Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 250243 entries
IDDescriptionPriorityModified date
CVE-2024-54413 Cross-Site Request Forgery (CSRF) vulnerability in Stefan Brandt Display Future Posts allows Stored XSS.This issue affects Display Future Posts: from n/a through 0.2.3. -- Dec 16, 2024
CVE-2024-54412 Cross-Site Request Forgery (CSRF) vulnerability in Ecommerce Templates ECT Product Carousel allows Stored XSS.This issue affects ECT Product Carousel: from n/a through 1.9. -- Dec 16, 2024
CVE-2024-54411 Cross-Site Request Forgery (CSRF) vulnerability in hosting.io, campaigns.io WP Controller allows Stored XSS.This issue affects WP Controller: from n/a through 3.2.0. -- Dec 16, 2024
CVE-2024-54410 Cross-Site Request Forgery (CSRF) vulnerability in Toby Cox SOPA Blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through 1.4. -- Dec 16, 2024
CVE-2024-54409 Cross-Site Request Forgery (CSRF) vulnerability in fzmaster @ XPD XPD Reduce Image Filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through 1.0. -- Dec 16, 2024
CVE-2024-54408 Cross-Site Request Forgery (CSRF) vulnerability in Jake H. Youtube Video Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Video Grid: from n/a through 1.9. -- Dec 16, 2024
CVE-2024-54407 Cross-Site Request Forgery (CSRF) vulnerability in ???? CK and SyntaxHighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through 3.4.2. -- Dec 16, 2024
CVE-2024-54406 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Reza Moallemi Comments On Feed allows Reflected XSS.This issue affects Comments On Feed: from n/a through 1.2.1. -- Dec 16, 2024
CVE-2024-54405 Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Social Share allows Stored XSS.This issue affects ECT Social Share: from n/a through 1.3. -- Dec 16, 2024
CVE-2024-54404 Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Comment Toolbar allows Stored XSS.This issue affects MDC Comment Toolbar: from n/a through 1.1. -- Dec 16, 2024
CVE-2024-54403 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Ryan Scott Visual Recent Posts allows Reflected XSS.This issue affects Visual Recent Posts: from n/a through 1.2.3. -- Dec 16, 2024
CVE-2024-54402 Missing Authorization vulnerability in Jozoor Arabic Webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through 1.4.6. -- Dec 16, 2024
CVE-2024-54401 Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Advanced Fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through 1.1.1. -- Dec 16, 2024
CVE-2024-54400 Cross-Site Request Forgery (CSRF) vulnerability in MELONIQ.NET AppMaps allows Stored XSS.This issue affects AppMaps: from n/a through 1.1. -- Dec 16, 2024
CVE-2024-54399 Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through 1.0.2. -- Dec 16, 2024
CVE-2024-54398 Cross-Site Request Forgery (CSRF) vulnerability in Project Caruso Flaming Forms allows Stored XSS.This issue affects Flaming Forms: from n/a through 1.0.1. -- Dec 16, 2024
CVE-2024-54397 Cross-Site Request Forgery (CSRF) vulnerability in Antonio Gocaj Go Animate allows Stored XSS.This issue affects Go Animate: from n/a through 1.0. -- Dec 16, 2024
CVE-2024-54396 Cross-Site Request Forgery (CSRF) vulnerability in Ryan Bet sport Free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through 1.0.0. -- Dec 16, 2024
CVE-2024-54395 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Becky Sanders Increase Sociability allows Reflected XSS.This issue affects Increase Sociability: from n/a through 1.3.0. -- Dec 16, 2024
CVE-2024-54394 Cross-Site Request Forgery (CSRF) vulnerability in Web solution soft Mandrill WP allows Stored XSS.This issue affects Mandrill WP: from n/a through 1.0.5. -- Dec 16, 2024
CVE-2024-54393 Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through 1.0. -- Dec 16, 2024
CVE-2024-54392 Cross-Site Request Forgery (CSRF) vulnerability in Midoks WP????? allows Stored XSS.This issue affects WP?????: from n/a through 5.3.5. -- Dec 16, 2024
CVE-2024-54391 Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPress Filter allows Stored XSS.This issue affects WordPress Filter: from n/a through 1.4.1. -- Dec 16, 2024
CVE-2024-54390 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Bouzid Nazim Zitouni TagGator allows Reflected XSS.This issue affects TagGator: from n/a through 1.54. -- Dec 16, 2024
CVE-2024-54389 Cross-Site Request Forgery (CSRF) vulnerability in Eduardo Chiaro addWeather allows Cross Site Request Forgery.This issue affects addWeather: from n/a through 2.5.1. -- Dec 16, 2024
CVE-2024-54388 Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through 1.0. -- Dec 16, 2024
CVE-2024-54387 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jaytesh Barange Posts Date Ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through 2.2. -- Dec 16, 2024
CVE-2024-54386 Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9. -- Dec 16, 2024
CVE-2024-54385 Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through 2.0.82. -- Dec 16, 2024
CVE-2024-54384 Missing Authorization vulnerability in eLightUp Falcon – WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through 2.8.3. -- Dec 16, 2024
CVE-2024-54383 Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9. -- Dec 18, 2024
CVE-2024-54382 Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5. -- Dec 16, 2024
CVE-2024-54381 Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1. -- Dec 18, 2024
CVE-2024-54380 Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Filippo Bodei WP Cookies Enabler allows PHP Local File Inclusion.This issue affects WP Cookies Enabler: from n/a through 1.0.1. -- Dec 16, 2024
CVE-2024-54379 Missing Authorization vulnerability in Blokhaus Minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through 1.0.5. -- Dec 16, 2024
CVE-2024-54378 Missing Authorization vulnerability in Quietly Quietly Insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through 1.2.2. -- Dec 16, 2024
CVE-2024-54376 Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in Spider-themes EazyDocs.This issue affects EazyDocs: from n/a through 2.5.5. -- Dec 16, 2024
CVE-2024-54375 Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Sabri Taieb Woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through 1.7.0. -- Dec 16, 2024
CVE-2024-54374 Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Sabri Taieb Sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through 1.5.6. -- Dec 16, 2024
CVE-2024-54373 Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Chris Gårdenberg, MultiNet Interactive AB EduAdmin Booking allows PHP Local File Inclusion.This issue affects EduAdmin Booking: from n/a through 5.2.0. -- Dec 16, 2024
CVE-2024-54372 Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4. -- Dec 16, 2024
CVE-2024-54370 Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0. -- Dec 16, 2024
CVE-2024-54369 Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2. -- Dec 16, 2024
CVE-2024-54368 Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0. -- Dec 16, 2024
CVE-2024-54367 Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0. -- Dec 16, 2024
CVE-2024-54366 Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4. -- Dec 16, 2024
CVE-2024-54365 Incorrect Privilege Assignment vulnerability in Halim KH Easy User Settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through 1.0.0. -- Dec 16, 2024
CVE-2024-54364 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Spartac Feedpress Generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through 1.2.1. -- Dec 16, 2024
CVE-2024-54363 Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0. -- Dec 16, 2024
CVE-2024-54361 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2. -- Dec 16, 2024
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online