The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2024-32140 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Libsyn Libsyn Publisher Hub allows Stored XSS.This issue affects Libsyn Publisher Hub: from n/a through 1.4.4. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32139 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32138 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in KaizenCoders Short URL allows Reflected XSS.This issue affects Short URL: from n/a through 1.6.8. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32137 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Solwin User Activity Log Pro.This issue affects User Activity Log Pro: from n/a through 2.3.4. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32136 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32135 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1.51. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32134 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook.This issue affects Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT, Webhook: from n/a through 1.1.12. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32133 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Michael Schuppenies EZ Form Calculator allows Reflected XSS.This issue affects EZ Form Calculator: from n/a through 2.14.0.3. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32132 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Codeboxr Team CBX Bookmark & Favorite.This issue affects CBX Bookmark & Favorite: from n/a through 1.7.20. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32130 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Paystack Payment Forms for Paystack allows Stored XSS.This issue affects Payment Forms for Paystack: from n/a through 3.4.1. | -- | Apr 17, 2024 | n/a |
| CVE-2024-32129 | URL Redirection to Untrusted Site (\'Open Redirect\') vulnerability in Freshworks Freshdesk (official).This issue affects Freshdesk (official): from n/a through 2.3.4. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32128 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32127 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Markus Seyer Find Duplicates.This issue affects Find Duplicates: from n/a through 1.4.6. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32126 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jeroen Peters Navigation menu as Dropdown Widget allows Stored XSS.This issue affects Navigation menu as Dropdown Widget: from n/a through 1.3.4. | -- | Apr 18, 2024 | n/a |
| CVE-2024-32125 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Booking Algorithms BA Book Everything.This issue affects BA Book Everything: from n/a through 1.6.4. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32112 | Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.This issue affects Leadinfo: from n/a through 1.0. | -- | Apr 11, 2024 | n/a |
| CVE-2024-32109 | Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode.This issue affects WP Matterport Shortcode: from n/a through 2.1.8. | -- | Apr 11, 2024 | n/a |
| CVE-2024-32108 | Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Convert Post Types.This issue affects Convert Post Types: from n/a through 1.4. | -- | Apr 11, 2024 | n/a |
| CVE-2024-32107 | Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. | -- | Apr 11, 2024 | n/a |
| CVE-2024-32106 | Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One].This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.10.35. | -- | Apr 11, 2024 | n/a |
| CVE-2024-32105 | Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. | -- | Apr 11, 2024 | n/a |
| CVE-2024-32104 | Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.18.1. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32103 | Cross-Site Request Forgery (CSRF) vulnerability in Siteimprove.This issue affects Siteimprove: from n/a through 2.0.6. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32102 | Cross-Site Request Forgery (CSRF) vulnerability in Scott Kingsley Clark Crony Cronjob Manager.This issue affects Crony Cronjob Manager: from n/a through 0.5.0. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32101 | Cross-Site Request Forgery (CSRF) vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.14.3. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32099 | Cross-Site Request Forgery (CSRF) vulnerability in James Ward WP Mail Catcher.This issue affects WP Mail Catcher: from n/a through 2.1.6. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32098 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Page Visit Counter Advanced Page Visit Counter.This issue affects Advanced Page Visit Counter: from n/a through 8.0.6. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32097 | Cross-Site Request Forgery (CSRF) vulnerability in Eyal Fitoussi GEO my WordPress.This issue affects GEO my WordPress: from n/a through 4.1. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32096 | Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through 1.11.2. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32095 | Cross-Site Request Forgery (CSRF) vulnerability in MultiParcels MultiParcels Shipping For WooCommerce.This issue affects MultiParcels Shipping For WooCommerce: from n/a before 1.16.9. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32094 | Cross-Site Request Forgery (CSRF) vulnerability in ChurchThemes Church Content – Sermons, Events and More.This issue affects Church Content – Sermons, Events and More: from n/a through 2.6. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32093 | Cross-Site Request Forgery (CSRF) vulnerability in Nose Graze Novelist.This issue affects Novelist: from n/a through 1.2.2. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32092 | Cross-Site Request Forgery (CSRF) vulnerability in Michael Bester Kimili Flash Embed.This issue affects Kimili Flash Embed: from n/a through 2.5.3. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32091 | Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slider.This issue affects Sangar Slider: from n/a through 1.3.2. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32090 | Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32089 | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32088 | Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.15.20. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32087 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.This issue affects Product Feed on WooCommerce for Google: from n/a through 3.5.7. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32086 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1. | -- | Apr 16, 2024 | n/a |
| CVE-2024-32085 | Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32084 | Cross-Site Request Forgery (CSRF) vulnerability in Gold Plugins Before And After.This issue affects Before And After: from n/a through 3.9. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32083 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Varun Kumar Easy Logo allows Stored XSS.This issue affects Easy Logo: from n/a through 1.9.3. | -- | Apr 11, 2024 | n/a |
| CVE-2024-32082 | Cross-Site Request Forgery (CSRF) vulnerability in kp4coder Sync Post With Other Site allows Cross-Site Scripting (XSS).This issue affects Sync Post With Other Site: from n/a through 1.5.1. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32080 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Nick Pelton Search Keyword Redirect allows Stored XSS.This issue affects Search Keyword Redirect: from n/a through 1.0. | -- | Apr 11, 2024 | n/a |
| CVE-2024-32079 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2. | -- | Apr 15, 2024 | n/a |
| CVE-2024-32041 | -- | Apr 17, 2024 | n/a | |
| CVE-2024-32040 | -- | Apr 17, 2024 | n/a | |
| CVE-2024-32039 | -- | Apr 17, 2024 | n/a | |
| CVE-2024-32036 | ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp\'s JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8. | -- | Apr 16, 2024 | n/a |
| CVE-2024-32035 | ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8. | -- | Apr 16, 2024 | n/a |
