4:["$","div",null,{"className":"wrap","children":[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"CollectionPage\",\"name\":\"Vulnerabilidades en bplugins\",\"url\":\"https://vexday.io/es/vendor/bplugins\",\"isPartOf\":{\"@type\":\"WebSite\",\"name\":\"Vexday\",\"url\":\"https://vexday.io\"},\"mainEntity\":{\"@type\":\"ItemList\",\"numberOfItems\":79},\"breadcrumb\":{\"@type\":\"BreadcrumbList\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Inicio\",\"item\":\"https://vexday.io/es\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Tecnologías\",\"item\":\"https://vexday.io/es/vendors\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"bplugins\"}]}}"}}],["$","nav",null,{"className":"crumbs","children":[["$","$La",null,{"href":"/es","children":"Inicio"}]," ",["$","span",null,{"children":"/"}]," ",["$","$La",null,{"href":"/es/vendors","children":"Tecnologías"}]," ",["$","span",null,{"children":"/"}]," ",["$","b",null,{"children":"bplugins"}]]}],["$","div",null,{"className":"sec-head","style":{"marginTop":18},"children":[["$","h1",null,{"style":{"fontSize":"1.7rem","margin":0,"fontFamily":"var(--font-display)","fontWeight":700},"children":["Vulnerabilidades en"," ",["$","span",null,{"style":{"color":"var(--orange)"},"children":"bplugins"}]]}],["$","span",null,{"className":"t","children":["79"," ","resultados"]}]]}],["$","div",null,{"className":"list","children":[["$","$La","CVE-2026-11402",{"className":"item","href":"/es/cve/CVE-2026-11402","children":[["$","span",null,{"className":"cid","children":"CVE-2026-11402"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"Services Section Block <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Block Attribute"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-22815",{"className":"item","href":"/es/cve/CVE-2025-22815","children":[["$","span",null,{"className":"cid","children":"CVE-2025-22815"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Button Block plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-54734",{"className":"item","href":"/es/cve/CVE-2025-54734","children":[["$","span",null,{"className":"cid","children":"CVE-2025-54734"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress B Slider Plugin <= 1.1.30 - Broken Access Control Vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-54708",{"className":"item","href":"/es/cve/CVE-2025-54708","children":[["$","span",null,{"className":"cid","children":"CVE-2025-54708"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress B Blocks Plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2026-1389",{"className":"item","href":"/es/cve/CVE-2026-1389","children":[["$","span",null,{"className":"cid","children":"CVE-2026-1389"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-12388",{"className":"item","href":"/es/cve/CVE-2025-12388","children":[["$","span",null,{"className":"cid","children":"CVE-2025-12388"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-13999",{"className":"item","href":"/es/cve/CVE-2025-13999","children":[["$","span",null,{"className":"cid","children":"CVE-2025-13999"}],["$","span",null,{"className":"sevtag HIGH","children":"HIGH"}],["$","span",null,{"className":"tt2","children":"HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-66110",{"className":"item","href":"/es/cve/CVE-2025-66110","children":[["$","span",null,{"className":"cid","children":"CVE-2025-66110"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Tiktok Feed plugin <= 1.0.23 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2026-27416",{"className":"item","href":"/es/cve/CVE-2026-27416","children":[["$","span",null,{"className":"cid","children":"CVE-2026-27416"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2026-1228",{"className":"item","href":"/es/cve/CVE-2026-1228","children":[["$","span",null,{"className":"cid","children":"CVE-2026-1228"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-54051",{"className":"item","href":"/es/cve/CVE-2025-54051","children":[["$","span",null,{"className":"cid","children":"CVE-2025-54051"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress LightBox Block plugin <= 1.1.30 - Cross Site Scripting (XSS) Vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-12376",{"className":"item","href":"/es/cve/CVE-2025-12376","children":[["$","span",null,{"className":"cid","children":"CVE-2025-12376"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"Icon List Block – Add Icon-Based Lists with Custom Styles <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2026-32359",{"className":"item","href":"/es/cve/CVE-2026-32359","children":[["$","span",null,{"className":"cid","children":"CVE-2026-32359"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Icon List Block plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2025-27326",{"className":"item","href":"/es/cve/CVE-2025-27326","children":[["$","span",null,{"className":"cid","children":"CVE-2025-27326"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Video Gallery Block plugin <= 1.1.0 - Cross Site Scripting (XSS) Vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2026-24520",{"className":"item","href":"/es/cve/CVE-2026-24520","children":[["$","span",null,{"className":"cid","children":"CVE-2026-24520"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.2%"}]]}],false]}]]}],["$","$La","CVE-2026-40729",{"className":"item","href":"/es/cve/CVE-2026-40729","children":[["$","span",null,{"className":"cid","children":"CVE-2026-40729"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2025-54694",{"className":"item","href":"/es/cve/CVE-2025-54694","children":[["$","span",null,{"className":"cid","children":"CVE-2025-54694"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress Button Block Plugin plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-24383",{"className":"item","href":"/es/cve/CVE-2026-24383","children":[["$","span",null,{"className":"cid","children":"CVE-2026-24383"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"WordPress B Slider plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}],["$","$La","CVE-2026-53736",{"className":"item","href":"/es/cve/CVE-2026-53736","children":[["$","span",null,{"className":"cid","children":"CVE-2026-53736"}],["$","span",null,{"className":"sevtag MEDIUM","children":"MEDIUM"}],["$","span",null,{"className":"tt2","children":"Easy Twitter Feeds before 1.2.13 Cross-Site Request Forgery via duplicate_post Action"}],["$","span",null,{"className":"bd","children":[["$","span",null,{"className":"epss","children":["EPSS ",["$","b",null,{"children":"0.1%"}]]}],false]}]]}]]}],["$","div",null,{"className":"pagination","children":[["$","$La",null,{"href":"?page=3","children":"← anterior"}],["$","span",null,{"className":"pgnum","children":["página"," ","4"," / ","4"]}],["$","span",null,{"className":"off","children":"siguiente →"}]]}]]}]