Seguridad WordPress

Base de datos de vulnerabilidades

Fuente base: WPScan. Cada ficha puede incluir enriquecimiento editorial con IA para contexto técnico, impacto y mitigación.

Buscar

Tipo

Severidad

39.461 vulnerabilidades

wordpress

378

plugin

36132

theme

2951

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48249

EAN for WooCommerce <= 5.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

ean-for-woocommerce

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenado en el plugin EAN for WooCommerce, afectando a las versiones hasta la 5…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48288

ElementInvader Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

elementinvader-addons-for-elementor

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin ElementInvader Addons for Elementor, que afecta a las versiones hast…

MEDIUM CVSS 4.4

PLUGIN xss CVE-2025-48244

Exclusive Addons Elementor <= 2.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

exclusive-addons-for-elementor

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin Exclusive Addons for Elementor, afectando a versiones hasta la 2.7.9…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48258

Mega Menu Block <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

getwid-megamenu

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin Mega Menu Block en versiones hasta la 1.0.6. Este fallo permite a us…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48248

Sitewide Discount for WooCommerce: Apply Discount to All Products <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

global-shop-discount-for-woocommerce

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin 'Sitewide Discount for WooCommerce' en versiones hasta la 2.2.1. Est…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48256

Import Social Events <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

import-facebook-events

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin 'Import Social Events' en versiones hasta la 1.8.5. Esta falla permi…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48239

Product Notes Tab & Private Admin Notes for WooCommerce <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

product-notes-for-woocommerce

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin 'Product Notes Tab & Private Admin Notes for WooCommerce' en version…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48266

Active Products Tables for WooCommerce <= 1.0.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

profit-products-tables-for-woocommerce

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin 'Active Products Tables for WooCommerce' en versiones hasta la 1.0.6…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48270

SKT Blocks <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

skt-blocks

Publicado: 19/05/2025

La vulnerabilidad identificada en el plugin SKT Blocks, que afecta a versiones hasta la 2.2, permite la ejecución de scripts maliciosos mediante Cross-Sit…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48234

Ultimate Blocks <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

ultimate-blocks

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin Ultimate Blocks, que afecta a las versiones hasta la 3.3.0. Esta vul…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48250

Coupons & Add to Cart by URL Links for WooCommerce <= 1.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

url-coupons-for-woocommerce-by-algoritmika

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin 'Coupons & Add to Cart by URL Links for WooCommerce' en versiones ha…

MEDIUM CVSS 6.4

PLUGIN xss CVE-2025-48276

Visual Composer Website Builder <= 45.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

visualcomposer

Publicado: 19/05/2025

Se ha identificado una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin Visual Composer Website Builder, que afecta a las versiones hasta la…

Base de datos de vulnerabilidades

EAN for WooCommerce <= 5.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

ElementInvader Addons for Elementor <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Exclusive Addons Elementor <= 2.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mega Menu Block <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sitewide Discount for WooCommerce: Apply Discount to All Products <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Import Social Events <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Product Notes Tab & Private Admin Notes for WooCommerce <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Active Products Tables for WooCommerce <= 1.0.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

SKT Blocks <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Ultimate Blocks <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Coupons &amp; Add to Cart by URL Links for WooCommerce <= 1.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Visual Composer Website Builder <= 45.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Coupons & Add to Cart by URL Links for WooCommerce <= 1.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting