Vulnerabilidades CVE

Base de dados CVE enriquecida com CISA KEV e NVD

Total: 333,918 CVEs

CVE ID	CVSS	Severidade	KEV	Publicado
CVE-2025-62142 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicashmu Post Video Players video-playlist-and-gallery-plugin allows Stored XSS.This issue affects...	5.9	MEDIUM	—	12/31/2025
CVE-2025-62144 Missing Authorization vulnerability in Mohammed Kaludi Core Web Vitals & PageSpeed Booster core-web-vitals-pagespeed-booster allows Exploiting Incorrectly Configured Access Control Security Levels.Thi...	5.4	MEDIUM	—	12/31/2025
CVE-2025-62149 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Stored XSS.This issue affects Add Custom Codes: ...	5.9	MEDIUM	—	12/31/2025
CVE-2025-62750 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filipe Seabra WooCommerce Parcelas woocommerce-parcelas allows DOM-Based XSS.This issue affects Wo...	5.9	MEDIUM	—	12/31/2025
CVE-2025-63020 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wayne Allen Postie postie allows Stored XSS.This issue affects Postie: from n/a through <= 1.9.73.	6.5	MEDIUM	—	12/31/2025
CVE-2025-49349 Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from...	5.3	MEDIUM	—	12/31/2025
CVE-2025-62091 Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support serial-codes-generator-and-validator allows Exploiting Incorrectly Configured Access Cont...	5.4	MEDIUM	—	12/31/2025
CVE-2025-62139 Insertion of Sensitive Information Into Sent Data vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows Retrieve Embedded Sensitive Data.This issue affects Terms description...	5.3	MEDIUM	—	12/31/2025
CVE-2025-62145 Missing Authorization vulnerability in NewClarity DMCA Protection Badge dmca-badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: fro...	5.3	MEDIUM	—	12/31/2025
CVE-2025-62147 Missing Authorization vulnerability in nikmelnik Realbig realbig-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through <= 1.1.3.	5.3	MEDIUM	—	12/31/2025
CVE-2025-62888 Missing Authorization vulnerability in Marco Milesi WP Attachments wp-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a th...	5.4	MEDIUM	—	12/31/2025
CVE-2025-63001 Missing Authorization vulnerability in nicdark Hotel Booking nd-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through <= 3....	5.3	MEDIUM	—	12/31/2025
CVE-2006-1708 SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php.	N/A	NONE	—	4/11/2006
CVE-2006-1709 Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters.	N/A	NONE	—	4/11/2006
CVE-2006-1710 SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters.	N/A	NONE	—	4/11/2006
CVE-2006-1711 Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify por...	N/A	NONE	—	4/11/2006
CVE-2006-1712 Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.	N/A	NONE	—	4/11/2006
CVE-2025-63022 Missing Authorization vulnerability in topdevs.net Simple Like Page simple-facebook-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Like Page: ...	5.3	MEDIUM	—	12/31/2025
CVE-2025-63031 Missing Authorization vulnerability in WP Grids EasyTest convertpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through <= 1.0.1.	5.3	MEDIUM	—	12/31/2025
CVE-2025-63053 Authorization Bypass Through User-Controlled Key vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This is...	5.3	MEDIUM	—	12/31/2025
CVE-2025-49338 Missing Authorization vulnerability in Flowbox Flowbox flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through <= 1.1.6.	5.3	MEDIUM	—	12/31/2025
CVE-2025-49356 Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects O...	4.3	MEDIUM	—	12/31/2025
CVE-2025-59130 Cross-Site Request Forgery (CSRF) vulnerability in appointify Appointify appointify allows Cross Site Request Forgery.This issue affects Appointify: from n/a through <= 1.0.8.	4.3	MEDIUM	—	12/31/2025
CVE-2025-59136 Insertion of Sensitive Information Into Sent Data vulnerability in Efí Bank Gerencianet Oficial woo-gerencianet-official allows Retrieve Embedded Sensitive Data.This issue affects Gerencianet Oficial:...	5.3	MEDIUM	—	12/31/2025
CVE-2025-62084 Cross-Site Request Forgery (CSRF) vulnerability in Imdad Next Web iNext Woo Pincode Checker inext-woo-pincode-checker allows Cross Site Request Forgery.This issue affects iNext Woo Pincode Checker: fr...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62087 Missing Authorization vulnerability in Web Builder 143 Sticky Notes for WP Dashboard wb-sticky-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky N...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62089 Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack mergado-marketing-pack allows Cross Site Request Forgery.This issue affects Mergado Pack: from n/a through <= 4.2.1.	4.3	MEDIUM	—	12/31/2025
CVE-2025-62114 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in marcelotorres Download Media Library download-media-library allows Retrieve Embedded Sensitive Data.This iss...	5.3	MEDIUM	—	12/31/2025
CVE-2025-62122 Missing Authorization vulnerability in solwininfotech Trash Duplicate and 301 Redirect trash-duplicate-and-301-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This iss...	5.3	MEDIUM	—	12/31/2025
CVE-2025-62126 Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Cac...	5.3	MEDIUM	—	12/31/2025
CVE-2025-62129 Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3....	5.3	MEDIUM	—	12/31/2025
CVE-2025-62130 Missing Authorization vulnerability in wpdiscover Accordion Slider Gallery accordion-slider-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62131 Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Li...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62132 Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Li...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62133 Cross-Site Request Forgery (CSRF) vulnerability in manidoraisamy FormFacade formfacade allows Cross Site Request Forgery.This issue affects FormFacade: from n/a through <= 1.4.1.	4.3	MEDIUM	—	12/31/2025
CVE-2025-62143 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players video-playlist-and-gallery-plugin allows Retrieve Embedded Sensitive Data.This i...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62148 Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.txt rewrite robotstxt-rewrite allows Cross Site Request Forgery.This issue affects Robots.txt rewrite: from n/a through <= 1.6...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62150 Missing Authorization vulnerability in themesawesome History Timeline timeline-awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects History Timeline: from...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62154 Missing Authorization vulnerability in recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One ai-content-writing-assistant allows Exploiting Incorrectly Configured A...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62747 Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator featured-image-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feat...	5.3	MEDIUM	—	12/31/2025
CVE-2025-62751 Missing Authorization vulnerability in extendthemes Vireo vireo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Vireo: from n/a through <= 1.0.24.	4.3	MEDIUM	—	12/31/2025
CVE-2025-62755 Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio fo...	5.3	MEDIUM	—	12/31/2025
CVE-2025-63004 Missing Authorization vulnerability in Skynet Technologies USA LLC All in One Accessibility all-in-one-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue ...	4.3	MEDIUM	—	12/31/2025
CVE-2025-63014 Cross-Site Request Forgery (CSRF) vulnerability in Serhii Pasyuk Gmedia Photo Gallery grand-media allows Cross Site Request Forgery.This issue affects Gmedia Photo Gallery: from n/a through <= 1.25.0.	4.3	MEDIUM	—	12/31/2025
CVE-2025-63040 Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets post-snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through <= 4.0.11.	4.3	MEDIUM	—	12/31/2025
CVE-2025-62078 Missing Authorization vulnerability in Fahad Mahmood Easy Upload Files During Checkout easy-upload-files-during-checkout allows Exploiting Incorrectly Configured Access Control Security Levels.This is...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62083 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah BoomDevs WordPress Coming Soon coming-soon-by-boomdevs allows Retrieve Embedded Sensitive Data.Th...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62088 Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site wp_scraper allows Server Side Request Forgery.This issue affects WordPre...	5.4	MEDIUM	—	12/31/2025
CVE-2025-62099 Missing Authorization vulnerability in approveme Signature Add-On for Gravity Forms gravity-signature-forms-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af...	4.3	MEDIUM	—	12/31/2025
CVE-2025-62101 Cross-Site Request Forgery (CSRF) vulnerability in Omid Shamloo Pardakht Delkhah pardakht-delkhah allows Cross Site Request Forgery.This issue affects Pardakht Delkhah: from n/a through <= 3.0.0.	4.3	MEDIUM	—	12/31/2025

Pagina 256 de 6679

Anterior Proximo

This product uses data from the NVD API but is not endorsed or certified by the NVD.