The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-49593 | In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin\'s fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP Engine alternative update mechanism for the free version of ACF, then you can follow the process shown at the advancedcustomfields.com blog URL within the References section below. | -- | Oct 17, 2024 |
| CVE-2024-49580 | In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin could lead to response information disclosure | -- | Oct 17, 2024 |
| CVE-2024-49579 | In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests | -- | Oct 17, 2024 |
| CVE-2024-49400 | Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed. | -- | Oct 17, 2024 |
| CVE-2024-49399 | The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. | -- | Oct 17, 2024 |
| CVE-2024-49398 | The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code. | -- | Oct 17, 2024 |
| CVE-2024-49397 | The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts. | -- | Oct 17, 2024 |
| CVE-2024-49396 | The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information. | -- | Oct 17, 2024 |
| CVE-2024-49392 | Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | -- | Oct 17, 2024 |
| CVE-2024-49391 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | -- | Oct 17, 2024 |
| CVE-2024-49390 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | -- | Oct 17, 2024 |
| CVE-2024-49389 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | -- | Oct 17, 2024 |
| CVE-2024-49388 | Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | -- | Oct 15, 2024 |
| CVE-2024-49387 | Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | -- | Oct 15, 2024 |
| CVE-2024-49386 | Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | -- | Oct 17, 2024 |
| CVE-2024-49384 | Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | -- | Oct 15, 2024 |
| CVE-2024-49383 | Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | -- | Oct 15, 2024 |
| CVE-2024-49382 | Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | -- | Oct 15, 2024 |
| CVE-2024-49340 | IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | -- | Oct 16, 2024 |
| CVE-2024-49322 | Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0. | -- | Oct 17, 2024 |
| CVE-2024-49320 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Dennis Hoppe Encyclopedia / Glossary / Wiki allows Reflected XSS.This issue affects Encyclopedia / Glossary / Wiki: from n/a through 1.7.60. | -- | Oct 17, 2024 |
| CVE-2024-49319 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in B.M. Rafiul Alam Awesome Contact Form7 for Elementor allows Stored XSS.This issue affects Awesome Contact Form7 for Elementor: from n/a through 3.0. | -- | Oct 17, 2024 |
| CVE-2024-49318 | Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object Injection.This issue affects My Reading Library: from n/a through 1.0. | -- | Oct 17, 2024 |
| CVE-2024-49317 | Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in ZIPANG Point Maker allows PHP Local File Inclusion.This issue affects Point Maker: from n/a through 0.1.4. | -- | Oct 17, 2024 |
| CVE-2024-49316 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in zodiac Akismet htaccess writer allows Reflected XSS.This issue affects Akismet htaccess writer: from n/a through 1.0.1. | -- | Oct 17, 2024 |
| CVE-2024-49315 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in CodeFlock FREE DOWNLOAD MANAGER allows Path Traversal.This issue affects FREE DOWNLOAD MANAGER: from n/a through 1.0.0. | -- | Oct 17, 2024 |
| CVE-2024-49314 | Unrestricted Upload of File with Dangerous Type vulnerability in ?? JiangQie Free Mini Program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through 2.5.2. | -- | Oct 17, 2024 |
| CVE-2024-49313 | Cross-Site Request Forgery (CSRF) vulnerability in RudeStan VKontakte Wall Post allows Stored XSS.This issue affects VKontakte Wall Post: from n/a through 2.0. | -- | Oct 17, 2024 |
| CVE-2024-49312 | Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.7. | -- | Oct 17, 2024 |
| CVE-2024-49311 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in WisdmLabs Edwiser Bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through 3.0.7. | -- | Oct 17, 2024 |
| CVE-2024-49310 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.0. | -- | Oct 17, 2024 |
| CVE-2024-49309 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Digitally allows Reflected XSS.This issue affects Digitally: from n/a through 1.0.8. | -- | Oct 17, 2024 |
| CVE-2024-49308 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Toast Plugins Animator allows Reflected XSS.This issue affects Animator: from n/a through 3.0.11. | -- | Oct 17, 2024 |
| CVE-2024-49307 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Oliver Schlöbe Admin Management Xtended allows Stored XSS.This issue affects Admin Management Xtended: from n/a through 2.4.6. | -- | Oct 17, 2024 |
| CVE-2024-49305 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in WPFactory Email Verification for WooCommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through 2.8.10. | -- | Oct 17, 2024 |
| CVE-2024-49304 | Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Stored XSS.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1. | -- | Oct 17, 2024 |
| CVE-2024-49302 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Portfoliohub WordPress Portfolio Builder – Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder – Portfolio Gallery: from n/a through 1.1.7. | -- | Oct 17, 2024 |
| CVE-2024-49301 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Sinan Yorulmaz G Meta Keywords allows Stored XSS.This issue affects G Meta Keywords: from n/a through 1.4. | -- | Oct 17, 2024 |
| CVE-2024-49299 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Surfer allows SQL Injection.This issue affects Surfer: from n/a through 1.5.0.502. | -- | Oct 17, 2024 |
| CVE-2024-49298 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice allows Stored XSS.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.6. | -- | Oct 17, 2024 |
| CVE-2024-49297 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Zoho CRM Zoho CRM Lead Magnet allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through 1.7.9.0. | -- | Oct 17, 2024 |
| CVE-2024-49296 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Coder426 Custom Add to Cart Button Label and Link allows Stored XSS.This issue affects Custom Add to Cart Button Label and Link: from n/a through 1.6.1. | -- | Oct 17, 2024 |
| CVE-2024-49295 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in PressTigers Simple Testimonials Showcase.This issue affects Simple Testimonials Showcase: from n/a through 1.1.6. | -- | Oct 17, 2024 |
| CVE-2024-49292 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.7.1. | -- | Oct 17, 2024 |
| CVE-2024-49291 | Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. | -- | Oct 17, 2024 |
| CVE-2024-49289 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Gora Tech LLC Cooked Pro allows Stored XSS.This issue affects Cooked Pro: from n/a before 1.8.0. | -- | Oct 17, 2024 |
| CVE-2024-49288 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5. | -- | Oct 17, 2024 |
| CVE-2024-49287 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Marco Heine PDF-Rechnungsverwaltung allows PHP Local File Inclusion.This issue affects PDF-Rechnungsverwaltung: from n/a through 0.0.1. | -- | Oct 17, 2024 |
| CVE-2024-49285 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Moridrin SSV MailChimp allows PHP Local File Inclusion.This issue affects SSV MailChimp: from n/a through 3.1.5. | -- | Oct 17, 2024 |
| CVE-2024-49284 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1. | -- | Oct 17, 2024 |
