CVE-2025-31625

CVE-2025-31625

Título es
CVE-2025-31625

Lun, 31/03/2025 – 13:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-31625

Descripción en
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ramanparashar Useinfluence allows Stored XSS. This issue affects Useinfluence: from n/a through 1.0.8.

31/03/2025
31/03/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)
7.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias

  • https://patchstack.com/database/wordpress/plugin/useinfluence/vulnerability/wordpress-useinfluence-plugin-1-0-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-31624

    CVE-2025-31624

    Título es
    CVE-2025-31624

    Lun, 31/03/2025 – 13:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31624

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LABCAT Processing Projects allows DOM-Based XSS. This issue affects Processing Projects: from n/a through 1.0.2.

    31/03/2025
    31/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/processing-projects/vulnerability/wordpress-processing-projects-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-31623

    CVE-2025-31623

    Título es
    CVE-2025-31623

    Lun, 31/03/2025 – 13:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31623

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor allows Stored XSS. This issue affects Rich Text Editor: from n/a through 1.0.1.

    31/03/2025
    31/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/richtexteditor/vulnerability/wordpress-rich-text-editor-plugin-1-0-1-csrf-to-stored-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-31621

    CVE-2025-31621

    Título es
    CVE-2025-31621

    Lun, 31/03/2025 – 13:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31621

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in davidpaulsson byBrick Accordion allows Stored XSS. This issue affects byBrick Accordion: from n/a through 1.0.

    31/03/2025
    31/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/bybrick-accordion/vulnerability/wordpress-bybrick-accordion-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-31620

    CVE-2025-31620

    Título es
    CVE-2025-31620

    Lun, 31/03/2025 – 13:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31620

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in carperfer CoverManager allows Stored XSS. This issue affects CoverManager: from n/a through 0.0.1.

    31/03/2025
    31/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/covermanager/vulnerability/wordpress-covermanager-plugin-0-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-31618

    CVE-2025-31618

    Título es
    CVE-2025-31618

    Lun, 31/03/2025 – 13:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31618

    Descripción en
    Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through 1.0.9.

    31/03/2025
    31/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/connector-civicrm-mcrestface/vulnerability/wordpress-connector-to-civicrm-with-civimcrestface-plugin-1-0-9-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-31629

    CVE-2025-31629

    Título es
    CVE-2025-31629

    Lun, 31/03/2025 – 13:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31629

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacob Allred Infusionsoft Web Form JavaScript allows Stored XSS. This issue affects Infusionsoft Web Form JavaScript: from n/a through 1.1.1.

    31/03/2025
    31/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/infusionsoft-web-form-javascript/vulnerability/wordpress-infusionsoft-web-form-javascript-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-31627

    CVE-2025-31627

    Título es
    CVE-2025-31627

    Lun, 31/03/2025 – 13:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31627

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media Library Assistant allows Stored XSS. This issue affects Media Library Assistant: from n/a through 3.24.

    31/03/2025
    31/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.90

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/media-library-assistant/vulnerability/wordpress-media-library-assistant-plugin-3-24-stored-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-23995

    CVE-2025-23995

    Título es
    CVE-2025-23995

    Lun, 31/03/2025 – 11:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-23995

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ta2g Tantyyellow allows Reflected XSS.This issue affects Tantyyellow: from n/a through 1.0.0.5.

    31/03/2025
    31/03/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/theme/tantyyellow/vulnerability/wordpress-tantyyellow-theme-1-0-0-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-3021

    CVE-2025-3021

    Título es
    CVE-2025-3021

    Lun, 31/03/2025 – 11:15

    Tipo
    CWE-22

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3021

    Descripción en
    Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the ‘file’ parameter in the /downloadReport.php endpoint.

    31/03/2025
    31/03/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    8.70

    Gravedad 4.0 txt
    HIGH

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-e-management-e-solutions

    • Enviar en el boletín
    Off