Vulnerabilidades CVE

Base de dados CVE enriquecida com CISA KEV e NVD

Total: 333,918 CVEs

CVE ID	CVSS	Severidade	KEV	Publicado
CVE-2026-24362 Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n...	6.4	MEDIUM	—	3/25/2026
CVE-2026-24363 Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects W...	7.5	HIGH	—	3/25/2026
CVE-2025-62938 Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reoon Email...	4.3	MEDIUM	—	10/27/2025
CVE-2025-62941 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Events Maker by dFactory events-maker allows Stored XSS.This issue affects Events Maker b...	6.5	MEDIUM	—	10/27/2025
CVE-2025-62942 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tempranova WP Mapbox GL JS Maps wp-mapbox-gl-js allows Stored XSS.This issue affects WP Mapbox GL ...	6.5	MEDIUM	—	10/27/2025
CVE-2025-62943 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt McInvale Next Page, Not Next Post next-page-not-next-post allows Stored XSS.This issue affect...	6.5	MEDIUM	—	10/27/2025
CVE-2026-24969 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Instant VA instantva allows Path Traversal.This issue affects Instant VA: from n/a throug...	7.7	HIGH	—	3/25/2026
CVE-2026-24968 Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through <= 7.1.0.30.	9.8	CRITICAL	—	3/25/2026
CVE-2026-23349 In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix condition effect bit clearing As reported by MPDarkGuy on discord, NULL pointer dereferences were happening becaus...	5.5	MEDIUM	—	3/25/2026
CVE-2025-62944 Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTER mstw-csv-exporter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MSTW CSV EXPORTER: ...	5.3	MEDIUM	—	10/27/2025
CVE-2025-62945 Cross-Site Request Forgery (CSRF) vulnerability in Eduard Pinuaga Linares Did Prestashop Display did-prestashop-display allows Stored XSS.This issue affects Did Prestashop Display: from n/a through <=...	7.1	HIGH	—	10/27/2025
CVE-2025-62946 Missing Authorization vulnerability in everestthemes Everest Backup everest-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Everest Backup: from n/a t...	5.3	MEDIUM	—	10/27/2025
CVE-2026-23353 In the Linux kernel, the following vulnerability has been resolved: ice: fix crash in ethtool offline loopback test Since the conversion of ice to page pool, the ethtool loopback test crashes: BUG...	5.5	MEDIUM	—	3/25/2026
CVE-2025-62947 Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.5.	5.0	MEDIUM	—	10/27/2025
CVE-2025-62952 Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through <= 7.7.3.	4.3	MEDIUM	—	10/27/2025
CVE-2025-62953 Missing Authorization vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/...	4.3	MEDIUM	—	10/27/2025
CVE-2025-62954 Missing Authorization vulnerability in rsocial Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a thr...	4.3	MEDIUM	—	10/27/2025
CVE-2025-62956 Cross-Site Request Forgery (CSRF) vulnerability in iseremet Reloadly reloadly-topup-widget allows Stored XSS.This issue affects Reloadly: from n/a through <= 2.0.1.	7.1	HIGH	—	10/27/2025
CVE-2025-62957 Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through <= 1.0.0.	7.1	HIGH	—	10/27/2025
CVE-2025-62962 Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio CloudSearch cloud-search allows Stored XSS.This issue affects CloudSearch: from n/a through <= 3.0.0.	7.1	HIGH	—	10/27/2025
CVE-2025-62964 Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a...	5.3	MEDIUM	—	10/27/2025
CVE-2025-62965 Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Manage...	5.5	MEDIUM	—	10/27/2025
CVE-2025-62966 Missing Authorization vulnerability in Apiki GoCache gocache-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoCache: from n/a through <= 1.3.6.	5.4	MEDIUM	—	10/27/2025
CVE-2025-62970 Missing Authorization vulnerability in Spencer Haws Link Whisper Free link-whisper allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/...	5.3	MEDIUM	—	10/27/2025
CVE-2025-62975 Cross-Site Request Forgery (CSRF) vulnerability in raychat Raychat raychat allows Cross Site Request Forgery.This issue affects Raychat: from n/a through <= 2.2.1.	4.3	MEDIUM	—	10/27/2025
CVE-2025-62976 Missing Authorization vulnerability in Joovii Sendle Shipping official-sendle-shipping-method allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sendle Shipping: from n...	5.3	MEDIUM	—	10/27/2025
CVE-2025-62977 Missing Authorization vulnerability in 沃之涛百度站长SEO合集(支持百度/神马/Bing/头条推送) baiduseo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 百度站长SEO合集(支持百度/神马/Bing/头条推送): from n...	5.3	MEDIUM	—	10/27/2025
CVE-2025-62978 Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through <=...	4.3	MEDIUM	—	10/27/2025
CVE-2025-62980 Missing Authorization vulnerability in MDZ Persian Admnin Fonts persian-admin-fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Persian Admnin Fonts: fro...	5.4	MEDIUM	—	10/27/2025
CVE-2025-62981 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Phishing.This issue affects WP Gravity Forms Zoho CRM and Bigin: from ...	4.7	MEDIUM	—	10/27/2025
CVE-2025-62982 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dyn...	5.9	MEDIUM	—	10/27/2025
CVE-2025-62988 Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Templates slider-templates allows Server Side Request Forgery.This issue affects Slider Templates: from n/a through <= 1.0.3.	4.9	MEDIUM	—	10/27/2025
CVE-2025-52764 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in marielav flexoslider flexoslider allows Reflected XSS.This issue affects flexoslider: from n/a thr...	7.1	HIGH	—	11/6/2025
CVE-2025-53214 Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier-certificates-open-badges allows Exploiting Incorrectly Configured Access Control Security Levels.This iss...	6.5	MEDIUM	—	11/6/2025
CVE-2025-53239 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bnovotny User Registration Aide user-registration-aide allows Reflected XSS.This issue affects Use...	7.1	HIGH	—	11/6/2025
CVE-2025-53245 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Afzal Multani WP Logo Changer am-login-logo allows Stored XSS.This issue affects WP Logo Changer: ...	7.1	HIGH	—	11/6/2025
CVE-2025-53246 Missing Authorization vulnerability in Gaurav Aggarwal Backup and Move backup-and-move allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup and Move: from ...	6.5	MEDIUM	—	11/6/2025
CVE-2025-53252 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Zegen zegen allows PHP Local File Inclusion.This issue affects Zegen...	7.5	HIGH	—	11/6/2025
CVE-2025-53286 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhainey Milevis Dropify wc-dropi-integration allows Reflected XSS.This issue affects Dropify: from...	7.1	HIGH	—	11/6/2025
CVE-2025-53316 Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel WP GDPR Cookie Consent wp-gdpr-cookie-consent allows Stored XSS.This issue affects WP GDPR Cookie Consent: from n/a through <= 1.0.0.	7.1	HIGH	—	11/6/2025
CVE-2025-53324 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeYatri Gutenify gutenify allows Stored XSS.This issue affects Gutenify: from n/a through <= 1.5...	7.1	HIGH	—	11/6/2025
CVE-2025-53574 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ptibogxiv Doliconnect doliconnect allows Reflected XSS.This issue affects Doliconnect: from n/a th...	7.1	HIGH	—	11/6/2025
CVE-2025-53585 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme WeMusic noo-wemusic allows Reflected XSS.This issue affects WeMusic: from n/a through <= ...	7.1	HIGH	—	11/6/2025
CVE-2025-53586 Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic allows Object Injection.This issue affects WeMusic: from n/a through <= 1.9.1.	8.8	HIGH	—	11/6/2025
CVE-2025-60188 Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= ...	7.5	HIGH	—	11/6/2025
CVE-2025-60190 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hinnerk Altenburg Immocaster WordPress Plugin immocaster allows PHP Local File ...	8.1	HIGH	—	11/6/2025
CVE-2026-24987 Missing Authorization vulnerability in activity-log.com WP System Log winterlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP System Log: from n/a thro...	6.5	MEDIUM	—	3/25/2026
CVE-2026-24980 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Visionary Core noo-visionary-core allows Reflected XSS.This issue affects Visionary Core:...	7.1	HIGH	—	3/25/2026
CVE-2026-24981 Deserialization of Untrusted Data vulnerability in NooTheme Visionary Core noo-visionary-core allows Object Injection.This issue affects Visionary Core: from n/a through <= 1.4.9.	8.8	HIGH	—	3/25/2026
CVE-2025-60191 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist all...	7.5	HIGH	—	11/6/2025

Pagina 288 de 6679

Anterior Proximo

This product uses data from the NVD API but is not endorsed or certified by the NVD.