Vulnerabilidades CVE

Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD

Total: 15,533 CVEs

CVE ID	CVSS	Severidad	KEV	Publicado
CVE-2025-49338 Missing Authorization vulnerability in Flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through 1.1.5.	5.3	MEDIUM	—	12/31/2025
CVE-2025-49356 Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: ...	4.3	MEDIUM	—	12/31/2025
CVE-2025-59130 Cross-Site Request Forgery (CSRF) vulnerability in Appointify allows Cross Site Request Forgery.This issue affects Appointify: from n/a through 1.0.8.	4.3	MEDIUM	—	12/31/2025
CVE-2025-59136 Insertion of Sensitive Information Into Sent Data vulnerability in Efí Bank Gerencianet Oficial allows Retrieve Embedded Sensitive Data.This issue affects Gerencianet Oficial: from n/a through 3.1.3.	5.3	MEDIUM	—	12/31/2025
CVE-2025-62079 Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Ta...	5.3	MEDIUM	—	12/31/2025
CVE-2025-62080 Cross-Site Request Forgery (CSRF) vulnerability in Channelize.Io Team Live Shopping & Shoppable Videos For WooCommerce allows Cross Site Request Forgery.This issue affects Live Shopping & Shoppable Vi...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62084 Cross-Site Request Forgery (CSRF) vulnerability in Imdad Next Web iNext Woo Pincode Checker allows Cross Site Request Forgery.This issue affects iNext Woo Pincode Checker: from n/a through 2.3.1.	4.3	MEDIUM	—	12/31/2025
CVE-2025-62087 Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Notes for WP Dash...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62089 Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack allows Cross Site Request Forgery.This issue affects Mergado Pack: from n/a through 4.2.0.	4.3	MEDIUM	—	12/31/2025
CVE-2025-62092 Missing Authorization vulnerability in Wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through 1.4.99.	5.3	MEDIUM	—	12/31/2025
CVE-2025-62114 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcelo Torres Download Media Library allows Retrieve Embedded Sensitive Data.This issue affects Download Me...	5.3	MEDIUM	—	12/31/2025
CVE-2025-62116 Missing Authorization vulnerability in Quadlayers AI Copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through 1.4.7.	5.3	MEDIUM	—	12/31/2025
CVE-2025-62122 Missing Authorization vulnerability in Solwininfotech Trash Duplicate and 301 Redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trash Duplicate and 30...	5.3	MEDIUM	—	12/31/2025
CVE-2025-62126 Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Caching: fro...	5.3	MEDIUM	—	12/31/2025
CVE-2025-62129 Missing Authorization vulnerability in Magnigenie RestroPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through 3.2.4.2.	5.3	MEDIUM	—	12/31/2025
CVE-2025-62130 Missing Authorization vulnerability in WPdiscover Accordion Slider Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider Gallery: from n/a...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62131 Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a throug...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62132 Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a throug...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62133 Cross-Site Request Forgery (CSRF) vulnerability in Manidoraisamy FormFacade allows Cross Site Request Forgery.This issue affects FormFacade: from n/a through 1.4.1.	4.3	MEDIUM	—	12/31/2025
CVE-2025-62143 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: f...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62148 Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.Txt rewrite allows Cross Site Request Forgery.This issue affects Robots.Txt rewrite: from n/a through 1.6.1.	4.3	MEDIUM	—	12/31/2025
CVE-2025-62150 Missing Authorization vulnerability in Themesawesome History Timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects History Timeline: from n/a through 1.0....	4.3	MEDIUM	—	12/31/2025
CVE-2025-62154 Missing Authorization vulnerability in Recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One allows Exploiting Incorrectly Configured Access Control Security Levels...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62747 Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: fro...	5.3	MEDIUM	—	12/31/2025
CVE-2025-62751 Missing Authorization vulnerability in Extend Themes Vireo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vireo: from n/a through 1.0.24.	4.3	MEDIUM	—	12/31/2025
CVE-2025-62755 Unauthenticated Broken Access Control in GS Portfolio for Envato <= 1.4.2 versions.	5.3	MEDIUM	—	12/31/2025
CVE-2025-63004 Missing Authorization vulnerability in Skynet Technologies USA LLC All in One Accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All in One Access...	4.3	MEDIUM	—	12/31/2025
CVE-2025-63014 Cross-Site Request Forgery (CSRF) vulnerability in Serhii Pasyuk Gmedia Photo Gallery allows Cross Site Request Forgery.This issue affects Gmedia Photo Gallery: from n/a through 1.24.1.	4.3	MEDIUM	—	12/31/2025
CVE-2025-63040 Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11.	4.3	MEDIUM	—	12/31/2025
CVE-2025-49339 Missing Authorization vulnerability in Digages Direct Payments WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Direct Payments WP: from n/a through 1.3.0.	4.3	MEDIUM	—	12/31/2025
CVE-2025-49340 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: fr...	4.3	MEDIUM	—	12/31/2025
CVE-2025-49352 Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This...	4.3	MEDIUM	—	12/31/2025
CVE-2025-59138 Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request Forgery.This issue affects Genemy: from n/a through 1.6.6.	4.9	MEDIUM	—	12/31/2025
CVE-2025-62078 Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Upload Files Duri...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62083 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah BoomDevs WordPress Coming Soon Plugin allows Retrieve Embedded Sensitive Data.This issue affects ...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62088 Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCom...	5.4	MEDIUM	—	12/31/2025
CVE-2025-62099 Missing Authorization vulnerability in Approveme Signature Add-On for Gravity Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Signature Add-On for Grav...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62101 Cross-Site Request Forgery (CSRF) vulnerability in Omid Shamloo Pardakht Delkhah allows Cross Site Request Forgery.This issue affects Pardakht Delkhah: from n/a through 3.0.0.	4.3	MEDIUM	—	12/31/2025
CVE-2025-62113 Cross-Site Request Forgery (CSRF) vulnerability in emendo_seb Co-marquage service-public.Fr allows Cross Site Request Forgery.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.77.	4.3	MEDIUM	—	12/31/2025
CVE-2025-62115 Missing Authorization vulnerability in ThemeBoy Hide Plugins allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hide Plugins: from n/a through 1.0.4.	4.3	MEDIUM	—	12/31/2025
CVE-2025-62123 Cross-Site Request Forgery (CSRF) vulnerability in Ink themes WP Gmail SMTP allows Cross Site Request Forgery.This issue affects WP Gmail SMTP: from n/a through 1.0.7.	4.3	MEDIUM	—	12/31/2025
CVE-2025-62874 Missing Authorization vulnerability in Alexander AnyComment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyComment: from n/a through 0.3.6.	4.3	MEDIUM	—	12/31/2025
CVE-2025-63021 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetipi Valenti Engine allows DOM-Based XSS.This issue affects Valenti Engine: from n/a through 1...	6.5	MEDIUM	—	12/31/2025
CVE-2025-63038 Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin In...	4.3	MEDIUM	—	12/31/2025
CVE-2025-66155 Missing Authorization vulnerability in merkulove Questionar for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a ...	5.4	MEDIUM	—	12/31/2025
CVE-2025-66156 Missing Authorization vulnerability in merkulove Watcher for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watcher for Elementor: from n/a throug...	5.4	MEDIUM	—	12/31/2025
CVE-2025-66157 Missing Authorization vulnerability in merkulove Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider for Elementor: from n/a through ...	5.4	MEDIUM	—	12/31/2025
CVE-2025-66158 Missing Authorization vulnerability in merkulove Gmaper for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gmaper for Elementor: from n/a through ...	5.4	MEDIUM	—	12/31/2025
CVE-2025-66159 Missing Authorization vulnerability in merkulove Walker for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Walker for Elementor: from n/a through ...	5.4	MEDIUM	—	12/31/2025
CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	8.8	HIGH	KEV	1/13/2026

Pagina 65 de 311

Anterior Siguiente

This product uses data from the NVD API but is not endorsed or certified by the NVD.