Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-13680 The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user->... | 8.8 | HIGH | β | 0 |
| CVE-2025-3784 Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attack... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-7820 The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to Payment Bypass in all versions up to, and including, 1.4. This is due to the plugin only enforcing client side controls instead of ... | 7.5 | HIGH | β | 0 |
| CVE-2025-12123 The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due to in... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-12185 The StaffList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escapin... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-13143 The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This is due to missing or insuffic... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-13525 The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order_by' parameter in all versions up to, and including, 1.4.5 due to insufficient input sanitizatio... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-13157 The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.7 via the 'qode_wishlist_for_woocommerce_wishlist_tab... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13441 The Hide Category by User Role for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.1. This is due to a missing capability check on the... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13536 The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. This is due to the plugin va... | 8.8 | HIGH | β | 0 |
| CVE-2025-12584 The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the 'wqv_popup_content' AJAX endpoint due to insufficient res... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13378 The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.0 via the ays_chatgpt_pinecone_upse... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-13381 The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'ays_chatgpt_save_wp_media' function in all ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-30186 Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfilt... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-30190 Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensi... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-59025 Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has b... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-59026 Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfilt... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-58307 UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.4 | MEDIUM | β | 0 |
| CVE-2025-10476 The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_db_fix_callback() function in all versions up to, and includi... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-59890 Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access toΒ execute unauthorized code... | 7.3 | HIGH | β | 0 |
| CVE-2025-59302 In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is found in the following APIs which are accessible only to admins. * quotaTariffCreate * quotaTari... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-59454 In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While the... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-12971 The Folders β Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability c... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-12140 The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters... | N/A | NONE | β | 0 |
| CVE-2025-51735 CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. | 7.5 | HIGH | β | 0 |
| CVE-2025-13692 The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitiza... | 7.2 | HIGH | β | 0 |
| CVE-2025-12419 Mattermost versions 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12, 11.0.x <= 11.0.3 fail to properly validate OAuth state tokens during OpenID Connect authentication which allows an authen... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-13757 SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8. | 8.8 | HIGH | β | 0 |
| CVE-2025-13758 Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8. | 3.5 | LOW | β | 0 |
| CVE-2025-13765 Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-58309 Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 6.8 | MEDIUM | β | 0 |
| CVE-2025-12559 Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-12421 Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication f... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-3261 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2025-13338 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2025-66359 An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability. | 8.5 | HIGH | β | 0 |
| CVE-2025-66360 An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to pri... | 8.8 | HIGH | β | 0 |
| CVE-2025-66361 An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-58294 Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 6.2 | MEDIUM | β | 0 |
| CVE-2025-58303 UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability. | 8.4 | HIGH | β | 0 |
| CVE-2025-58310 Permission control vulnerability in the distributed component. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 8.0 | HIGH | β | 0 |
| CVE-2025-58312 Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.1 | MEDIUM | β | 0 |
| CVE-2025-58314 Vulnerability of accessing invalid memory in the component driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 6.6 | MEDIUM | β | 0 |
| CVE-2025-58315 Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.5 | MEDIUM | β | 0 |
| CVE-2025-58316 DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability. | 7.3 | HIGH | β | 0 |
| CVE-2025-64311 Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.1 | MEDIUM | β | 0 |
| CVE-2025-64313 Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-64314 Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may affect confidentiality. | 9.3 | CRITICAL | β | 0 |
| CVE-2025-13737 The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validatio... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-58302 Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 8.4 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.