The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2024-31220 | Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface outside of localhost may be affected, depending on firewall configuration. To exploit vulnerability, attacker could make an http/s request to the `node_modules` endpoint if user exposed Sunshine config web server to internet or attacker is on the LAN. Version 0.18.0 contains a patch for this issue. As a workaround, one may block access to Sunshine via firewall. | -- | Apr 8, 2024 | n/a |
CVE-2024-31221 | Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability. | -- | Apr 8, 2024 | n/a |
CVE-2024-31224 | GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version. | -- | Apr 8, 2024 | n/a |
CVE-2024-31229 | Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3. | -- | Apr 18, 2024 | n/a |
CVE-2024-31230 | Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2. | -- | Apr 10, 2024 | n/a |
CVE-2024-31233 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Sizam Rehub.This issue affects Rehub: from n/a through 19.6.1. | -- | Apr 8, 2024 | n/a |
CVE-2024-31234 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Sizam REHub Framework.This issue affects REHub Framework: from n/a before 19.6.2. | -- | Apr 8, 2024 | n/a |
CVE-2024-31235 | Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5. | -- | Apr 15, 2024 | n/a |
CVE-2024-31236 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93. | -- | Apr 8, 2024 | n/a |
CVE-2024-31238 | Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5. | -- | Apr 15, 2024 | n/a |
CVE-2024-31239 | Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3. | -- | Apr 15, 2024 | n/a |
CVE-2024-31240 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1. | -- | Apr 10, 2024 | n/a |
CVE-2024-31241 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3. | -- | Apr 8, 2024 | n/a |
CVE-2024-31242 | Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17. | -- | Apr 10, 2024 | n/a |
CVE-2024-31245 | Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5. | -- | Apr 10, 2024 | n/a |
CVE-2024-31247 | Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3. | -- | Apr 10, 2024 | n/a |
CVE-2024-31249 | Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725. | -- | Apr 10, 2024 | n/a |
CVE-2024-31250 | Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3. | -- | Apr 15, 2024 | n/a |
CVE-2024-31251 | Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1. | -- | Apr 15, 2024 | n/a |
CVE-2024-31253 | URL Redirection to Untrusted Site (\'Open Redirect\') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3. | -- | Apr 10, 2024 | n/a |
CVE-2024-31254 | Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. | -- | Apr 10, 2024 | n/a |
CVE-2024-31255 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts allows Reflected XSS.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | -- | Apr 8, 2024 | n/a |
CVE-2024-31256 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WebinarPress allows Reflected XSS.This issue affects WebinarPress: from n/a through 1.33.9. | -- | Apr 8, 2024 | n/a |
CVE-2024-31257 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Formsite Formsite | Embed online forms to collect orders, registrations, leads, and surveys allows Stored XSS.This issue affects Formsite | Embed online forms to collect orders, registrations, leads, and surveys: from n/a through 1.6. | -- | Apr 8, 2024 | n/a |
CVE-2024-31258 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Micro.Company Form to Chat App allows Stored XSS.This issue affects Form to Chat App: from n/a through 1.1.6. | -- | Apr 8, 2024 | n/a |
CVE-2024-31259 | Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5. | -- | Apr 10, 2024 | n/a |
CVE-2024-31260 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.2. | -- | Apr 8, 2024 | n/a |
CVE-2024-31262 | Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8. | -- | Apr 15, 2024 | n/a |
CVE-2024-31263 | Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4. | -- | Apr 15, 2024 | n/a |
CVE-2024-31264 | Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions. | -- | Apr 15, 2024 | n/a |
CVE-2024-31265 | Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34. | -- | Apr 15, 2024 | n/a |
CVE-2024-31266 | Improper Control of Generation of Code (\'Code Injection\') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a through 3.4.4. | -- | Apr 25, 2024 | n/a |
CVE-2024-31268 | Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. | -- | Apr 15, 2024 | n/a |
CVE-2024-31269 | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11. | -- | Apr 15, 2024 | n/a |
CVE-2024-31271 | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. | -- | Apr 15, 2024 | n/a |
CVE-2024-31272 | Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. | -- | Apr 15, 2024 | n/a |
CVE-2024-31277 | Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32. | -- | Apr 8, 2024 | n/a |
CVE-2024-31278 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons for Elementor.This issue affects Premium Addons for Elementor: from n/a through 4.10.22. | -- | Apr 10, 2024 | n/a |
CVE-2024-31279 | Cross-Site Request Forgery (CSRF) vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0. | -- | Apr 15, 2024 | n/a |
CVE-2024-31280 | Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5. | -- | Apr 8, 2024 | n/a |
CVE-2024-31282 | URL Redirection to Untrusted Site (\'Open Redirect\') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7. | -- | Apr 10, 2024 | n/a |
CVE-2024-31285 | Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3. | -- | Apr 11, 2024 | n/a |
CVE-2024-31286 | Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005. | -- | Apr 8, 2024 | n/a |
CVE-2024-31287 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8. | -- | Apr 10, 2024 | n/a |
CVE-2024-31288 | Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.This issue affects RapidLoad Power-Up for Autoptimize: from n/a through 2.2.11. | -- | Apr 8, 2024 | n/a |
CVE-2024-31289 | Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0. | -- | Apr 15, 2024 | n/a |
CVE-2024-31291 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6. | -- | Apr 8, 2024 | n/a |
CVE-2024-31292 | Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5. | -- | Apr 8, 2024 | n/a |
CVE-2024-31293 | Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6. | -- | Apr 15, 2024 | n/a |
CVE-2024-31296 | Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81. | -- | Apr 8, 2024 | n/a |