Seguridad WordPress

Base de datos de vulnerabilidades

Fuente base: WPScan. Cada ficha puede incluir enriquecimiento editorial con IA para contexto técnico, impacto y mitigación.

Buscar

Tipo

Severidad

39.461 vulnerabilidades

wordpress

378

plugin

36132

theme

2951

MEDIUM CVSS 4.3

PLUGIN rce CVE-2025-48284

Japanized For WooCommerce <= 2.6.40 - Cross-Site Request Forgery

woocommerce-for-japan

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin 'Japanized For WooCommerce' en versiones hasta la 2.6.40. Est…

MEDIUM CVSS 4.3

PLUGIN csrf CVE-2025-48259

WP Mapa Politico España <= 3.8.0 - Cross-Site Request Forgery

wp-mapa-politico-spain

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin WP Mapa Político España, que afecta a las versiones hasta la …

MEDIUM CVSS 4.3

PLUGIN rce CVE-2025-48265

Year Make Model Search for WooCommerce <= 1.0.11 - Cross-Site Request Forgery

ymm-search

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin 'Year Make Model Search for WooCommerce' en versiones hasta l…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48254

Change Add to Cart Button Text for WooCommerce <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

add-to-cart-button-labels-for-woocommerce

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo XSS almacenado en el plugin 'Change Add to Cart Button Text for WooCommerce' en versiones anteriores a la 2.…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48253

Free Shipping Bar: Amount Left for Free Shipping for WooCommerce <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

amount-left-free-shipping-woocommerce

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin 'Free Shipping Bar: Amount Left for Free Shipping for WooCommerce' e…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48252

Back Button Widget <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

back-button-widget

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin Back Button Widget, afectando a versiones hasta la 1.6.8. Esta falla…

MEDIUM CVSS 6.1

THEME xss CVE-2025-31054

Bloggie <= 2.0.8 - Unauthenticated Stored Cross-Site Scripting

bloggie

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) no autenticado en el tema Bloggie, que afecta a las versiones hasta la 2.0.8. Est…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48236

bunny.net <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

bunnycdn

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenado en el plugin bunny.net, afectando a versiones anteriores a 2.3.1. Esta…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48240

Cost of Goods for WooCommerce <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

cost-of-goods-for-woocommerce

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin 'Cost of Goods for WooCommerce' en versiones anteriores a la 3.7.1. …

MEDIUM CVSS 4.4

PLUGIN xss CVE-2025-48277

Cost Calculator Builder <= 3.2.74 - Authenticated (Administrator+) Stored Cross-Site Scripting

cost-calculator-builder

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin Cost Calculator Builder en versiones hasta 3.2.74. Este fallo permit…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48251

Additional Custom Emails & Recipients for WooCommerce <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

custom-emails-for-woocommerce

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin 'Additional Custom Emails & Recipients for WooCommerce' en versiones…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48263

MultiVendorX <= 4.2.22 - Authenticated (Contributor+) Stored Cross-Site Scripting

dc-woocommerce-multi-vendor

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin MultiVendorX, afectando a versiones hasta la 4.2.22. Esta vulnerabil…

Base de datos de vulnerabilidades

Japanized For WooCommerce <= 2.6.40 - Cross-Site Request Forgery

WP Mapa Politico España <= 3.8.0 - Cross-Site Request Forgery

Year Make Model Search for WooCommerce <= 1.0.11 - Cross-Site Request Forgery

Change Add to Cart Button Text for WooCommerce <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Free Shipping Bar: Amount Left for Free Shipping for WooCommerce <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Back Button Widget <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Bloggie <= 2.0.8 - Unauthenticated Stored Cross-Site Scripting

bunny.net <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Cost of Goods for WooCommerce <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Cost Calculator Builder <= 3.2.74 - Authenticated (Administrator+) Stored Cross-Site Scripting

Additional Custom Emails &amp; Recipients for WooCommerce <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

MultiVendorX <= 4.2.22 - Authenticated (Contributor+) Stored Cross-Site Scripting

Additional Custom Emails & Recipients for WooCommerce <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting