4:["$","div",null,{"className":"wrap","children":[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"CollectionPage\",\"name\":\"Vulnerabilidades en ThemeHunk\",\"url\":\"https://vexday.io/es/vendor/ThemeHunk\",\"isPartOf\":{\"@type\":\"WebSite\",\"name\":\"Vexday\",\"url\":\"https://vexday.io\"},\"mainEntity\":{\"@type\":\"ItemList\",\"numberOfItems\":32},\"breadcrumb\":{\"@type\":\"BreadcrumbList\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Inicio\",\"item\":\"https://vexday.io/es\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Tecnologías\",\"item\":\"https://vexday.io/es/vendors\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"ThemeHunk\"}]}}"}}],["$","nav",null,{"className":"crumbs","children":[["$","$La",null,{"href":"/es","children":"Inicio"}]," ",["$","span",null,{"children":"/"}]," ",["$","$La",null,{"href":"/es/vendors","children":"Tecnologías"}]," ",["$","span",null,{"children":"/"}]," ",["$","b",null,{"children":"ThemeHunk"}]]}],["$","div",null,{"className":"sec-head","style":{"marginTop":18},"children":[["$","h1",null,{"style":{"fontSize":"1.7rem","margin":0,"fontFamily":"var(--font-display)","fontWeight":700},"children":["Vulnerabilidades en"," ",["$","span",null,{"style":{"color":"var(--orange)"},"children":"ThemeHunk"}]]}],["$","span",null,{"className":"t","children":["32"," ","resultados"]}]]}],["$","div",null,{"className":"list","children":[["$","$La","CVE-2026-1454",{"className":"item","href":"/es/cve/CVE-2026-1454","children":[["$","span",null,{"className":"cid","children":"CVE-2026-1454"}],["$","span",null,{"className":"sevtag HIGH","children":"HIGH"}],["$","span",null,{"className":"tt2","children":"Responsive Contact Form Builder & Lead Generation Plugin <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-4420",{"className":"item","href":"/es/cve/CVE-2025-4420","children":[["$","span",null,{"className":"cid","children":"CVE-2025-4420"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"Vayu Blocks <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-9378",{"className":"item","href":"/es/cve/CVE-2025-9378","children":[["$","span",null,{"className":"cid","children":"CVE-2025-9378"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"Vayu Blocks <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Block Attributes"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-30990",{"className":"item","href":"/es/cve/CVE-2025-30990","children":[["$","span",null,{"className":"cid","children":"CVE-2025-30990"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress ThemeHunk plugin <= 1.2.0 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-22644",{"className":"item","href":"/es/cve/CVE-2025-22644","children":[["$","span",null,{"className":"cid","children":"CVE-2025-22644"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Vayu Blocks – Gutenberg Blocks plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-12040",{"className":"item","href":"/es/cve/CVE-2025-12040","children":[["$","span",null,{"className":"cid","children":"CVE-2025-12040"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"Wishlist for WooCommerce <= 1.1.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2023-28688",{"className":"item","href":"/es/cve/CVE-2023-28688","children":[["$","span",null,{"className":"cid","children":"CVE-2023-28688"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress TH Variation Swatches plugin <= 1.2.7 - Cross-Site Request Forgery (CSRF) vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2024-13511",{"className":"item","href":"/es/cve/CVE-2024-13511","children":[["$","span",null,{"className":"cid","children":"CVE-2024-13511"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"Variation Swatches for WooCommerce 1.0.8 - 1.3.2 - Cross-Site Request Forgery to Plugin Settings Reset"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2023-25969",{"className":"item","href":"/es/cve/CVE-2023-25969","children":[["$","span",null,{"className":"cid","children":"CVE-2023-25969"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-69344",{"className":"item","href":"/es/cve/CVE-2025-69344","children":[["$","span",null,{"className":"cid","children":"CVE-2025-69344"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2026-25438",{"className":"item","href":"/es/cve/CVE-2026-25438","children":[["$","span",null,{"className":"cid","children":"CVE-2026-25438"}],["$","span",null,{"className":"sevtag HIGH","children":"HIGH"}],["$","span",null,{"className":"tt2","children":"WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-32532",{"className":"item","href":"/es/cve/CVE-2026-32532","children":[["$","span",null,{"className":"cid","children":"CVE-2026-32532"}],["$","span",null,{"className":"sevtag HIGH","children":"HIGH"}],["$","span",null,{"className":"tt2","children":"WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}]]}],["$","div",null,{"className":"pagination","children":[["$","$La",null,{"href":"?page=1","children":"← anterior"}],["$","span",null,{"className":"pgnum","children":["página"," ","2"," / ","2"]}],["$","span",null,{"className":"off","children":"siguiente →"}]]}]]}]