The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2023-39307 | Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. | -- | Mar 26, 2024 |
| CVE-2023-38388 | Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5. | -- | Mar 26, 2024 |
| CVE-2023-33855 | Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676. | -- | Mar 26, 2024 |
| CVE-2023-33322 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25. | -- | Mar 26, 2024 |
| CVE-2023-32237 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1. | -- | Mar 26, 2024 |
| CVE-2023-29386 | Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0. | -- | Mar 26, 2024 |
| CVE-2023-28787 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.4. | -- | Mar 26, 2024 |
| CVE-2023-28687 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate: from n/a through 1.0.8; Cream Blog: from n/a through 2.1.3; Cream Magazine: from n/a through 2.1.4. | -- | Mar 26, 2024 |
| CVE-2023-27630 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.0.9.0. | -- | Mar 26, 2024 |
| CVE-2023-27459 | Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1. | -- | Mar 26, 2024 |
| CVE-2023-27440 | Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17. | -- | Mar 26, 2024 |
| CVE-2023-25965 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in mbbhatti Upload Resume.This issue affects Upload Resume: from n/a through 1.2.0. | -- | Mar 26, 2024 |
| CVE-2023-23991 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3. | -- | Mar 26, 2024 |
| CVE-2023-23656 | Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1. | -- | Mar 26, 2024 |
| CVE-2023-7251 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901. | -- | Mar 26, 2024 |
| CVE-2023-7232 | The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data | -- | Mar 26, 2024 |
| CVE-2023-6091 | Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through 2.7.1. | -- | Mar 26, 2024 |
| CVE-2021-36759 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-35342. Reason: This candidate is a reservation duplicate of CVE-2021-35342. Notes: All CVE users should reference CVE-2021-35342 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Mar 26, 2024 |
| CVE-2024-30238 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.2. | -- | Mar 27, 2024 |
| CVE-2024-30201 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4. | -- | Mar 27, 2024 |
| CVE-2024-30199 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP Lab WP-Lister Lite for Amazon allows Reflected XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.8. | -- | Mar 27, 2024 |
| CVE-2024-30198 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5. | -- | Mar 27, 2024 |
| CVE-2024-30197 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26. | -- | Mar 27, 2024 |
| CVE-2024-30196 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Appscreo Easy Social Share Buttons allows Reflected XSS.This issue affects Easy Social Share Buttons: from n/a through 9.4. | -- | Mar 27, 2024 |
| CVE-2024-30195 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Semenov New RoyalSlider allows Reflected XSS.This issue affects New RoyalSlider: from n/a through 3.4.2. | -- | Mar 27, 2024 |
| CVE-2024-30194 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.1.1. | -- | Mar 27, 2024 |
| CVE-2024-30193 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17. | -- | Mar 27, 2024 |
| CVE-2024-30192 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2. | -- | Mar 27, 2024 |
| CVE-2024-30186 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BdThemes Prime Slider – Addons For Elementor allows Stored XSS.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.1. | -- | Mar 27, 2024 |
| CVE-2024-30185 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3. | -- | Mar 27, 2024 |
| CVE-2024-30184 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Looking Forward Software Incorporated. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a through 4.2.6. | -- | Mar 27, 2024 |
| CVE-2024-30183 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Builder: from n/a through 3.7. | -- | Mar 27, 2024 |
| CVE-2024-30182 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in HasThemes HT Mega allows Stored XSS.This issue affects HT Mega: from n/a through 2.4.3. | -- | Mar 27, 2024 |
| CVE-2024-30181 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.30. | -- | Mar 27, 2024 |
| CVE-2024-30180 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Easy Social Feed allows Stored XSS.This issue affects Easy Social Feed: from n/a through 6.5.3. | -- | Mar 27, 2024 |
| CVE-2024-30179 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 4.7.6. | -- | Mar 27, 2024 |
| CVE-2024-30178 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Patrick Posner Simply Static allows Stored XSS.This issue affects Simply Static: from n/a through 3.1.3. | -- | Mar 27, 2024 |
| CVE-2024-30177 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8. | -- | Mar 27, 2024 |
| CVE-2024-29946 | In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. | -- | Mar 27, 2024 |
| CVE-2024-29945 | In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. | -- | Mar 27, 2024 |
| CVE-2024-29936 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Stored XSS.This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4. | -- | Mar 27, 2024 |
| CVE-2024-29935 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in SinaExtra Sina Extension for Elementor allows Stored XSS.This issue affects Sina Extension for Elementor: from n/a through 3.5.0. | -- | Mar 27, 2024 |
| CVE-2024-29934 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.25. | -- | Mar 27, 2024 |
| CVE-2024-29933 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10. | -- | Mar 27, 2024 |
| CVE-2024-29932 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. | -- | Mar 27, 2024 |
| CVE-2024-29931 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP Go Maps (formerly WP Google Maps) WP Google Maps allows Reflected XSS.This issue affects WP Google Maps: from n/a through 9.0.29. | -- | Mar 27, 2024 |
| CVE-2024-29930 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in CurrencyRate.Today Crypto Converter Widget allows Stored XSS.This issue affects Crypto Converter Widget: from n/a through 1.8.4. | -- | Mar 27, 2024 |
| CVE-2024-29929 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce allows Stored XSS.This issue affects WCFM – Frontend Manager for WooCommerce: from n/a through 6.7.8. | -- | Mar 27, 2024 |
| CVE-2024-29928 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.1. | -- | Mar 27, 2024 |
| CVE-2024-29927 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in HasTheme WishSuite allows Stored XSS.This issue affects WishSuite: from n/a through 1.3.7. | -- | Mar 27, 2024 |
