
Missing Authorization vulnerability in PickPlugins Accordion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accordion: from n/a through 2.3.14.
CVE-2025-58677
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in puravida1976 ShrinkTheWeb (STW) Website Previews allows Stored XSS. This issue affects ShrinkTheWeb (STW) Website Previews: from n/a through 2.8.5.
CVE-2025-58676
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in extendyourweb HORIZONTAL SLIDER allows Stored XSS. This issue affects HORIZONTAL SLIDER: from n/a through 2.4.
CVE-2025-58675
2025-09-22
MEDIUM
4.3
Cross-Site Request Forgery (CSRF) vulnerability in tryinteract Interact: Embed A Quiz On Your Site allows Cross Site Request Forgery. This issue affects Interact: Embed A Quiz On Your…
CVE-2025-58673
2025-09-22
MEDIUM
5.4
Improper Control of Generation of Code ('Code Injection') vulnerability in Tareq Hasan WP User Frontend allows Code Injection. This issue affects WP User Frontend: from n/a through 4.1.11.
CVE-2025-58672
2025-09-22
MEDIUM
5.4
Missing Authorization vulnerability in Tareq Hasan WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.1.11.
CVE-2025-58671
2025-09-22
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in morganrichards Auction Feed allows Stored XSS. This issue affects Auction Feed: from n/a through 1.1.3.
CVE-2025-58670
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in Shankaranand Maurya WP Content Protection allows Stored XSS. This issue affects WP Content Protection: from n/a through 1.3.
CVE-2025-58669
2025-09-22
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modern Minds Magento 2 WordPress Integration allows Stored XSS. This issue affects Magento 2 WordPress Integration:…
CVE-2025-58668
2025-09-22
MEDIUM
4.3
Missing Authorization vulnerability in VibeThemes WPLMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPLMS : from n/a through 4.970.
CVE-2025-58667
2025-09-22
MEDIUM
5.4
Missing Authorization vulnerability in CridioStudio ListingPro Reviews allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ListingPro Reviews: from n/a through 1.6.
CVE-2025-58666
2025-09-22
MEDIUM
4.3
Missing Authorization vulnerability in Kommo Website Chat Button: Kommo integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Website Chat Button: Kommo integration: from n/a…
CVE-2025-58665
2025-09-22
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tmontg1 Form Generator for WordPress allows Stored XSS. This issue affects Form Generator for WordPress: from…
CVE-2025-58664
2025-09-22
MEDIUM
4.3
Missing Authorization vulnerability in Azizul Hasan Text To Speech TTS Accessibility allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Text To Speech TTS Accessibility: from…
CVE-2025-58663
2025-09-22
MEDIUM
4.3
Missing Authorization vulnerability in Themeum Qubely allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Qubely: from n/a through 1.8.14.
CVE-2025-58662
2025-09-22
HIGH
7.2
Deserialization of Untrusted Data vulnerability in awesomesupport Awesome Support allows Object Injection. This issue affects Awesome Support: from n/a through 6.3.4.
CVE-2025-58661
2025-09-22
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eZee Technosys eZee Online Hotel Booking Engine allows Stored XSS. This issue affects eZee Online Hotel…
CVE-2025-58660
2025-09-22
MEDIUM
5.4
Missing Authorization vulnerability in brandexponents Oshine Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Oshine Core: from n/a through 1.5.5.
CVE-2025-58659
2025-09-22
MEDIUM
5.3
Use of Hard-coded Credentials vulnerability in Essekia Helpie FAQ allows Retrieve Embedded Sensitive Data. This issue affects Helpie FAQ: from n/a through 1.39.
CVE-2025-58658
2025-09-22
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proof Factor LLC Proof Factor – Social Proof Notifications allows Stored XSS. This issue affects Proof…
CVE-2025-58657
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in EdwardBock Grid allows Stored XSS. This issue affects Grid: from n/a through 2.3.1.
CVE-2025-58656
2025-09-22
MEDIUM
5.3
Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Estonian Shipping Methods for WooCommerce: from n/a…
CVE-2025-58655
2025-09-22
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mattia Roccoberton Category Featured Images allows Stored XSS. This issue affects Category Featured Images: from n/a…
CVE-2025-58654
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language allows DOM-Based XSS. This issue affects xili-language: from n/a through 2.21.3.
CVE-2025-58653
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JS Morisset JSM file_get_contents() Shortcode allows Stored XSS. This issue affects JSM file_get_contents() Shortcode: from n/a…
CVE-2025-58652
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Carousel Ultimate allows Stored XSS. This issue affects Carousel Ultimate: from n/a through 1.8.
CVE-2025-58651
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PlayerJS PlayerJS allows DOM-Based XSS. This issue affects PlayerJS: from n/a through 2.24.
CVE-2025-58650
2025-09-22
MEDIUM
5.4
Missing Authorization vulnerability in Syed Balkhi All In One SEO Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects All In One SEO Pack: from…
CVE-2025-58649
2025-09-22
MEDIUM
4.3
Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack allows Retrieve Embedded Sensitive Data. This issue affects All In One SEO…
CVE-2025-58648
2025-09-22
MEDIUM
6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicu Micle Simple JWT Login allows Stored XSS. This issue affects Simple JWT Login: from n/a…
CVE-2025-58647
2025-09-22
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Will.I.am Simple Restaurant Menu allows Stored XSS. This issue affects Simple Restaurant Menu: from n/a through…
CVE-2025-58646
2025-09-22
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chtombleson Mobi2Go allows Stored XSS. This issue affects Mobi2Go: from n/a through 1.0.0.
CVE-2025-58645
2025-09-22
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gravitate Gravitate Automated Tester allows Stored XSS. This issue affects Gravitate Automated Tester: from n/a through…
CVE-2025-58271
2025-09-22
MEDIUM
5.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AnyClip Video Platform AnyClip Luminous Studio allows Stored XSS. This issue affects AnyClip Luminous Studio: from…
CVE-2025-58270
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in NIX Solutions Ltd NIX Anti-Spam Light allows Cross Site Request Forgery. This issue affects NIX Anti-Spam Light: from n/a through 0.0.4.
CVE-2025-58269
2025-09-22
MEDIUM
5.3
Use of Hard-coded Credentials vulnerability in weDevs WP Project Manager allows Retrieve Embedded Sensitive Data. This issue affects WP Project Manager: from n/a through 2.6.25.
CVE-2025-58268
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in WPMK WPMK PDF Generator allows Stored XSS. This issue affects WPMK PDF Generator: from n/a through 1.0.1.
CVE-2025-58267
2025-09-22
HIGH
7.1
Cross-Site Request Forgery (CSRF) vulnerability in Aftabul Islam Stock Message allows Stored XSS. This issue affects Stock Message: from n/a through 1.1.0.
« Anterior
Página 807 de 4304
Siguiente »
Page load link
Go to Top
