diciembre 2024 - Página 153 de 153

1 Dic 2024

CVE-2024-53747

Título es

CVE-2024-53747

Dom, 01/12/2024 – 22:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-53747

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NuttTaro Video Player for WPBakery allows Stored XSS.This issue affects Video Player for WPBakery: from n/a through 1.0.1.

01/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/video-player-for-wpbakery/vulnerability/wordpress-video-player-for-wpbakery-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

1 Dic 2024

CVE-2024-53746

Título es

CVE-2024-53746

Dom, 01/12/2024 – 22:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-53746

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs Elementor Button Plus allows Stored XSS.This issue affects Elementor Button Plus: from n/a through 1.3.3.

01/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/fd-elementor-button-plus/vulnerability/wordpress-elementor-button-plus-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

1 Dic 2024

CVE-2024-53745

Título es

CVE-2024-53745

Dom, 01/12/2024 – 22:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-53745

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 코스모스팜 – Cosmosfarm 소셜 공유 버튼 By 코스모스팜 allows Stored XSS.This issue affects 소셜 공유 버튼 By 코스모스팜: from n/a through 1.9.

01/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/cosmosfarm-share-buttons/vulnerability/wordpress-social-sharing-buttons-by-cosmos-farm-plugin-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

1 Dic 2024

CVE-2024-53744

Título es

CVE-2024-53744

Dom, 01/12/2024 – 22:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-53744

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Skybootstrap Elementor Image Gallery Plugin allows Stored XSS.This issue affects Elementor Image Gallery Plugin: from n/a through 1.0.3.

01/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/skyboot-portfolio-gallery/vulnerability/wordpress-elementor-image-gallery-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

1 Dic 2024

CVE-2024-53743

Título es

CVE-2024-53743

Dom, 01/12/2024 – 22:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-53743

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs Countdown Timer for Elementor allows Stored XSS.This issue affects Countdown Timer for Elementor: from n/a through 1.3.6.

01/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/countdown-timer-for-elementor/vulnerability/wordpress-countdown-timer-for-elementor-plugin-1-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

1 Dic 2024

CVE-2024-53752

Título es

CVE-2024-53752

Dom, 01/12/2024 – 22:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-53752

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berg Informatik Stripe Donation allows Stored XSS.This issue affects Stripe Donation: from n/a through 1.2.5.

01/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/bin-stripe-donation/vulnerability/wordpress-stripe-donation-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

1 Dic 2024

CVE-2024-53750

Título es

CVE-2024-53750

Dom, 01/12/2024 – 22:15

Tipo

CWE-352

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-53750

Descripción en

Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.

01/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/paypal-responder/vulnerability/wordpress-paypal-responder-plugin-1-2-csrf-to-stored-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

1 Dic 2024

CVE-2024-53749

Título es

CVE-2024-53749

Dom, 01/12/2024 – 22:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-53749

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Stored XSS.This issue affects Post Carousel Slider for Elementor: from n/a through 1.4.0.

01/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/post-carousel-slider-for-elementor/vulnerability/wordpress-post-carousel-slider-for-elementor-plugin-1-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

1 Dic 2024

CVE-2024-12007

Título es

CVE-2024-12007

Dom, 01/12/2024 – 23:15

Tipo

CWE-74

Gravedad v2.0

6.50

Gravedad 2.0 Txt

MEDIUM

Título en

CVE-2024-12007

Descripción en

A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown part of the file /visualizar-produto.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

02/12/2024

Vector CVSS:4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vector CVSS:2.0

AV:N/AC:L/Au:S/C:P/I:P/A:P

Gravedad 4.0

5.30

Gravedad 4.0 txt

MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)

6.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM