Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-10164 The Premium Packages β Sell Digital Products Securely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmpp_pay_link shortcode in all versions up to, and including,... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-10532 The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtra_import_xml() function in all versions up to, and including, 1.2... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-48035 Unrestricted Upload of File with Dangerous Type vulnerability in takayukii ACF Images Search And Insert acf-images-search-and-insert allows Upload a Web Shell to a Web Server.This issue affects ACF Im... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-49251 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acnoo Maan Addons For Elementor maan-elementor-addons allows Local Code Inclusi... | 7.5 | HIGH | β | 0 |
| CVE-2024-49252 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in VaultDweller Leyka leyka.This issue affects Leyka: from n/a through <= 3.31.6. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-10682 The Announcement & Notification Banner β Bulletin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg and remove_query_arg without appropriate escaping... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-49254 Improper Control of Generation of Code ('Code Injection') vulnerability in sunjianle ajax-extend ajax-extend allows Code Injection.This issue affects ajax-extend: from n/a through <= 1.0. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-10726 The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-49258 Path Traversal: '.../...//' vulnerability in Limbcode WordPress Gallery Plugin β Limb Image Gallery limb-gallery.This issue affects WordPress Gallery Plugin β Limb Image Gallery: from n/a through <= 1... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-49260 Unrestricted Upload of File with Dangerous Type vulnerability in Limbcode WordPress Gallery Plugin β Limb Image Gallery limb-gallery allows Code Injection.This issue affects WordPress Gallery Plugin β... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-49270 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Smart Blocks smart-blocks allows Stored XSS.This issue affects Smart Blocks: from n/a t... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-11370 The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and ... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-11455 The Include Mastodon Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'include-mastodon-feed' shortcode in all versions up to, and including, 1.9.4 due to insuff... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-9111 The Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.36 due to insufficient input sanitization and outp... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-9851 The LSX Tour Operator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.9 due to insufficient input sanitization and outp... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-10832 The Posti Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the account_number and secret_key parameters in all versions up to, and including, 3.10.3 due to insufficien... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-11466 The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 6.5.2 due to insufficient in... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-10879 The ForumWP β Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL i... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-11292 The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possib... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-11444 The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation ... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-11329 The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versi... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-11413 The HostFact bestelformulier integratie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bestelformulier' shortcode in all versions up to, and including, 1.1 due to ... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-11430 The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvn_schart_2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-12406 The Library Management System β Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.2.0 ... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-11755 The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization a... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-11873 The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomex_integration' shortcode in all versions up to, and including, 0.9.1 due to insufficient inpu... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-11889 The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-search' shortcode in all versions up to, and including, 2.1.1 due to insufficien... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-12219 The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-9503 The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option',... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-49266 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thimo Grauerholz WP-Spreadplugin wp-spreadplugin allows Cross-Site Scripting (XSS).This issue affe... | 5.9 | MEDIUM | β | 0 |
| CVE-2024-11287 The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.800... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-12066 The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and includ... | 8.8 | HIGH | β | 0 |
| CVE-2024-11437 The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter an... | 4.9 | MEDIUM | β | 0 |
| CVE-2024-12402 The Themes Coder β Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-12557 The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing nonce validation on a function. This makes it p... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-12590 The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and out... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-49267 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nayon46 Unlimited Addon For Elementor unlimited-addon-for-elementor allows Stored XSS.This issue a... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-11465 The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo_... | 7.2 | HIGH | β | 0 |
| CVE-2024-12049 The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order', 'post', and 'idd' parameters in all versions up to, and including, 1.17.11 due to insufficient i... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-12462 The YOGO Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yogo-calendar' shortcode in all versions up to, and including, 1.6.2 due to insufficient input sani... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-9697 The Social Rocket β Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_upda... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-11613 The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-12496 The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linear_block_buy_commissions' shortcode in all versions up to, and including, 2.7.12 due to insufficient ... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-11758 The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and out... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-13449 The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1. T... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-0861 The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user s... | 4.9 | MEDIUM | β | 0 |
| CVE-2024-11583 The Borderless β Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zip... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-13767 The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. Th... | 8.1 | HIGH | β | 0 |
| CVE-2024-13216 The HT Event β WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function i... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-0366 The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible fo... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.