Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-1718 The Claudio Sanches β Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() functio... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-59585 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Recipe penci-recipe allows DOM-Based XSS.This issue affects Penci Recipe: from n... | N/A | NONE | β | 0 |
| CVE-2024-2019 The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbte_render' fu... | 7.5 | HIGH | β | 0 |
| CVE-2024-2382 The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the a... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-3031 The Fluid Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.3 due to insufficient input sanitization and o... | 4.4 | MEDIUM | β | 0 |
| CVE-2024-3230 The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficie... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-3555 The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() f... | 7.2 | HIGH | β | 0 |
| CVE-2024-4462 The Nafeza Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.9 due to insufficient input sanitization and outpu... | 4.4 | MEDIUM | β | 0 |
| CVE-2024-4997 The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it p... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-20886 Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary directory. | 6.2 | MEDIUM | β | 0 |
| CVE-2024-5485 The SureTriggers β Connect All Your Plugins, Apps, Tools & Automate Everything! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Trigger Link shortcode in all version... | 6.4 | MEDIUM | β | 0 |
| CVE-2023-38520 External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-39161 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Discussion Board Discussion Board allows Content Spoofing, Cross-Site Scripting (XSS).This issue affec... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-40557 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in PickPlugins Tabs & Accordion allows Code Injection.This issue affects Tabs & Accordion: from n/a through ... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-40673 : Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-41134 Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through 2.11.3... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-5421 Missing input validation and OS command integration of the input in the utnserver Pro, utnserver ProMAX, INU-100 web-interface allows authenticated command injection.This issue affects utnserver Pro, ... | N/A | NONE | β | 0 |
| CVE-2024-5422 An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.This issue affects ... | N/A | NONE | β | 0 |
| CVE-2023-45009 Improper Restriction of Excessive Authentication Attempts vulnerability in Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 allows Functionality Bypass.This issue affects Captcha/Honeypot ... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-5751 A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.Β | 7.8 | HIGH | β | 0 |
| CVE-2024-5000 An unauthenticated remote attacker can use aΒ malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size. | 7.5 | HIGH | β | 0 |
| CVE-2023-45053 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot β Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue ... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-45635 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-46630 Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): f... | 7.5 | HIGH | β | 0 |
| CVE-2023-47513 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in ARI Soft ARI Stream Quiz allows Code Injection.This issue affects ARI Stream Quiz: from n/a through 1.3.2... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-47769 Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through 6.1.3. | 3.7 | LOW | β | 0 |
| CVE-2023-47818 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS Hide Login: from n... | 3.7 | LOW | β | 0 |
| CVE-2023-48271 Authentication Bypass by Spoofing vulnerability in yonifre Maspik β Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik β Spam blacklist: from n/a ... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-48276 Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-48285 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a thr... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-48335 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login pag... | 3.7 | LOW | β | 0 |
| CVE-2023-48745 Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9. | 5.3 | MEDIUM | β | 0 |
| CVE-2023-48753 Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a throu... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-49741 Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintena... | 3.7 | LOW | β | 0 |
| CVE-2023-49748 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This iss... | 3.7 | LOW | β | 0 |
| CVE-2023-49774 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-49822 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimat... | 3.7 | LOW | β | 0 |
| CVE-2023-49852 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slic... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-37062 Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's syste... | 7.8 | HIGH | β | 0 |
| CVE-2024-37063 A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the bro... | 7.8 | HIGH | β | 0 |
| CVE-2024-37064 Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's sys... | 7.8 | HIGH | β | 0 |
| CVE-2024-37065 Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded. | 7.8 | HIGH | β | 0 |
| CVE-2023-51542 Authentication Bypass by Spoofing vulnerability in WPMU DEV Branda allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Branda: from n/a through 3.4.14. | 5.3 | MEDIUM | β | 0 |
| CVE-2023-52147 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall allows Accessing Functionality Not Properly Constra... | 3.7 | LOW | β | 0 |
| CVE-2023-52176 Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-25600 Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-33560 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.3.8. | 9.0 | CRITICAL | β | 0 |
| CVE-2024-33628 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in XforWooCommerce allows PHP Local File Inclusion.This issue affects XforWooCommerce: from n/a through 2.0... | 8.8 | HIGH | β | 0 |
| CVE-2024-34384 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SinaExtra Sina Extension for Elementor allows PHP Local File Inclusion.This issue affects Sina Extension... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-36077 Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, ... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.