The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-54400 | Cross-Site Request Forgery (CSRF) vulnerability in MELONIQ.NET AppMaps allows Stored XSS.This issue affects AppMaps: from n/a through 1.1. | -- | Dec 16, 2024 |
| CVE-2024-54399 | Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through 1.0.2. | -- | Dec 16, 2024 |
| CVE-2024-54398 | Cross-Site Request Forgery (CSRF) vulnerability in Project Caruso Flaming Forms allows Stored XSS.This issue affects Flaming Forms: from n/a through 1.0.1. | -- | Dec 16, 2024 |
| CVE-2024-54397 | Cross-Site Request Forgery (CSRF) vulnerability in Antonio Gocaj Go Animate allows Stored XSS.This issue affects Go Animate: from n/a through 1.0. | -- | Dec 16, 2024 |
| CVE-2024-54396 | Cross-Site Request Forgery (CSRF) vulnerability in Ryan Bet sport Free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through 1.0.0. | -- | Dec 16, 2024 |
| CVE-2024-54395 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Becky Sanders Increase Sociability allows Reflected XSS.This issue affects Increase Sociability: from n/a through 1.3.0. | -- | Dec 16, 2024 |
| CVE-2024-54394 | Cross-Site Request Forgery (CSRF) vulnerability in Web solution soft Mandrill WP allows Stored XSS.This issue affects Mandrill WP: from n/a through 1.0.5. | -- | Dec 16, 2024 |
| CVE-2024-54393 | Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through 1.0. | -- | Dec 16, 2024 |
| CVE-2024-54392 | Cross-Site Request Forgery (CSRF) vulnerability in Midoks WP????? allows Stored XSS.This issue affects WP?????: from n/a through 5.3.5. | -- | Dec 16, 2024 |
| CVE-2024-54391 | Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPress Filter allows Stored XSS.This issue affects WordPress Filter: from n/a through 1.4.1. | -- | Dec 16, 2024 |
| CVE-2024-54390 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Bouzid Nazim Zitouni TagGator allows Reflected XSS.This issue affects TagGator: from n/a through 1.54. | -- | Dec 16, 2024 |
| CVE-2024-54389 | Cross-Site Request Forgery (CSRF) vulnerability in Eduardo Chiaro addWeather allows Cross Site Request Forgery.This issue affects addWeather: from n/a through 2.5.1. | -- | Dec 16, 2024 |
| CVE-2024-54388 | Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through 1.0. | -- | Dec 16, 2024 |
| CVE-2024-54387 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jaytesh Barange Posts Date Ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through 2.2. | -- | Dec 16, 2024 |
| CVE-2024-54386 | Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9. | -- | Dec 16, 2024 |
| CVE-2024-54385 | Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through 2.0.82. | -- | Dec 16, 2024 |
| CVE-2024-54384 | Missing Authorization vulnerability in eLightUp Falcon – WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through 2.8.3. | -- | Dec 16, 2024 |
| CVE-2024-54383 | Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9. | -- | Dec 18, 2024 |
| CVE-2024-54382 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5. | -- | Dec 16, 2024 |
| CVE-2024-54381 | Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1. | -- | Dec 18, 2024 |
| CVE-2024-54380 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Filippo Bodei WP Cookies Enabler allows PHP Local File Inclusion.This issue affects WP Cookies Enabler: from n/a through 1.0.1. | -- | Dec 16, 2024 |
| CVE-2024-54379 | Missing Authorization vulnerability in Blokhaus Minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through 1.0.5. | -- | Dec 16, 2024 |
| CVE-2024-54378 | Missing Authorization vulnerability in Quietly Quietly Insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through 1.2.2. | -- | Dec 16, 2024 |
| CVE-2024-54376 | Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in Spider-themes EazyDocs.This issue affects EazyDocs: from n/a through 2.5.5. | -- | Dec 16, 2024 |
| CVE-2024-54375 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Sabri Taieb Woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through 1.7.0. | -- | Dec 16, 2024 |
| CVE-2024-54374 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Sabri Taieb Sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through 1.5.6. | -- | Dec 16, 2024 |
| CVE-2024-54373 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Chris Gårdenberg, MultiNet Interactive AB EduAdmin Booking allows PHP Local File Inclusion.This issue affects EduAdmin Booking: from n/a through 5.2.0. | -- | Dec 16, 2024 |
| CVE-2024-54372 | Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4. | -- | Dec 16, 2024 |
| CVE-2024-54370 | Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0. | -- | Dec 16, 2024 |
| CVE-2024-54369 | Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2. | -- | Dec 16, 2024 |
| CVE-2024-54368 | Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0. | -- | Dec 16, 2024 |
| CVE-2024-54367 | Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0. | -- | Dec 16, 2024 |
| CVE-2024-54366 | Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4. | -- | Dec 16, 2024 |
| CVE-2024-54365 | Incorrect Privilege Assignment vulnerability in Halim KH Easy User Settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through 1.0.0. | -- | Dec 16, 2024 |
| CVE-2024-54364 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Spartac Feedpress Generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through 1.2.1. | -- | Dec 16, 2024 |
| CVE-2024-54363 | Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0. | -- | Dec 16, 2024 |
| CVE-2024-54361 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2. | -- | Dec 16, 2024 |
| CVE-2024-54360 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in premila Gutensee allows DOM-Based XSS.This issue affects Gutensee: from n/a through 1.0.1. | -- | Dec 16, 2024 |
| CVE-2024-54359 | Missing Authorization vulnerability in Saul Morales Pacheco Banner System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Banner System: from n/a through 1.0.0. | -- | Dec 16, 2024 |
| CVE-2024-54358 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Avatar 3D Creator 3D Avatar User Profile allows Reflected XSS.This issue affects 3D Avatar User Profile: from n/a through 1.0.0. | -- | Dec 16, 2024 |
| CVE-2024-54357 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10. | -- | Dec 16, 2024 |
| CVE-2024-54356 | Cross-Site Request Forgery (CSRF) vulnerability in vCita.com Online Booking & Scheduling Calendar for WordPress by vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5. | -- | Dec 16, 2024 |
| CVE-2024-54355 | Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0. | -- | Dec 16, 2024 |
| CVE-2024-54354 | Missing Authorization vulnerability in Beat Kueffer Termin-Kalender allows Stored XSS.This issue affects Termin-Kalender: from n/a through 0.99.47. | -- | Dec 16, 2024 |
| CVE-2024-54353 | Cross-Site Request Forgery (CSRF) vulnerability in WPGear Hack-Info allows Stored XSS.This issue affects Hack-Info: from n/a through 3.17. | -- | Dec 16, 2024 |
| CVE-2024-54352 | Cross-Site Request Forgery (CSRF) vulnerability in Sabri Taieb Sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through 1.5.2. | -- | Dec 16, 2024 |
| CVE-2024-54351 | Cross-Site Request Forgery (CSRF) vulnerability in Tom Landis Fancy Roller Scroller allows Stored XSS.This issue affects Fancy Roller Scroller: from n/a through 1.4.0. | -- | Dec 13, 2024 |
| CVE-2024-54350 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in HJYL hmd allows Stored XSS.This issue affects hmd: from n/a through 2.0. | -- | Dec 18, 2024 |
| CVE-2024-54349 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in mashiurz.com Plain Post allows Stored XSS.This issue affects Plain Post: from n/a through 1.0.3. | -- | Dec 13, 2024 |
| CVE-2024-54348 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in YayCommerce Brand allows Stored XSS.This issue affects Brand: from n/a through 1.1.6. | -- | Dec 16, 2024 |
