marzo 2025 - Página 174 de 185

3 Mar 2025

CVE-2025-27269

Título es
CVE-2025-27269

Lun, 03/03/2025 – 14:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27269

Descripción en
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound .htaccess Login block allows Reflected XSS. This issue affects .htaccess Login block: from n/a through 0.9a.

03/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/htaccess-login-block/vulnerability/wordpress-htaccess-login-block-plugin-0-9a-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-27268

Título es
CVE-2025-27268

Lun, 03/03/2025 – 14:15

Tipo
CWE-89

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27268

Descripción en
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.18.

03/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
9.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

https://patchstack.com/database/wordpress/plugin/small-package-quotes-wwe-edition/vulnerability/wordpress-small-package-quotes-worldwide-express-edition-plugin-5-2-18-sql-injection-vulnerability?_s_id=cve

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-27264

Título es
CVE-2025-27264

Lun, 03/03/2025 – 14:15

Tipo
CWE-98

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27264

Descripción en
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Doctor Appointment Booking allows PHP Local File Inclusion. This issue affects Doctor Appointment Booking: from n/a through 1.0.0.

03/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
7.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/doctor-appointment-booking/vulnerability/wordpress-doctor-appointment-booking-plugin-1-0-0-local-file-inclusion-vulnerability?_s_id=cve

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-27279

Título es
CVE-2025-27279

Lun, 03/03/2025 – 14:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27279

Descripción en
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Flashfader allows Reflected XSS. This issue affects Flashfader: from n/a through 1.1.1.

03/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/flashfader/vulnerability/wordpress-flashfader-plugin-1-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-27278

Título es
CVE-2025-27278

Lun, 03/03/2025 – 14:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27278

Descripción en
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound AcuGIS Leaflet Maps allows Reflected XSS. This issue affects AcuGIS Leaflet Maps: from n/a through 5.1.1.0.

03/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/mapfig-premium-leaflet-map-maker/vulnerability/wordpress-acugis-leaflet-maps-plugin-5-1-1-0-multiple-cross-site-scripting-xss-vulnerabilities?_s_id=cve

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-27275

Título es
CVE-2025-27275

Lun, 03/03/2025 – 14:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-27275

Descripción en
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andrew_fisher WOO Codice Fiscale allows Reflected XSS. This issue affects WOO Codice Fiscale: from n/a through 1.6.3.

03/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/woo-codice-fiscale/vulnerability/wordpress-woo-codice-fiscale-plugin-1-6-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín
Off

3 Mar 2025

CVE-2025-23738

Título es
CVE-2025-23738

Lun, 03/03/2025 – 14:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-23738

Descripción en
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ps Ads Pro allows Reflected XSS. This issue affects Ps Ads Pro: from n/a through 1.0.0.

03/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

https://patchstack.com/database/wordpress/plugin/ps-ads-pro/vulnerability/wordpress-ps-ads-pro-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Enviar en el boletín
Off