octubre 2024 - Página 133 de 160

6 Oct 2024

CVE-2024-47650

Título es

CVE-2024-47650

Dom, 06/10/2024 – 13:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-47650

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1.

06/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/wp-webauthn/wordpress-wp-webauthn-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

6 Oct 2024

CVE-2024-47350

Título es

CVE-2024-47350

Dom, 06/10/2024 – 13:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-47350

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Ajax Search allows SQL Injection.This issue affects YITH WooCommerce Ajax Search: from n/a through 2.8.0.

06/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

9.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://patchstack.com/database/vulnerability/yith-woocommerce-ajax-search/wordpress-yith-woocommerce-ajax-search-plugin-2-8-0-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

6 Oct 2024

CVE-2024-47338

Título es

CVE-2024-47338

Dom, 06/10/2024 – 13:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-47338

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExpertsio WPExperts Square For GiveWP allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through 1.3.

06/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.60

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/wpexperts-square-for-give/wordpress-wpexperts-square-for-givewp-plugin-1-3-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

6 Oct 2024

CVE-2024-45252

Título es

CVE-2024-45252

Dom, 06/10/2024 – 13:15

Tipo

CWE-78

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-45252

Descripción en

Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

06/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://www.gov.il/en/Departments/faq/cve_advisories

Enviar en el boletín

Off

6 Oct 2024

CVE-2024-47363

Título es

CVE-2024-47363

Dom, 06/10/2024 – 10:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-47363

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.4.

06/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/blockspare/wordpress-blockspare-plugin-3-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

6 Oct 2024

CVE-2024-47360

Título es

CVE-2024-47360

Dom, 06/10/2024 – 10:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-47360

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Booking Algorithms BA Book Everything allows Reflected XSS.This issue affects BA Book Everything: from n/a through 1.6.20.

06/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/ba-book-everything/wordpress-ba-book-everything-plugin-1-6-20-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

6 Oct 2024

CVE-2024-47357

Título es

CVE-2024-47357

Dom, 06/10/2024 – 10:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-47357

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.12.0.

06/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/happy-elementor-addons/wordpress-happy-addons-for-elementor-plugin-3-12-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

6 Oct 2024

CVE-2024-47368

Título es

CVE-2024-47368

Dom, 06/10/2024 – 10:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-47368

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.33.

06/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/premium-blocks-for-gutenberg/wordpress-premium-blocks-plugin-2-1-33-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

6 Oct 2024

CVE-2024-47367

Título es

CVE-2024-47367

Dom, 06/10/2024 – 10:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-47367

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.13.0.

06/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/vulnerability/yith-woocommerce-product-add-ons/wordpress-yith-woocommerce-product-add-ons-plugin-4-13-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

6 Oct 2024

CVE-2024-47366

Título es

CVE-2024-47366

Dom, 06/10/2024 – 10:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-47366

Descripción en

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.6.

06/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/vulnerability/addon-elements-for-elementor-page-builder/wordpress-elementor-addon-elements-plugin-1-13-6-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

Archivos mensuales: octubre 2024