Base de Datos de Vulnerabilidades de WordPress

Plugin Importador Ultimate Tag Warrior de WordPress <= 0.2 - Vulnerabilidad de Cross-Site Request Forgery

WordPress LWSCache plugin <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin Function vulnerability

WordPress List Subpages plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter vulnerability

Plugin WordPress OSM Map Widget para Elementor <= 1.3.0 - Vulnerabilidad de Cross-Site Scripting almacenada a través de la URL del botón (Contribuyente+)

Complemento de eventos de WordPress para Elementor <= 2.2.9 - Autenticado (Contribuyente+) XSS almacenado a través de la vulnerabilidad de los widgets Typewriter y Countdown

WordPress RingCentral Communications plugin 1.5-1.6.8 - Missing Server‑Side Verification to Authentication Bypass via ringcentral_admin_login_2fa_verify Function

WordPress Unlimited Elements For Elementor plugin <= 1.5.148 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Video Share VOD – Turnkey Video Site Builder Script plugin <= 2.7.6 - Cross-Site Request Forgery to Command Injection vulnerability

WordPress Simple Download Monitor plugin <= 3.9.33 – Authenticated (Contributor+) SQL Injection via order parameter in Log Export functionality vulnerability

WordPress Dynamic AJAX Product Filters for WooCommerce plugin <= 1.3.7 - Vulnerabilidad de Cross-Site Scripting almacenado autenticado (Contributor+) a través del parámetro name