Vulnerabilidades CVE

Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD

Total: 334,542 CVEs

CVE ID	CVSS	Severidad	KEV	Publicado
CVE-2025-30793 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Property Hive Houzez Property Feed houzez-property-feed allows Path Traversal.This issue affects Houzez ...	7.5	HIGH	—	4/1/2025
CVE-2025-30794 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Event Tickets event-tickets allows Reflected XSS.This issue affects Event Tickets: from ...	7.1	HIGH	—	4/1/2025
CVE-2025-30796 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issu...	7.1	HIGH	—	4/1/2025
CVE-2025-30797 Missing Authorization vulnerability in bigdrop.gr Greek Multi Tool – Fix peralinks, accents, auto create menus and more greek-multi-tool allows Exploiting Incorrectly Configured Access Control Securit...	7.5	HIGH	—	4/1/2025
CVE-2025-30798 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API better-wlm-api allows Reflected XSS.This issue affects Better Wi...	7.1	HIGH	—	4/1/2025
CVE-2025-30802 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPBean Our Team Members our-team-members.This issue affects Our Team Members: from n/a through <= 2.2.	4.3	MEDIUM	—	4/1/2025
CVE-2025-30827 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from ...	7.1	HIGH	—	4/1/2025
CVE-2025-30834 Path Traversal: '.../...//' vulnerability in Bit Apps Bit Assist bit-assist allows Path Traversal.This issue affects Bit Assist: from n/a through <= 1.5.4.	7.5	HIGH	—	4/1/2025
CVE-2025-30837 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristiano Zanca WooCommerce Fattureincloud woo-fattureincloud allows Reflected XSS.This issue affe...	7.1	HIGH	—	4/1/2025
CVE-2025-30840 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary xili-dictionary allows Reflected XSS.This issue affects xil...	7.1	HIGH	—	4/1/2025
CVE-2025-30848 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.	7.1	HIGH	—	4/1/2025
CVE-2025-30849 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclu...	8.1	HIGH	—	4/1/2025
CVE-2025-30869 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Parakoos Image Wall image-wall allows Reflected XSS.This issue affects Image Wall: from n/a throug...	7.1	HIGH	—	4/1/2025
CVE-2025-30870 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclus...	8.1	HIGH	—	4/1/2025
CVE-2025-30876 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows SQL Injection.This issue affects Ads b...	9.3	CRITICAL	—	4/1/2025
CVE-2025-30878 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a t...	8.6	HIGH	—	4/1/2025
CVE-2025-30880 Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through ...	7.5	HIGH	—	4/1/2025
CVE-2025-30882 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JoomSky JS Help Desk js-support-ticket allows Path Traversal.This issue affects JS Help Desk: from n/a t...	7.5	HIGH	—	4/1/2025
CVE-2025-30886 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows SQL Injection.This issue affects JS Help Desk: from ...	9.3	CRITICAL	—	4/1/2025
CVE-2025-30901 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This iss...	8.1	HIGH	—	4/1/2025
CVE-2025-30902 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ATL Software SRL AEC Kiosque aec-kiosque allows Reflected XSS.This issue affects AEC Kiosque: from...	7.1	HIGH	—	4/1/2025
CVE-2025-30910 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CreativeMindsSolutions CM Download Manager cm-download-manager allows Path Traversal.This issue affects ...	8.6	HIGH	—	4/1/2025
CVE-2025-30911 Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4.	9.9	CRITICAL	—	4/1/2025
CVE-2025-30917 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham SKU Generator for WooCommerce sku-for-woocommerce allows Reflected XSS.This issue affects ...	7.1	HIGH	—	4/1/2025
CVE-2025-30924 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects...	7.1	HIGH	—	4/1/2025
CVE-2025-30926 Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons.This issue affects King Addons for Elementor: from n/a through <= 24.12.58.	4.3	MEDIUM	—	4/1/2025
CVE-2025-30971 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xavi Ivars XV Random Quotes xv-random-quotes allows SQL Injection.This issue affects XV Random Quo...	9.3	CRITICAL	—	4/1/2025
CVE-2025-31024 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in randyjensen RJ Quickcharts rj-quickcharts allows SQL Injection.This issue affects RJ Quickcharts: ...	8.5	HIGH	—	4/1/2025
CVE-2025-31074 Deserialization of Untrusted Data vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Object Injection.This issue affects Mobile DJ Manager: from n/a through <= 1.7.5.2.	8.8	HIGH	—	4/1/2025
CVE-2025-31084 Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Object Injection.This issue affects Sunshine Photo Cart: from n/a through <= 3.4.10.	9.8	CRITICAL	—	4/1/2025
CVE-2025-31087 Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce different-shipping-and-billing-address-for-woocommerce allows Object Injection...	9.8	CRITICAL	—	4/1/2025
CVE-2025-31095 Authentication Bypass Using an Alternate Path or Channel vulnerability in Hossein Material Dashboard material-dashboard allows Authentication Bypass.This issue affects Material Dashboard: from n/a thr...	9.8	CRITICAL	—	4/1/2025
CVE-2025-31415 Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2.	7.6	HIGH	—	4/1/2025
CVE-2025-31408 Missing Authorization vulnerability in Zoho Flow Zoho Flow zoho-flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through <= 2.13.3.	4.3	MEDIUM	—	4/1/2025
CVE-2025-31730 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DigitalCourt Marketer Addons marketer-addons allows Stored XSS.This issue affects Marketer Addons:...	6.5	MEDIUM	—	4/1/2025
CVE-2025-31731 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Philip John Author Bio Shortcode author-bio-shortcode allows Stored XSS.This issue affects Author ...	6.5	MEDIUM	—	4/1/2025
CVE-2025-31732 Missing Authorization vulnerability in gb-plugins GB Gallery Slideshow gb-gallery-slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GB Gallery Slides...	4.3	MEDIUM	—	4/1/2025
CVE-2025-31733 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boot Div WP Sitemap wpsitemap allows Stored XSS.This issue affects WP Sitemap: from n/a through <=...	6.5	MEDIUM	—	4/1/2025
CVE-2025-31734 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Simple Post Expiration simple-post-expiration allows DOM-Based XSS.This issue affects ...	6.5	MEDIUM	—	4/1/2025
CVE-2025-31735 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in C. Johnson Footnotes for WordPress footnotes-for-wordpress allows Stored XSS.This issue affects Fo...	6.5	MEDIUM	—	4/1/2025
CVE-2025-31737 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dxladner Client Showcase client-showcase allows Stored XSS.This issue affects Client Showcase: fro...	6.5	MEDIUM	—	4/1/2025
CVE-2025-31738 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yazamodeveloper LeadQuizzes leadquizzes allows Stored XSS.This issue affects LeadQuizzes: from n/a...	6.5	MEDIUM	—	4/1/2025
CVE-2025-31740 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aThemeArt News, Magazine and Blog Elements news-magazine-and-blog-elements allows Stored XSS.This ...	6.5	MEDIUM	—	4/1/2025
CVE-2025-31741 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filtr8 Easy Magazine filtr8-magazine allows DOM-Based XSS.This issue affects Easy Magazine: from n...	6.5	MEDIUM	—	4/1/2025
CVE-2025-31742 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixelDima Dima Take Action dima-take-action allows Stored XSS.This issue affects Dima Take Action:...	5.9	MEDIUM	—	4/1/2025
CVE-2025-31743 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpszaki Lightweight and Responsive Youtube Embed lightweight-and-responsive-youtube-embed allows S...	6.5	MEDIUM	—	4/1/2025
CVE-2025-31744 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpszaki Lightweight and Responsive Youtube Embed lightweight-and-responsive-youtube-embed allows S...	6.5	MEDIUM	—	4/1/2025
CVE-2025-31745 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arni Cinco Subscription Form for Feedblitz feedblitz-email-subscription allows Stored XSS.This iss...	6.5	MEDIUM	—	4/1/2025
CVE-2025-31747 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in milan.latinovic WP Chrono wp-chrono allows DOM-Based XSS.This issue affects WP Chrono: from n/a th...	6.5	MEDIUM	—	4/1/2025
CVE-2025-31748 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpopal Opal Portfolio opal-portfolios allows Stored XSS.This issue affects Opal Portfolio: from n/...	6.5	MEDIUM	—	4/1/2025

Pagina 292 de 6691

Anterior Siguiente

This product uses data from the NVD API but is not endorsed or certified by the NVD.