Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-4279 The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due to i... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4280 The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwp_ajax_form AJAX endpoint lacking both authorization c... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-4353 The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the `cihub_metadata` shortcode in all versions up to, and including, 1.2.106 due to ins... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-5748 The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ts` shortcode in all versions up to, and including, 0.0.1 due to insufficient input sanitization a... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-5767 The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `slideShowProSC` shortcode in all versions up to, and including, 1.0.2 due to insufficient input ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-5820 The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 1.0.6. This is due to the front-end TOC rende... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-6041 The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' (buzz_comments_avatar_image) setting in all versions up to, and including, 0.9.4. This ... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-6235 The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manage_admin_requests' function in all versions up to, and including, 1.0.20. This is due to the plugi... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6246 The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'container_right_width' attribute of the 'simple_random_posts' shortcode in all versions up ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-6294 The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing nonce validation in the gpdisplay_option() func... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6396 The Fast & Fancy Filter β 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce verification in the saveFields() funct... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1395 The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider block's block_id attribute in all versions up to, and including, 1.1.3. This is due to insufficient... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1913 The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login_link shortcode in all versions up to, and including, 2.6.4 due to insufficient inp... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1930 The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page_options_ajax_disconnect() function in all versions up to, and includ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-58922 Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-3673 An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpo... | N/A | NONE | β | 0 |
| CVE-2025-15551 The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check.Β A... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-3407 A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes he... | 3.3 | LOW | β | 0 |
| CVE-2026-3409 A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.exec_module of the file /api/v1/serve/awel/flow/import of the component ... | 7.3 | HIGH | β | 0 |
| CVE-2026-3132 The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMA_Widget_Admin::render_preview'. This is du... | 8.8 | HIGH | β | 0 |
| CVE-2026-3180 The Contest Gallery β Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the βcgLostPasswordEmailβ and the βcgl_mailβ parameter in all... | 7.5 | HIGH | β | 0 |
| CVE-2026-2583 The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `blocksy_meta` metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1336 The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the store_data() and get... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1566 The LatePoint β Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is d... | 8.8 | HIGH | β | 0 |
| CVE-2026-1487 The LatePoint β Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insuffici... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-2269 The Uncanny Automator β Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3... | 7.2 | HIGH | β | 0 |
| CVE-2026-2448 The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes it possible for au... | 8.8 | HIGH | β | 0 |
| CVE-2026-2628 The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthe... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1492 The User Registration & Membership β Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-12345 A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent... | 8.8 | HIGH | β | 0 |
| CVE-2026-3465 A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the ar... | 3.1 | LOW | β | 0 |
| CVE-2026-1273 The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites β PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.8 via the `/ultp/v... | 7.2 | HIGH | β | 0 |
| CVE-2026-1651 The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflow_ids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1945 The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb_user_name' and 'wpb_user_email' parameters in all versions up to, and including, 1.0.8 due to insufficient i... | 7.2 | HIGH | β | 0 |
| CVE-2026-1980 The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get_customer_list' route in all versions up to, and including, 1.0.8. This ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-2289 The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and output escap... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-2292 The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input sanitization and outpu... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-2363 The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'order_by' attribute of the [wpmem_user_membership_posts] shortcode in all versions up to, and including, 3... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-2732 The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versi... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-7337 The JS Help Desk β AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix... | 7.5 | HIGH | β | 0 |
| CVE-2026-1706 The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitizat... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-1674 The Gutena Forms β Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-2355 The My Calendar β Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template` attribute of the `[my_calendar_upcoming]` shortcode in all versions up t... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-3056 The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all ve... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-2365 The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_save_data` AJAX action in all versions up to, and including, 6.1.17. This is due to... | 7.2 | HIGH | β | 0 |
| CVE-2026-2899 The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the `deleteFile()` method in the `Uploader` cl... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-3034 The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link URL parameters in all versions up... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-3523 The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 22.1.0. This is due to a flawed logical operator in the type vali... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-53335 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Berger berger allows PHP Local File Inclusion.This issue affects Berge... | 8.1 | HIGH | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.