enero 2025 - Página 63 de 167

21 Ene 2025

CVE-2025-22735

Título es

CVE-2025-22735

Mar, 21/01/2025 – 14:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22735

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TaxoPress WordPress Tag Cloud Plugin – Tag Groups allows Reflected XSS. This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through 2.0.4.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/tag-groups/vulnerability/wordpress-tag-cloud-plugin-tag-groups-plugin-2-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2025-22733

Título es

CVE-2025-22733

Mar, 21/01/2025 – 14:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22733

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPHocus My auctions allegro allows Reflected XSS. This issue affects My auctions allegro: from n/a through 3.6.18.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/my-auctions-allegro-free-edition/vulnerability/wordpress-my-auctions-allegro-plugin-3-6-18-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2025-22732

Título es

CVE-2025-22732

Mar, 21/01/2025 – 14:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22732

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Admiral Ad Blocking Detector allows Stored XSS. This issue affects Ad Blocking Detector: from n/a through 3.6.0.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/ad-blocking-detector/vulnerability/wordpress-ad-blocking-detector-plugin-3-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2025-22727

Título es

CVE-2025-22727

Mar, 21/01/2025 – 14:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22727

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS. This issue affects MailChimp Subscribe Forms : from n/a through 4.1.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/mailchimp-subscribe-sm/vulnerability/wordpress-mailchimp-subscribe-form-plugin-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2025-22723

Título es

CVE-2025-22723

Mar, 21/01/2025 – 14:15

Tipo

CWE-434

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22723

Descripción en

Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Upload a Web Shell to a Web Server. This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.7.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

9.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

CRITICAL

Referencias

https://patchstack.com/database/wordpress/plugin/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/vulnerability/wordpress-barcode-scanner-and-inventory-manager-plugin-1-6-7-arbitrary-file-upload-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2025-24001

Título es

CVE-2025-24001

Mar, 21/01/2025 – 14:15

Tipo

CWE-352

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-24001

Descripción en

Cross-Site Request Forgery (CSRF) vulnerability in PPO Việt Nam (ppo.vn) PPO Call To Actions allows Cross Site Request Forgery. This issue affects PPO Call To Actions: from n/a through 0.1.3.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/ppo-call-to-actions/vulnerability/wordpress-ppo-call-to-actions-plugin-0-1-3-csrf-to-stored-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2025-23998

Título es

CVE-2025-23998

Mar, 21/01/2025 – 14:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-23998

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rara Theme UltraLight allows Reflected XSS. This issue affects UltraLight: from n/a through 1.2.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/theme/the-ultralight/vulnerability/wordpress-ultralight-theme-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2025-23997

Título es

CVE-2025-23997

Mar, 21/01/2025 – 14:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-23997

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dev@tamara.co Tamara Checkout allows Stored XSS. This issue affects Tamara Checkout: from n/a through 1.9.8.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/tamara-checkout/vulnerability/wordpress-tamara-checkout-plugin-1-9-8-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2025-22825

Título es

CVE-2025-22825

Mar, 21/01/2025 – 14:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-22825

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Desk Flexible PDF Coupons allows Stored XSS. This issue affects Flexible PDF Coupons: from n/a through n/a.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://patchstack.com/database/wordpress/plugin/flexible-coupons/vulnerability/wordpress-flexible-pdf-coupons-plugin-1-10-3-stored-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

21 Ene 2025

CVE-2024-49700

Título es

CVE-2024-49700

Mar, 21/01/2025 – 14:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-49700

Descripción en

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ARPrice allows Reflected XSS. This issue affects ARPrice: from n/a through 4.0.3.

21/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín

Off

Archivos mensuales: enero 2025