CVE-2025-24597

CVE-2025-24597

Título es
CVE-2025-24597

Vie, 31/01/2025 – 09:15

Tipo
CWE-201

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-24597

Descripción en
Insertion of Sensitive Information Into Sent Data vulnerability in UkrSolution Barcode Generator for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.2.

31/01/2025
31/01/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://patchstack.com/database/wordpress/plugin/embedding-barcodes-into-product-pages-and-orders/vulnerability/wordpress-barcode-generator-for-woocommerce-plugin-2-0-2-sensitive-data-exposure-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-24563

    CVE-2025-24563

    Título es
    CVE-2025-24563

    Vie, 31/01/2025 – 09:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24563

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGlow Cleanup – Directory Listing & Classifieds WordPress Plugin allows Reflected XSS. This issue affects Cleanup – Directory Listing & Classifieds WordPress Plugin: from n/a through 1.0.4.

    31/01/2025
    31/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/cleanup-light/vulnerability/wordpress-cleanup-directory-listing-classifieds-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-24749

    CVE-2025-24749

    Título es
    CVE-2025-24749

    Vie, 31/01/2025 – 09:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24749

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through 1.2.5.

    31/01/2025
    31/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/ezpz-sp/vulnerability/wordpress-ezpz-saml-sp-single-sign-on-sso-plugin-1-2-5-csrf-to-stored-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-24718

    CVE-2025-24718

    Título es
    CVE-2025-24718

    Vie, 31/01/2025 – 09:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24718

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows Reflected XSS. This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.1.1.

    31/01/2025
    31/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/activitytime/vulnerability/wordpress-wp-sessions-time-monitoring-full-automatic-plugin-1-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-24710

    CVE-2025-24710

    Título es
    CVE-2025-24710

    Vie, 31/01/2025 – 09:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24710

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Gwolle Guestbook allows Reflected XSS. This issue affects Gwolle Guestbook: from n/a through 4.7.1.

    31/01/2025
    31/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/gwolle-gb/vulnerability/wordpress-gwolle-guestbook-plugin-4-7-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-24686

    CVE-2025-24686

    Título es
    CVE-2025-24686

    Vie, 31/01/2025 – 09:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24686

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss User Registration Forms RegistrationMagic allows Reflected XSS. This issue affects RegistrationMagic: from n/a through 6.0.3.3.

    31/01/2025
    31/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/custom-registration-form-builder-with-submission-manager/vulnerability/wordpress-registrationmagic-plugin-6-0-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-24635

    CVE-2025-24635

    Título es
    CVE-2025-24635

    Vie, 31/01/2025 – 09:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24635

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paytm Paytm Payment Donation allows Reflected XSS. This issue affects Paytm Payment Donation: from n/a through 2.3.1.

    31/01/2025
    31/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/paytm-donation/vulnerability/wordpress-paytm-donation-plugin-plugin-2-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-24632

    CVE-2025-24632

    Título es
    CVE-2025-24632

    Vie, 31/01/2025 – 09:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24632

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce allows Reflected XSS. This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.9.0.

    31/01/2025
    31/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/advanced-dynamic-pricing-for-woocommerce/vulnerability/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-9-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2024-13463

    CVE-2024-13463

    Título es
    CVE-2024-13463

    Vie, 31/01/2025 – 04:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-13463

    Descripción en
    The SeatReg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'seatreg' shortcode in all versions up to, and including, 1.56.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    31/01/2025
    31/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3227873%40seatreg&new=3227873%40seatreg#file1224

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/769bc1fa-4f41-431e-9907-6e03d2c921be?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-47900

    CVE-2024-47900

    Título es
    CVE-2024-47900

    Vie, 31/01/2025 – 04:15

    Tipo
    CWE-823

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-47900

    Descripción en
    Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.

    31/01/2025
    31/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.imaginationtech.com/gpu-driver-vulnerabilities/

    • Enviar en el boletín
    Off