Vulnerabilidades CVE

Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD

Total: 16,999 CVEs

CVE ID	CVSS	Severidad	KEV	Publicado
CVE-2026-4073 The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdflio' shortcode in all versions up to, and including, 1.0.5. This is due to insufficient input sanitization and...	6.4	MEDIUM	—	4/8/2026
CVE-2026-4025 The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the [pc-login-form] shortcode in all versions up to, and including, 1.2...	6.4	MEDIUM	—	4/8/2026
CVE-2026-39716 Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8.	5.3	MEDIUM	—	4/8/2026
CVE-2026-39715 Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39714 Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects G5Plus April: from n/a through <= 6....	5.3	MEDIUM	—	4/8/2026
CVE-2026-39713 Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly C...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39712 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a thr...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39711 Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 \| Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 \| Extensions: ...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39710 Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 \| Extensions rt18-extensions allows Cross Site Request Forgery.This issue affects RT-Theme 18 \| Extensions: from n/a through <= 2....	5.4	MEDIUM	—	4/8/2026
CVE-2026-39709 Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.3...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39708 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elements uicore-elements allows Stored XSS.This issue affects UiCore Elements: from ...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39707 Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-extension allows Exploiting Incorrectly Configured Access Control Security Levels.Th...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39706 Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Make My Trivia: from n/a through...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39705 Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MIPL WC Mult...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39704 Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Co...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39703 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39702 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This ...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39701 Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4.	5.3	MEDIUM	—	4/8/2026
CVE-2026-39700 Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WowOptin: from n/a through <= 1.4.32.	5.3	MEDIUM	—	4/8/2026
CVE-2026-39699 Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Wor...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39698 Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Th...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39697 Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the-new-ai-geo-seo-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issu...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39696 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects ...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39695 Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Request Forgery.This issue affects Podigee: from n/a through <= 1.4.0.	5.4	MEDIUM	—	4/8/2026
CVE-2026-39694 Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sim...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39693 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fesomia FSM Custom Featured Image Caption fsm-custom-featured-image-caption allows DOM-Based XSS.T...	5.9	MEDIUM	—	4/8/2026
CVE-2026-39692 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a ...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39691 Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurrency-donation-box allows Exploiting Incorrectly Configured Access Control Securi...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39690 Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars Li...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39689 Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39688 Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Frontend Profile...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39687 Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapi...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39686 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39685 Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Moneytizer: from n/a throug...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39684 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnTheme OrganicFood organicfood allows PHP Local File Inclusion.This issue affe...	7.5	HIGH	—	4/8/2026
CVE-2026-39683 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Gard...	5.9	MEDIUM	—	4/8/2026
CVE-2026-39682 Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: fro...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39681 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo:...	7.5	HIGH	—	4/8/2026
CVE-2026-39680 Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet C...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39679 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Free...	7.5	HIGH	—	4/8/2026
CVE-2026-39678 Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking Sys...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39677 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Emphires emphires allows PHP Local File Inclusion.This issue a...	7.5	HIGH	—	4/8/2026
CVE-2026-39676 Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a ...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39675 Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from ...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39674 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affect...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39673 Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.20...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39672 Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39671 Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees ...	7.1	HIGH	—	4/8/2026
CVE-2026-39670 Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0.	6.0	MEDIUM	—	4/8/2026
CVE-2026-39669 Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3.	5.3	MEDIUM	—	4/8/2026

Pagina 82 de 340

Anterior Siguiente

This product uses data from the NVD API but is not endorsed or certified by the NVD.