CVE-2025-3070

CVE-2025-3070

Título es
CVE-2025-3070

Mié, 02/04/2025 – 01:15

Tipo
CWE-20

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-3070

Descripción en
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

02/04/2025
02/04/2025
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html

  • https://issues.chromium.org/issues/40086360

    • Enviar en el boletín
    Off

    CVE-2025-3068

    CVE-2025-3068

    Título es
    CVE-2025-3068

    Mié, 02/04/2025 – 01:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3068

    Descripción en
    Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

    02/04/2025
    02/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html

  • https://issues.chromium.org/issues/401823929

    • Enviar en el boletín
    Off

    CVE-2025-3069

    CVE-2025-3069

    Título es
    CVE-2025-3069

    Mié, 02/04/2025 – 01:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3069

    Descripción en
    Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

    02/04/2025
    02/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html

  • https://issues.chromium.org/issues/40060076

    • Enviar en el boletín
    Off

    CVE-2025-3067

    CVE-2025-3067

    Título es
    CVE-2025-3067

    Mié, 02/04/2025 – 01:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3067

    Descripción en
    Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)

    02/04/2025
    02/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html

  • https://issues.chromium.org/issues/376491759

    • Enviar en el boletín
    Off

    CVE-2025-31628

    CVE-2025-31628

    Título es
    CVE-2025-31628

    Mar, 01/04/2025 – 21:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31628

    Descripción en
    Missing Authorization vulnerability in SlicedInvoices Sliced Invoices. This issue affects Sliced Invoices: from n/a through 3.9.4.

    01/04/2025
    01/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/sliced-invoices/vulnerability/wordpress-sliced-invoices-plugin-3-9-4-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-31619

    CVE-2025-31619

    Título es
    CVE-2025-31619

    Mar, 01/04/2025 – 21:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31619

    Descripción en
    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync allows SQL Injection. This issue affects Actionwear products sync: from n/a through 2.3.3.

    01/04/2025
    01/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/actionwear-products-sync/vulnerability/wordpress-actionwear-products-sync-plugin-2-3-3-sql-injection-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-31612

    CVE-2025-31612

    Título es
    CVE-2025-31612

    Mar, 01/04/2025 – 21:15

    Tipo
    CWE-502

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31612

    Descripción en
    Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll allows Object Injection. This issue affects CBX Poll: from n/a through 1.2.7.

    01/04/2025
    01/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    9.80

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://patchstack.com/database/wordpress/plugin/cbxpoll/vulnerability/wordpress-cbx-poll-plugin-1-2-7-php-object-injection-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-31594

    CVE-2025-31594

    Título es
    CVE-2025-31594

    Mar, 01/04/2025 – 21:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31594

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPglob Auto scroll for reading allows Reflected XSS. This issue affects Auto scroll for reading: from n/a through 1.1.4.

    01/04/2025
    01/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/auto-scroll-for-reading/vulnerability/wordpress-auto-scroll-for-reading-plugin-1-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-31753

    CVE-2025-31753

    Título es
    CVE-2025-31753

    Mar, 01/04/2025 – 21:15

    Tipo
    CWE-352

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31753

    Descripción en
    Cross-Site Request Forgery (CSRF) vulnerability in Animesh Kumar Advanced Speed Increaser. This issue affects Advanced Speed Increaser: from n/a through 2.2.1.

    01/04/2025
    01/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/advanced-speed-increaser/vulnerability/wordpress-advanced-speed-increaser-plugin-2-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-31889

    CVE-2025-31889

    Título es
    CVE-2025-31889

    Mar, 01/04/2025 – 21:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31889

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor. This issue affects Extensions for Elementor: from n/a through 2.0.40.

    01/04/2025
    01/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/extensions-for-elementor/vulnerability/wordpress-extensions-for-elementor-plugin-2-0-40-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off