enero 2025 - Página 137 de 167

7 Ene 2025

CVE-2025-22319

Título es

CVE-2025-22319

Mar, 07/01/2025 – 17:15

Tipo

CWE-862

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22319

Descripción en

Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47.

07/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/mashsharer/vulnerability/wordpress-mashshare-plugin-4-0-47-broken-access-control-vulnerability?_s_id=cve

Enviar en el boletín

Off

7 Ene 2025

CVE-2025-22306

Título es

CVE-2025-22306

Mar, 07/01/2025 – 17:15

Tipo

CWE-538

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22306

Descripción en

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7.

07/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/link-whisper/vulnerability/wordpress-link-whisper-free-plugin-0-7-7-sensitive-data-exposure-vulnerability?_s_id=cve

Enviar en el boletín

Off

7 Ene 2025

CVE-2025-22296

Título es

CVE-2025-22296

Mar, 07/01/2025 – 17:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22296

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Hash Elements.This issue affects Hash Elements: from n/a through 1.4.9.

07/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/hash-elements/vulnerability/wordpress-hash-elements-plugin-1-4-9-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

7 Ene 2025

CVE-2025-22500

Título es

CVE-2025-22500

Mar, 07/01/2025 – 17:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22500

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Ali Alpha Price Table For Elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through 1.0.8.

07/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/alpha-price-table-for-elementor/vulnerability/wordpress-alpha-price-table-for-elementor-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

7 Ene 2025

CVE-2025-22365

Título es

CVE-2025-22365

Mar, 07/01/2025 – 17:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22365

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a through 1.3.

07/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/emc2-alert-boxes/vulnerability/wordpress-emc2-alert-boxes-plugin-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

7 Ene 2025

CVE-2025-22363

Título es

CVE-2025-22363

Mar, 07/01/2025 – 17:15

Tipo

CWE-862

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22363

Descripción en

Missing Authorization vulnerability in ORION Allada T-shirt Designer for Woocommerce.This issue affects Allada T-shirt Designer for Woocommerce: from n/a through 1.1.

07/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/allada-tshirt-designer-for-woocommerce/vulnerability/wordpress-allada-t-shirt-designer-for-woocommerce-plugin-1-1-broken-access-control-vulnerability?_s_id=cve

Enviar en el boletín

Off

7 Ene 2025

CVE-2025-22354

Título es

CVE-2025-22354

Mar, 07/01/2025 – 17:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22354

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Themes Digi Store allows DOM-Based XSS.This issue affects Digi Store: from n/a through 1.1.4.

07/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/theme/digi-store/vulnerability/wordpress-digi-store-theme-1-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

7 Ene 2025

CVE-2025-22350

Título es

CVE-2025-22350

Mar, 07/01/2025 – 17:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22350

Descripción en

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: from n/a through 3.9.

07/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.60

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/indeed-learning-pro/vulnerability/wordpress-indeed-ultimate-learning-pro-plugin-3-9-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín

Off

7 Ene 2025

CVE-2025-22621

Título es

CVE-2025-22621

Mar, 07/01/2025 – 17:15

Tipo

CWE-269

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22621

Descripción en

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the “admin“ Splunk roles.

07/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

6.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://advisory.splunk.com/advisories/SVD-2025-0101

Enviar en el boletín

Off

7 Ene 2025

CVE-2024-52367

Título es

CVE-2024-52367

Mar, 07/01/2025 – 12:15

Tipo

CWE-497

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-52367

Descripción es

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1 y 1.0.3 podría revelar información confidencial del sistema a un actor no autorizado que podría utilizarse en futuros ataques contra el sistema.

Descripción en

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system.

07/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://www.ibm.com/support/pages/node/7180303

Enviar en el boletín

Off

Archivos mensuales: enero 2025