Vulnerabilidades CVE

Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD

Total: 16,222 CVEs

CVE ID	CVSS	Severidad	KEV	Publicado
CVE-2025-67994 Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= 3...	7.5	HIGH	—	2/20/2026
CVE-2025-67995 Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injection.This issue affects PatioTime: from n/a through < 2.1.	9.8	CRITICAL	—	2/20/2026
CVE-2025-67996 Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through < 1.2.6.	9.8	CRITICAL	—	2/20/2026
CVE-2025-67997 Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7.	9.8	CRITICAL	—	2/20/2026
CVE-2025-67998 Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a ...	8.8	HIGH	—	2/20/2026
CVE-2025-68000 Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/...	6.5	MEDIUM	—	2/20/2026
CVE-2025-68002 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 100plugins Open User Map open-user-map allows Path Traversal.This issue affects Open User Map: from n/a ...	6.5	MEDIUM	—	2/20/2026
CVE-2025-68005 Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a t...	6.5	MEDIUM	—	2/20/2026
CVE-2025-68021 Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a throug...	6.5	MEDIUM	—	2/20/2026
CVE-2026-22408 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Justicia justicia allows PHP Local File Inclusion.This issue affe...	8.1	HIGH	—	3/5/2026
CVE-2026-22410 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dolcino dolcino allows PHP Local File Inclusion.This issue affect...	8.1	HIGH	—	3/5/2026
CVE-2025-69405 Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum \| Books & Media Store lorem-ipsum-books-media-store allows Object Injection.This issue affects Lorem Ipsum \| Books & Media Store...	9.8	CRITICAL	—	2/20/2026
CVE-2025-69406 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX FreightCo freightco allows PHP Local File Inclusion.This issue affects...	8.1	HIGH	—	2/20/2026
CVE-2025-68022 Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin ...	6.3	MEDIUM	—	2/20/2026
CVE-2025-69407 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affe...	8.1	HIGH	—	2/20/2026
CVE-2025-68023 Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This...	6.5	MEDIUM	—	2/20/2026
CVE-2025-69408 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes HealthFirst healthfirst allows PHP Local File Inclusion.This issu...	8.1	HIGH	—	2/20/2026
CVE-2025-68024 Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – ...	6.5	MEDIUM	—	2/20/2026
CVE-2025-69409 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes PJ \| Life & Business Coaching pj allows PHP Local File Inclusion.Th...	8.1	HIGH	—	2/20/2026
CVE-2025-69410 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Belletrist belletrist allows PHP Local File Inclusion.This issue af...	8.1	HIGH	—	2/20/2026
CVE-2025-68025 Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects...	6.5	MEDIUM	—	2/20/2026
CVE-2025-68026 Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1...	6.5	MEDIUM	—	2/20/2026
CVE-2026-22412 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Eona eona allows PHP Local File Inclusion.This issue affects Eona...	8.1	HIGH	—	3/5/2026
CVE-2025-68028 Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4W...	6.5	MEDIUM	—	2/20/2026
CVE-2026-22356 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue a...	7.5	HIGH	—	2/20/2026
CVE-2026-22357 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper F...	7.1	HIGH	—	2/20/2026
CVE-2025-68031 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزو...	7.1	HIGH	—	2/20/2026
CVE-2026-22361 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes A-Mart a-mart allows PHP Local File Inclusion.This issue affects A-...	8.1	HIGH	—	2/20/2026
CVE-2025-68032 Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced ...	6.5	MEDIUM	—	2/20/2026
CVE-2025-68037 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atlas Gondal Export Media URLs export-media-urls allows Reflected XSS.This issue affects Export Me...	7.1	HIGH	—	2/20/2026
CVE-2025-68042 Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a thro...	6.5	MEDIUM	—	2/20/2026
CVE-2025-68043 Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3...	7.3	HIGH	—	2/20/2026
CVE-2025-68048 Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite...	7.5	HIGH	—	2/20/2026
CVE-2025-68050 Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through <= 1.1.3.	6.5	MEDIUM	—	2/20/2026
CVE-2025-68051 Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket...	7.4	HIGH	—	2/20/2026
CVE-2025-68069 Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.	7.1	HIGH	—	2/20/2026
CVE-2025-68495 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a throug...	7.1	HIGH	—	2/20/2026
CVE-2026-22362 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion.This issue affect...	8.1	HIGH	—	2/20/2026
CVE-2025-68501 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This i...	7.1	HIGH	—	2/20/2026
CVE-2025-68514 Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels...	6.5	MEDIUM	—	2/20/2026
CVE-2025-68526 Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1.	8.8	HIGH	—	2/20/2026
CVE-2026-22363 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rhodos rhodos allows PHP Local File Inclusion.This issue affects Rh...	8.1	HIGH	—	2/20/2026
CVE-2026-22413 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Malgré malgre allows PHP Local File Inclusion.This issue affects ...	8.1	HIGH	—	3/5/2026
CVE-2026-22364 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue af...	8.1	HIGH	—	2/20/2026
CVE-2025-68531 Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons f...	8.8	HIGH	—	2/20/2026
CVE-2025-68534 Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a ...	6.5	MEDIUM	—	2/20/2026
CVE-2025-68536 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from...	8.1	HIGH	—	2/20/2026
CVE-2025-68539 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from...	8.1	HIGH	—	2/20/2026
CVE-2025-68541 Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through <= 1.2.0.	9.8	CRITICAL	—	2/20/2026
CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	8.8	HIGH	KEV	1/13/2026

Pagina 4 de 325

Anterior Siguiente

This product uses data from the NVD API but is not endorsed or certified by the NVD.