Vulnerabilidades CVE

Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD

Total: 16,792 CVEs

CVE ID	CVSS	Severidad	KEV	Publicado
CVE-2026-32598 OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log...	6.5	MEDIUM	—	3/13/2026
CVE-2026-32597 PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array li...	7.5	HIGH	—	3/13/2026
CVE-2026-32543 Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsiv...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32487 Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page:...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32486 Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a ...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32462 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Mas...	5.9	MEDIUM	—	3/13/2026
CVE-2026-32461 Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simpl...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32460 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting I...	6.5	MEDIUM	—	3/13/2026
CVE-2026-32459 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects Ups...	8.5	HIGH	—	3/13/2026
CVE-2026-32458 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <...	7.6	HIGH	—	3/13/2026
CVE-2026-32457 Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access C...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32456 Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1.	4.3	MEDIUM	—	3/13/2026
CVE-2026-32455 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MD...	6.5	MEDIUM	—	3/13/2026
CVE-2026-32454 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a th...	6.5	MEDIUM	—	3/13/2026
CVE-2026-32453 Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32452 Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a thr...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32451 Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a thr...	6.3	MEDIUM	—	3/13/2026
CVE-2026-32450 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DO...	6.5	MEDIUM	—	3/13/2026
CVE-2026-32449 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event...	6.5	MEDIUM	—	3/13/2026
CVE-2026-32448 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.T...	6.5	MEDIUM	—	3/13/2026
CVE-2026-32447 Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through...	4.3	MEDIUM	—	3/13/2026
CVE-2026-32446 Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPFor...	4.3	MEDIUM	—	3/13/2026
CVE-2026-32445 Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builde...	2.7	LOW	—	3/13/2026
CVE-2026-32443 Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooComm...	6.5	MEDIUM	—	3/13/2026
CVE-2026-32442 Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15.	4.3	MEDIUM	—	3/13/2026
CVE-2026-32440 Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1.	5.3	MEDIUM	—	3/13/2026
CVE-2026-32439 Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.14...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32438 Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education: ...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32437 Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= 1...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32436 Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a throug...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32435 Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4....	5.3	MEDIUM	—	3/13/2026
CVE-2026-32434 Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4.	5.3	MEDIUM	—	3/13/2026
CVE-2026-32433 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This...	8.5	HIGH	—	3/13/2026
CVE-2026-32432 Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Ti...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32431 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bul...	6.5	MEDIUM	—	3/13/2026
CVE-2026-32430 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.Th...	6.5	MEDIUM	—	3/13/2026
CVE-2026-32429 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue a...	6.5	MEDIUM	—	3/13/2026
CVE-2026-32428 Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32427 Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from n...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32426 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This i...	7.5	HIGH	—	3/13/2026
CVE-2026-32425 Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32424 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n...	6.5	MEDIUM	—	3/13/2026
CVE-2026-32423 Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin a...	5.4	MEDIUM	—	3/13/2026
CVE-2026-32422 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP Easy...	8.5	HIGH	—	3/13/2026
CVE-2026-32421 Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a throug...	5.3	MEDIUM	—	3/13/2026
CVE-2026-32420 Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through <= 7.6.6.	5.4	MEDIUM	—	3/13/2026
CVE-2026-32419 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects Li...	5.9	MEDIUM	—	3/13/2026
CVE-2026-32418 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: f...	7.6	HIGH	—	3/13/2026
CVE-2026-32417 Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through < 1.18.9.	5.4	MEDIUM	—	3/13/2026
CVE-2026-32416 Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.	5.4	MEDIUM	—	3/13/2026

Pagina 169 de 336

Anterior Siguiente

This product uses data from the NVD API but is not endorsed or certified by the NVD.