Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-12218 The Woocommerce check pincode/zipcode for shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect non... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-12222 The Deliver via Shipos for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dvsfw_bulk_label_url’ parameter in all versions up to, and including, 2.1.7 due to ... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-12249 The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function in all versions up to, and including,... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-12285 The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘catid’ parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and output... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-12330 The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly ... | 7.5 | HIGH | — | 0 |
| CVE-2024-12394 The Action Network plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. Thi... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-12491 The SimplyRETS Real Estate IDX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sr_search_form' shortcode in all versions up to, and including, 2.11.2 due to insuffi... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-22510 Deserialization of Untrusted Data vulnerability in Konrad Karpieszuk WC Price History for Omnibus allows Object Injection.This issue affects WC Price History for Omnibus: from n/a through 2.1.4. | 7.2 | HIGH | — | 0 |
| CVE-2024-12493 The Files Download Delay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fddwrap' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sa... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12496 The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linear_block_buy_commissions' shortcode in all versions up to, and including, 2.7.12 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12514 The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '3Dvo-model' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanit... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12515 The Muslim Prayer Time-Salah/Iqamah plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Masjid ID parameter in all versions up to, and including, 1.8.8 due to insufficient input ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12542 The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This m... | 8.6 | HIGH | — | 0 |
| CVE-2024-12605 The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to Cross-Site Request For... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-12616 The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-12618 The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.1... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-12621 The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input ... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12819 The Searchie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sio_embed_media' shortcode in all versions up to, and including, 1.17.0 due to insufficient input sanit... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12848 The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. Thi... | 8.8 | HIGH | — | 0 |
| CVE-2024-5769 The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including,... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-24010 An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnera... | 8.2 | HIGH | — | 0 |
| CVE-2023-24011 An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnera... | 8.2 | HIGH | — | 0 |
| CVE-2025-22521 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Farrell wp Hosting Performance Check allows Reflected XSS.This issue affects wp Hosting Perf... | 7.1 | HIGH | — | 0 |
| CVE-2023-24012 An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnera... | 8.2 | HIGH | — | 0 |
| CVE-2024-10106 A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buffer. | 3.7 | LOW | — | 0 |
| CVE-2025-22295 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto allows St... | 7.1 | HIGH | — | 0 |
| CVE-2025-22307 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeAstrology Team Product Table for WooCommerce allows Reflected XSS.This issue affects Product T... | 7.1 | HIGH | — | 0 |
| CVE-2025-22313 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS.This issue affects Widgetize Pages Light: fro... | 7.1 | HIGH | — | 0 |
| CVE-2025-22330 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Waghmare MG Parallax Slider allows Reflected XSS.This issue affects MG Parallax Slider: fro... | 7.1 | HIGH | — | 0 |
| CVE-2025-22331 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in P3JX Cf7Save Extension allows Reflected XSS.This issue affects Cf7Save Extension: from n/a through... | 7.1 | HIGH | — | 0 |
| CVE-2025-22345 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tobias Spiess TS Comfort DB allows Reflected XSS.This issue affects TS Comfort DB: from n/a throug... | 7.1 | HIGH | — | 0 |
| CVE-2025-22361 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Opentracker Opentracker Analytics allows Reflected XSS.This issue affects Opentracker Analytics: f... | 7.1 | HIGH | — | 0 |
| CVE-2025-22504 Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through 0.2.18. | 10.0 | CRITICAL | — | 0 |
| CVE-2025-22505 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nabaraj Chapagain NC Wishlist for Woocommerce allows SQL Injection.This issue affects NC Wishlist ... | 8.5 | HIGH | — | 0 |
| CVE-2025-22802 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – Yee... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22803 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Advanced Product Information for WooCommerce allows Stored XSS.This issue affects Advan... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22804 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Blo... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22805 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePoints Skill Bar allows Stored XSS.This issue affects Skill Bar: from n/a through 1.2. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22807 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Peake Responsive Flickr Slideshow allows Stored XSS.This issue affects Responsive Flickr Sl... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22808 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Surbma Surbma | Premium WP allows DOM-Based XSS.This issue affects Surbma | Premium WP: from n/a t... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22809 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gravity Master PDF Catalog Woocommerce allows DOM-Based XSS.This issue affects PDF Catalog Woocomm... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22810 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CBB Team Content Blocks Builder allows Stored XSS.This issue affects Content Blocks Builder: from ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22811 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modeltheme MT Addons for Elementor allows Stored XSS.This issue affects MT Addons for Elementor: f... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22812 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs News Ticker Widget for Elementor allows Stored XSS.This issue affects News Ticker Widget... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22813 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChatBot for WordPress - WPBot Conversational Forms for ChatBot allows Stored XSS.This issue affect... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22151 Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affect... | 3.7 | LOW | — | 0 |
| CVE-2024-46505 Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | 9.1 | CRITICAL | — | 0 |
| CVE-2024-54724 PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-55494 A PHP Code Injection vulnerability that can lead to Remote Code Execution (RCE) and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted p... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-56113 Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.