The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2024-32826 | Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0. | -- | Apr 26, 2024 |
CVE-2024-32825 | Insertion of Sensitive Information into Log File vulnerability in Patrick Posner Simply Static.This issue affects Simply Static: from n/a through 3.1.3. | -- | Apr 24, 2024 |
CVE-2024-32823 | Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.4. | -- | Apr 24, 2024 |
CVE-2024-32822 | Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through 1.3.4. | -- | Apr 26, 2024 |
CVE-2024-32819 | Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue affects Culqi: from n/a through 3.0.14. | -- | Apr 24, 2024 |
CVE-2024-32817 | Deserialization of Untrusted Data vulnerability in Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.2. | -- | Apr 24, 2024 |
CVE-2024-32816 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78. | -- | Apr 24, 2024 |
CVE-2024-32815 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jeroen Peters All-in-one Like Widget allows Stored XSS.This issue affects All-in-one Like Widget: from n/a through 2.2.7. | -- | Apr 24, 2024 |
CVE-2024-32812 | Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11. | -- | Apr 24, 2024 |
CVE-2024-32810 | Missing Authorization vulnerability in ShortPixel ShortPixel Critical CSS.This issue affects ShortPixel Critical CSS: from n/a through 1.0.2. | -- | May 3, 2024 |
CVE-2024-32808 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | -- | Apr 24, 2024 |
CVE-2024-32806 | Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule Headline Analyzer.This issue affects Headline Analyzer: from n/a through 1.3.3. | -- | Apr 24, 2024 |
CVE-2024-32803 | Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon SuperFaktura WooCommerce.This issue affects SuperFaktura WooCommerce: from n/a through 1.40.3. | -- | Apr 24, 2024 |
CVE-2024-32801 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ShapedPlugin Widget Post Slider allows Stored XSS.This issue affects Widget Post Slider: from n/a through 1.3.5. | -- | Apr 24, 2024 |
CVE-2024-32796 | Insertion of Sensitive Information into Log File vulnerability in Very Good Plugins WP Fusion Lite.This issue affects WP Fusion Lite: from n/a through 3.42.10. | -- | Apr 24, 2024 |
CVE-2024-32795 | Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8. | -- | Apr 24, 2024 |
CVE-2024-32794 | Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. | -- | Apr 24, 2024 |
CVE-2024-32793 | Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. | -- | Apr 24, 2024 |
CVE-2024-32791 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.25. | -- | Apr 24, 2024 |
CVE-2024-32789 | Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through 8.1.0. | -- | Apr 24, 2024 |
CVE-2024-32788 | Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2. | -- | Apr 24, 2024 |
CVE-2024-32785 | Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack Elementor addons allows Cross-Site Scripting (XSS).This issue affects The Pack Elementor addons: from n/a through 2.0.8.3. | -- | Apr 24, 2024 |
CVE-2024-32782 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HasThemes HT Mega.This issue affects HT Mega: from n/a through 2.4.7. | -- | Apr 24, 2024 |
CVE-2024-32781 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0. | -- | Apr 24, 2024 |
CVE-2024-32780 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in E4J s.R.L. VikRentCar.This issue affects VikRentCar: from n/a through 1.3.2. | -- | Apr 24, 2024 |
CVE-2024-32775 | Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9. | -- | Apr 24, 2024 |
CVE-2024-32773 | Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elementor Kit.This issue affects Royal Elementor Kit: from n/a through 1.0.116. | -- | Apr 24, 2024 |
CVE-2024-32772 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | -- | Apr 24, 2024 |
CVE-2024-32766 | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later | -- | Apr 26, 2024 |
CVE-2024-32764 | A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later | -- | Apr 26, 2024 |
CVE-2024-32746 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module. | -- | Apr 18, 2024 |
CVE-2024-32745 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module. | -- | Apr 18, 2024 |
CVE-2024-32744 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module. | -- | Apr 18, 2024 |
CVE-2024-32743 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module. | -- | Apr 18, 2024 |
CVE-2024-32728 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0. | -- | Apr 24, 2024 |
CVE-2024-32726 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashboard.This issue affects Frontend Dashboard: from n/a through 2.2.2. | -- | Apr 24, 2024 |
CVE-2024-32723 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Code Tides Advanced Floating Content allows Stored XSS.This issue affects Advanced Floating Content: from n/a through 1.2.5. | -- | Apr 24, 2024 |
CVE-2024-32722 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5. | -- | Apr 24, 2024 |
CVE-2024-32721 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.3. | -- | Apr 24, 2024 |
CVE-2024-32718 | Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2. | -- | Apr 24, 2024 |
CVE-2024-32716 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StreamWeasels StreamWeasels Twitch Integration.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.8. | -- | Apr 24, 2024 |
CVE-2024-32711 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.6.3. | -- | Apr 24, 2024 |
CVE-2024-32710 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | -- | Apr 24, 2024 |
CVE-2024-32709 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | -- | Apr 24, 2024 |
CVE-2024-32707 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in GhozyLab Image Slider Widget allows Stored XSS.This issue affects Image Slider Widget: from n/a through 1.1.125. | -- | Apr 24, 2024 |
CVE-2024-32706 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4. | -- | Apr 24, 2024 |
CVE-2024-32702 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through 6.4. | -- | Apr 24, 2024 |
CVE-2024-32699 | Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommerce Compare.This issue affects YITH WooCommerce Compare: from n/a through 2.37.0. | -- | Apr 24, 2024 |
CVE-2024-32698 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.4. | -- | Apr 22, 2024 |
CVE-2024-32697 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.5. | -- | Apr 22, 2024 |