Vulnerabilidades CVE

Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD

Total: 332,852 CVEs

CVE ID	CVSS	Severidad	KEV	Publicado
CVE-2026-39692 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a ...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39691 Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Securi...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39690 Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars Li...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39689 Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n...	N/A	NONE	—	4/8/2026
CVE-2026-39688 Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39687 Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapi...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39686 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF...	N/A	NONE	—	4/8/2026
CVE-2026-39685 Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Moneytizer: from n/a throug...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39684 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnTheme OrganicFood organicfood allows PHP Local File Inclusion.This issue affe...	7.5	HIGH	—	4/8/2026
CVE-2026-39683 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Gard...	5.9	MEDIUM	—	4/8/2026
CVE-2026-39682 Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: fro...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39681 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo:...	7.5	HIGH	—	4/8/2026
CVE-2026-39680 Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet C...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39679 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Free...	7.5	HIGH	—	4/8/2026
CVE-2026-39678 Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking Sys...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39677 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Emphires emphires allows PHP Local File Inclusion.This issue a...	7.5	HIGH	—	4/8/2026
CVE-2026-39676 Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a ...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39675 Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from ...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39674 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affect...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39673 Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39672 Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39671 Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees ...	7.1	HIGH	—	4/8/2026
CVE-2026-39670 Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0.	6.0	MEDIUM	—	4/8/2026
CVE-2026-39669 Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3.	5.3	MEDIUM	—	4/8/2026
CVE-2026-39668 Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39667 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a thr...	5.9	MEDIUM	—	4/8/2026
CVE-2026-39666 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39665 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Friend...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39664 Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2.	5.3	MEDIUM	—	4/8/2026
CVE-2026-39663 Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: f...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39662 Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security L...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39660 Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a thro...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39659 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	N/A	NONE	—	4/8/2026
CVE-2026-39658 Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panda...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39657 Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n/...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39656 Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommerc...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39654 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows DOM-Based XSS.This issue affects...	N/A	NONE	—	4/8/2026
CVE-2026-39653 Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This iss...	4.3	MEDIUM	—	4/8/2026
CVE-2026-39652 Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: from...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39651 Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a th...	6.3	MEDIUM	—	4/8/2026
CVE-2026-39650 Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: f...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39649 Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through <= 2.2...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39648 Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7.	5.3	MEDIUM	—	4/8/2026
CVE-2026-39647 Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 Au...	5.4	MEDIUM	—	4/8/2026
CVE-2026-39646 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through ...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39645 Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Server Side Request Forgery.This issue affects GlobalPayments WooComme...	5.4	MEDIUM	—	4/8/2026
CVE-2026-39644 Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from ...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39643 Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This is...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39641 Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4.	6.5	MEDIUM	—	4/8/2026
CVE-2026-39640 Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2.	9.6	CRITICAL	—	4/8/2026

Pagina 69 de 6658

Anterior Siguiente

This product uses data from the NVD API but is not endorsed or certified by the NVD.