The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-32815 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jeroen Peters All-in-one Like Widget allows Stored XSS.This issue affects All-in-one Like Widget: from n/a through 2.2.7. | -- | Apr 24, 2024 |
| CVE-2024-32812 | Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11. | -- | Apr 24, 2024 |
| CVE-2024-32808 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | -- | Apr 24, 2024 |
| CVE-2024-32806 | Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule Headline Analyzer.This issue affects Headline Analyzer: from n/a through 1.3.3. | -- | Apr 24, 2024 |
| CVE-2024-32803 | Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon SuperFaktura WooCommerce.This issue affects SuperFaktura WooCommerce: from n/a through 1.40.3. | -- | Apr 24, 2024 |
| CVE-2024-32801 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ShapedPlugin Widget Post Slider allows Stored XSS.This issue affects Widget Post Slider: from n/a through 1.3.5. | -- | Apr 24, 2024 |
| CVE-2024-32796 | Insertion of Sensitive Information into Log File vulnerability in Very Good Plugins WP Fusion Lite.This issue affects WP Fusion Lite: from n/a through 3.42.10. | -- | Apr 24, 2024 |
| CVE-2024-32795 | Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8. | -- | Apr 24, 2024 |
| CVE-2024-32794 | Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. | -- | Apr 24, 2024 |
| CVE-2024-32793 | Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. | -- | Apr 24, 2024 |
| CVE-2024-32791 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.25. | -- | Apr 24, 2024 |
| CVE-2024-32789 | Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through 8.1.0. | -- | Apr 24, 2024 |
| CVE-2024-32788 | Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Joomla to WordPress.This issue affects FG Joomla to WordPress: from n/a through 4.20.2. | -- | Apr 24, 2024 |
| CVE-2024-32785 | Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack Elementor addons allows Cross-Site Scripting (XSS).This issue affects The Pack Elementor addons: from n/a through 2.0.8.3. | -- | Apr 24, 2024 |
| CVE-2024-32782 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HasThemes HT Mega.This issue affects HT Mega: from n/a through 2.4.7. | -- | Apr 24, 2024 |
| CVE-2024-32781 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0. | -- | Apr 24, 2024 |
| CVE-2024-32780 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in E4J s.R.L. VikRentCar.This issue affects VikRentCar: from n/a through 1.3.2. | -- | Apr 24, 2024 |
| CVE-2024-32775 | Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9. | -- | Apr 24, 2024 |
| CVE-2024-32773 | Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elementor Kit.This issue affects Royal Elementor Kit: from n/a through 1.0.116. | -- | Apr 24, 2024 |
| CVE-2024-32772 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | -- | Apr 24, 2024 |
| CVE-2024-32746 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module. | -- | Apr 18, 2024 |
| CVE-2024-32745 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module. | -- | Apr 18, 2024 |
| CVE-2024-32744 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module. | -- | Apr 18, 2024 |
| CVE-2024-32743 | A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module. | -- | Apr 18, 2024 |
| CVE-2024-32728 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0. | -- | Apr 24, 2024 |
| CVE-2024-32726 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashboard.This issue affects Frontend Dashboard: from n/a through 2.2.2. | -- | Apr 24, 2024 |
| CVE-2024-32723 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Code Tides Advanced Floating Content allows Stored XSS.This issue affects Advanced Floating Content: from n/a through 1.2.5. | -- | Apr 24, 2024 |
| CVE-2024-32722 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5. | -- | Apr 24, 2024 |
| CVE-2024-32721 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.3. | -- | Apr 24, 2024 |
| CVE-2024-32718 | Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2. | -- | Apr 24, 2024 |
| CVE-2024-32716 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StreamWeasels StreamWeasels Twitch Integration.This issue affects StreamWeasels Twitch Integration: from n/a through 1.7.8. | -- | Apr 24, 2024 |
| CVE-2024-32711 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.6.3. | -- | Apr 24, 2024 |
| CVE-2024-32710 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | -- | Apr 24, 2024 |
| CVE-2024-32709 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | -- | Apr 24, 2024 |
| CVE-2024-32707 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in GhozyLab Image Slider Widget allows Stored XSS.This issue affects Image Slider Widget: from n/a through 1.1.125. | -- | Apr 24, 2024 |
| CVE-2024-32706 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4. | -- | Apr 24, 2024 |
| CVE-2024-32702 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Repute info systems ARForms allows Reflected XSS.This issue affects ARForms: from n/a through 6.4. | -- | Apr 24, 2024 |
| CVE-2024-32699 | Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommerce Compare.This issue affects YITH WooCommerce Compare: from n/a through 2.37.0. | -- | Apr 24, 2024 |
| CVE-2024-32698 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.4. | -- | Apr 22, 2024 |
| CVE-2024-32697 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in HelloAsso allows Stored XSS.This issue affects HelloAsso: from n/a through 1.1.5. | -- | Apr 22, 2024 |
| CVE-2024-32696 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6. | -- | Apr 22, 2024 |
| CVE-2024-32695 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.This issue affects Language Switcher for Transposh: from n/a through 1.5.9. | -- | Apr 22, 2024 |
| CVE-2024-32694 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Reflected XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin: from n/a through 3.62. | -- | Apr 22, 2024 |
| CVE-2024-32693 | Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0. | -- | Apr 22, 2024 |
| CVE-2024-32691 | Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.2. | -- | Apr 22, 2024 |
| CVE-2024-32690 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Fahad Mahmood RSS Feed Widget allows Stored XSS.This issue affects RSS Feed Widget: from n/a through 2.9.7. | -- | Apr 22, 2024 |
| CVE-2024-32689 | Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3. | -- | Apr 18, 2024 |
| CVE-2024-32688 | Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0. | -- | Apr 22, 2024 |
| CVE-2024-32687 | Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.0.3. | -- | Apr 22, 2024 |
| CVE-2024-32686 | Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through 1.4.3. | -- | Apr 18, 2024 |
