Vulnerabilidades CVE

Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD

Total: 6,103 CVEs

CVE ID	CVSS	Severidad	KEV	Publicado
CVE-2026-39484 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.	4.7	MEDIUM	—	4/8/2026
CVE-2026-39486 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download ...	7.6	HIGH	—	4/8/2026
CVE-2026-39487 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a ...	7.6	HIGH	—	4/8/2026
CVE-2026-39488 Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2.	6.3	MEDIUM	—	4/8/2026
CVE-2026-39495 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This...	8.5	HIGH	—	4/8/2026
CVE-2026-39496 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a throug...	7.6	HIGH	—	4/8/2026
CVE-2026-39497 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Blind SQL Injection.This issue affects FOX: fr...	7.6	HIGH	—	4/8/2026
CVE-2026-39500 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This ...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39501 Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FOX: from n/a through <= ...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39504 Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a thro...	5.4	MEDIUM	—	4/8/2026
CVE-2026-39505 Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects S...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39506 Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine (Pro): from n/a thr...	4.3	MEDIUM	—	4/8/2026
CVE-2026-39508 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allow...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39510 Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Se...	2.7	LOW	—	4/8/2026
CVE-2026-39516 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue a...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39517 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Filter blog-filter allows DOM-Based XSS.This issue affects Blog Filter: from n/a th...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39521 Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through <= 4.3.1.	4.9	MEDIUM	—	4/8/2026
CVE-2026-39526 Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n...	5.4	MEDIUM	—	4/8/2026
CVE-2026-39536 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Management rsvp allows Retrieve Embedded Sensitive Data.This issue affects RSVP and ...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39538 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Mikado Core mikado-core allows PHP Local File Inclusion.This issu...	7.5	HIGH	—	4/8/2026
CVE-2026-39541 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a ...	5.9	MEDIUM	—	4/8/2026
CVE-2026-39542 Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder fo...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39544 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affect...	7.5	HIGH	—	4/8/2026
CVE-2026-39561 Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.7.	5.3	MEDIUM	—	4/8/2026
CVE-2026-39562 Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client In...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39563 Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a thr...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39564 Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo C...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39565 Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpTravelly: from n/a th...	4.3	MEDIUM	—	4/8/2026
CVE-2026-39566 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects Direc...	4.0	MEDIUM	—	4/8/2026
CVE-2026-39569 Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeti...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39570 Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting L...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39571 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a ...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39572 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retr...	4.0	MEDIUM	—	4/8/2026
CVE-2026-39575 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Custom Query Blocks post-type-archive-mapping allows DOM-Based XSS.This issue affec...	6.5	MEDIUM	—	4/8/2026
CVE-2026-39585 Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booktics: from n/a through <= 1.0.16.	5.3	MEDIUM	—	4/8/2026
CVE-2026-39586 Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a throug...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39588 Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39592 Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/...	4.3	MEDIUM	—	4/8/2026
CVE-2026-39603 Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography allows Cross Site Request Forgery.This issue affects Grand Photography: from n/a through <= 5.7.8.	5.4	MEDIUM	—	4/8/2026
CVE-2026-39605 Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39606 Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizReview: from n/a through <= 1.5.13...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39607 Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter Plus: from n/a through <= 1.1.17...	5.4	MEDIUM	—	4/8/2026
CVE-2026-39608 Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iPOSpays Gateways W...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39609 Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0....	5.3	MEDIUM	—	4/8/2026
CVE-2026-39610 Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through <= ...	5.3	MEDIUM	—	4/8/2026
CVE-2026-39611 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes KuteShop kuteshop allows PHP Local File Inclusion.This issue affects...	7.5	HIGH	—	4/8/2026
CVE-2026-39612 Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9.	5.3	MEDIUM	—	4/8/2026
CVE-2026-39613 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue af...	7.5	HIGH	—	4/8/2026
CVE-2026-39614 Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordP...	5.4	MEDIUM	—	4/8/2026
CVE-2026-39616 Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue ...	5.3	MEDIUM	—	4/8/2026

Pagina 29 de 123

Anterior Siguiente

This product uses data from the NVD API but is not endorsed or certified by the NVD.