CVE-2025-28940

CVE-2025-28940

Título es
CVE-2025-28940

Mar, 11/03/2025 – 21:15

Tipo
CWE-352

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-28940

Descripción en
Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0.

11/03/2025

11/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias


  • https://patchstack.com/database/wordpress/plugin/backtotop/vulnerability/wordpress-back-to-top-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-28938

    CVE-2025-28938

    Título es
    CVE-2025-28938

    Mar, 11/03/2025 – 21:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-28938

    Descripción en
    Missing Authorization vulnerability in Bjoern WP Performance Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Performance Pack: from n/a through 2.5.3.

    11/03/2025

    11/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://patchstack.com/database/wordpress/plugin/wp-performance-pack/vulnerability/wordpress-wp-performance-pack-plugin-2-5-3-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-28937

    CVE-2025-28937

    Título es
    CVE-2025-28937

    Mar, 11/03/2025 – 21:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-28937

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lavacode Lava Ajax Search allows Stored XSS. This issue affects Lava Ajax Search: from n/a through 1.1.9.

    11/03/2025

    11/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://patchstack.com/database/wordpress/plugin/lava-ajax-search/vulnerability/wordpress-lava-ajax-search-plugin-1-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-28936

    CVE-2025-28936

    Título es
    CVE-2025-28936

    Mar, 11/03/2025 – 21:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-28936

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sakurapixel Lunar allows Stored XSS. This issue affects Lunar: from n/a through 1.3.0.

    11/03/2025

    11/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://patchstack.com/database/wordpress/plugin/lunar-sell-photos-online/vulnerability/wordpress-lunar-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-28933

    CVE-2025-28933

    Título es
    CVE-2025-28933

    Mar, 11/03/2025 – 21:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-28933

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in maxfoundry MaxA/B allows Stored XSS. This issue affects MaxA/B: from n/a through 2.2.2.

    11/03/2025

    11/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://patchstack.com/database/wordpress/plugin/maxab/vulnerability/wordpress-maxa-b-plugin-2-2-2-csrf-to-stored-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-28932

    CVE-2025-28932

    Título es
    CVE-2025-28932

    Mar, 11/03/2025 – 21:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-28932

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in BCS Website Solutions Insert Code allows Stored XSS. This issue affects Insert Code: from n/a through 2.4.

    11/03/2025

    11/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://patchstack.com/database/wordpress/plugin/insert-code/vulnerability/wordpress-insert-code-plugin-2-4-csrf-to-stored-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-28931

    CVE-2025-28931

    Título es
    CVE-2025-28931

    Mar, 11/03/2025 – 21:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-28931

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in DevriX Hashtags allows Stored XSS. This issue affects Hashtags: from n/a through 0.3.2.

    11/03/2025

    11/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://patchstack.com/database/wordpress/plugin/wp-hashtags/vulnerability/wordpress-wordpress-hashtags-plugin-0-3-2-csrf-to-stored-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-2012

    CVE-2025-2012

    Título es
    CVE-2025-2012

    Mar, 11/03/2025 – 21:15

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-2012

    Descripción en
    Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    The specific flaw exists within the parsing of VS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25185.

    11/03/2025

    11/03/2025

    Vector CVSS:3.1
    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://www.zerodayinitiative.com/advisories/ZDI-25-119/

    • Enviar en el boletín
    Off

    CVE-2025-28943

    CVE-2025-28943

    Título es
    CVE-2025-28943

    Mar, 11/03/2025 – 21:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-28943

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mylo2h2s DP ALTerminator – Missing ALT manager allows Stored XSS. This issue affects DP ALTerminator – Missing ALT manager: from n/a through 1.0.2.

    11/03/2025

    11/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://patchstack.com/database/wordpress/plugin/dp-alterminator-missing-alt-manager/vulnerability/wordpress-dp-alterminator-missing-alt-manager-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-28941

    CVE-2025-28941

    Título es
    CVE-2025-28941

    Mar, 11/03/2025 – 21:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-28941

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye allows Cross Site Request Forgery. This issue affects Spam Byebye: from n/a through 2.2.4.

    11/03/2025

    11/03/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://patchstack.com/database/wordpress/plugin/spam-byebye/vulnerability/wordpress-spam-bybye-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off