Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-51472 Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. | 9.8 | CRITICAL | โ | 0 |
| CVE-2023-51477 Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60. | 9.8 | CRITICAL | โ | 0 |
| CVE-2010-1573 Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitra... | 9.8 | CRITICAL | โ | 0 |
| CVE-2023-51425 Improper Privilege Management vulnerability in Jacques Malgrange Rencontre โ Dating Site allows Privilege Escalation.This issue affects Rencontre โ Dating Site: from n/a through 3.10.1. | 9.8 | CRITICAL | โ | 0 |
| CVE-2024-32444 Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6. | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-49417 Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action Woo-product-multiaction allows Object Injection.This issue affects WooCommerce Product Multi-Action:... | 9.8 | CRITICAL | โ | 0 |
| CVE-2024-7493 The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_u... | 9.8 | CRITICAL | โ | 0 |
| CVE-2024-6220 The ็ฎๆฐ้้ๅจ (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.... | 9.8 | CRITICAL | โ | 0 |
| CVE-2026-35490 changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. I... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-23970 Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through <= 6.1. | 9.8 | CRITICAL | โ | 0 |
| CVE-2026-33816 Memory-safety vulnerability in github.com/jackc/pgx/v5. | 9.8 | CRITICAL | โ | 0 |
| CVE-2024-36057 Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-9967 The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.7. This is due to the plugin not properly valid... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-49422 Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through <= 1.9. | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-49890 Deserialization of Untrusted Data vulnerability in ThemeREX Organic Beauty organic-beauty allows Object Injection.This issue affects Organic Beauty: from n/a through <= 1.4.6. | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-13329 The File Uploader for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the callback function for the 'add-image-data' REST API endpoint i... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-52836 Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through <= 2.... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-32658 Deserialization of Untrusted Data vulnerability in wpWax HelpGent helpgent allows Object Injection.This issue affects HelpGent: from n/a through <= 2.2.5. | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-53299 Deserialization of Untrusted Data vulnerability in ThemeMakers ThemeMakers Visual Content Composer tmm_content_composer allows Object Injection.This issue affects ThemeMakers Visual Content Composer: ... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-10850 The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fb_ajax_login_or_register' func... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-32648 Incorrect Privilege Assignment vulnerability in Projectopia Projectopia projectopia-core allows Privilege Escalation.This issue affects Projectopia: from n/a through <= 5.1.24. | 9.8 | CRITICAL | โ | 0 |
| CVE-2024-8485 The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validatio... | 9.8 | CRITICAL | โ | 0 |
| CVE-2019-25568 Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwri... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-53580 Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: f... | 9.8 | CRITICAL | โ | 0 |
| CVE-2024-8353 The GiveWP โ Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-54014 Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Object Injection.This issue affects MediCenter - Health Medical Clinic: from n/a th... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-8570 The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 t... | 9.8 | CRITICAL | โ | 0 |
| CVE-2026-31271 megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthen... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-12673 The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_qr_code() function in all versions up to, and including, 1.2.7... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-12374 The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login โ User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, ... | 9.8 | CRITICAL | โ | 0 |
| CVE-2017-20227 JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boun... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-13313 The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication che... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-54713 Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows Authentication Abuse.This issue affects T... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-32926 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Path Traversal.This issue affects Grand Restaurant: f... | 9.8 | CRITICAL | โ | 0 |
| CVE-2026-39324 Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryp... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-9114 The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting ... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-27007 Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82. | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-47581 Deserialization of Untrusted Data vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Object Injection.This issue affects WordPress Events Calendar Registrat... | 9.8 | CRITICAL | โ | 0 |
| CVE-2019-25614 Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized paylo... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-9113 The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' function in all versions up to, and including, 1... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-5821 The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-30973 Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS coschool allows Object Injection.This issue affects CoSchool LMS: from n/a through <= 1.4.3. | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-30949 Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram site-chat-on-telegram allows Object Injection.This issue affects Site Chat on Telegram: from n/a through <= 1.0.4. | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-32486 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through <= 1.4.6. | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-12813 The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parameter. This is due to a lack of sanitizatio... | 9.8 | CRITICAL | โ | 0 |
| CVE-2024-9863 The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for t... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-8898 The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.0. This is due to the plugin ... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-39406 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPAMS apartment-management allows PHP Local File Inclusion.This issue ... | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-49401 Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.0. | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-49388 Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Privilege Escalation.This issue affects Miraculous Core Plugin: from n/a through <= 2.0.7. | 9.8 | CRITICAL | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.