CVE-2025-1571

CVE-2025-1571

Título es
CVE-2025-1571

Vie, 28/02/2025 – 07:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1571

Descripción en
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Image Comparison Widgets in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

28/02/2025

28/02/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
6.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias


  • https://plugins.trac.wordpress.org/changeset/3245128/

  • Exclusive Addons for Elementor



  • https://www.wordfence.com/threat-intel/vulnerabilities/id/dd2ec0b3-2784-4506-99f4-05187527fe6d?source=cve

    • Enviar en el boletín
    Off

    CVE-2025-1405

    CVE-2025-1405

    Título es
    CVE-2025-1405

    Vie, 28/02/2025 – 07:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1405

    Descripción en
    The Product Catalog Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_products shortcode in all versions up to, and including, 1.7.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://plugins.trac.wordpress.org/changeset/3246414/

  • Product Catalog Simple



  • https://www.wordfence.com/threat-intel/vulnerabilities/id/c2ddd9a2-79d7-4f9c-9832-25c3363d3ce9?source=cve

    • Enviar en el boletín
    Off

    CVE-2025-1572

    CVE-2025-1572

    Título es
    CVE-2025-1572

    Vie, 28/02/2025 – 08:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1572

    Descripción en
    The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘u_id’ parameter in all versions up to, and including, 3.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with doctor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/trunk/app/controllers/KCPatientController.php#L330

  • https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/trunk/app/controllers/KCPatientController.php#L331

  • https://plugins.trac.wordpress.org/changeset/3245759/

  • https://plugins.trac.wordpress.org/changeset/3245759/kivicare-clinic-management-system/trunk/app/controllers/KCPatientController.php

  • KiviCare – Clinic & Patient Management System (EHR)



  • https://www.wordfence.com/threat-intel/vulnerabilities/id/eb6b0c35-b478-4616-a708-1fd243c95c14?source=cve

    • Enviar en el boletín
    Off

    CVE-2024-54173

    CVE-2024-54173

    Título es
    CVE-2024-54173

    Vie, 28/02/2025 – 03:15

    Tipo
    CWE-1323

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-54173

    Descripción en
    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.ibm.com/support/pages/node/7183370

    • Enviar en el boletín
    Off

    CVE-2025-23225

    CVE-2025-23225

    Título es
    CVE-2025-23225

    Vie, 28/02/2025 – 03:15

    Tipo
    CWE-230

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23225

    Descripción en
    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.ibm.com/support/pages/node/7183372

    • Enviar en el boletín
    Off

    CVE-2025-0975

    CVE-2025-0975

    Título es
    CVE-2025-0975

    Vie, 28/02/2025 – 03:15

    Tipo
    CWE-150

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0975

    Descripción en
    IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias


  • https://www.ibm.com/support/pages/node/7183467

    • Enviar en el boletín
    Off

    CVE-2025-0823

    CVE-2025-0823

    Título es
    CVE-2025-0823

    Vie, 28/02/2025 – 03:15

    Tipo
    CWE-22

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-0823

    Descripción en
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 and 12.0.0 through 12.0.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.ibm.com/support/pages/node/7183676

    • Enviar en el boletín
    Off

    CVE-2024-56340

    CVE-2024-56340

    Título es
    CVE-2024-56340

    Vie, 28/02/2025 – 03:15

    Tipo
    CWE-23

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56340

    Descripción en
    IBM Cognos Analytics 11.2.0 through 11.2.4 FP5 is vulnerable to local file inclusion vulnerability, allowing an attacker to access sensitive files by inserting path traversal payloads inside the deficon parameter.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://www.ibm.com/support/pages/node/7183676

    • Enviar en el boletín
    Off

    CVE-2025-1744

    CVE-2025-1744

    Título es
    CVE-2025-1744

    Vie, 28/02/2025 – 04:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-1744

    Descripción en
    Out-of-bounds Write vulnerability in radareorg radare2 allows

    heap-based buffer over-read or buffer overflow.This issue affects radare2: before

    28/02/2025

    28/02/2025

    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    10.00

    Gravedad 4.0 txt
    CRITICAL

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/radareorg/radare2/pull/23969

    • Enviar en el boletín
    Off

    CVE-2024-13796

    CVE-2024-13796

    Título es
    CVE-2024-13796

    Vie, 28/02/2025 – 05:15

    Tipo
    CWE-200

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-13796

    Descripción en
    The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the /wp-json/post-grid/v2/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://plugins.trac.wordpress.org/browser/post-grid/trunk/includes/blocks/functions-rest.php?rev=3242718#L2055

  • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3245187%40post-grid&new=3245187%40post-grid

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/0407223a-cd41-43d1-87b0-d6b83b57d4b3?source=cve

    • Enviar en el boletín
    Off