The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-54413 | Cross-Site Request Forgery (CSRF) vulnerability in Stefan Brandt Display Future Posts allows Stored XSS.This issue affects Display Future Posts: from n/a through 0.2.3. | -- | Dec 16, 2024 |
| CVE-2024-54412 | Cross-Site Request Forgery (CSRF) vulnerability in Ecommerce Templates ECT Product Carousel allows Stored XSS.This issue affects ECT Product Carousel: from n/a through 1.9. | -- | Dec 16, 2024 |
| CVE-2024-54411 | Cross-Site Request Forgery (CSRF) vulnerability in hosting.io, campaigns.io WP Controller allows Stored XSS.This issue affects WP Controller: from n/a through 3.2.0. | -- | Dec 16, 2024 |
| CVE-2024-54410 | Cross-Site Request Forgery (CSRF) vulnerability in Toby Cox SOPA Blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through 1.4. | -- | Dec 16, 2024 |
| CVE-2024-54409 | Cross-Site Request Forgery (CSRF) vulnerability in fzmaster @ XPD XPD Reduce Image Filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through 1.0. | -- | Dec 16, 2024 |
| CVE-2024-54408 | Cross-Site Request Forgery (CSRF) vulnerability in Jake H. Youtube Video Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Video Grid: from n/a through 1.9. | -- | Dec 16, 2024 |
| CVE-2024-54407 | Cross-Site Request Forgery (CSRF) vulnerability in ???? CK and SyntaxHighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through 3.4.2. | -- | Dec 16, 2024 |
| CVE-2024-54406 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Reza Moallemi Comments On Feed allows Reflected XSS.This issue affects Comments On Feed: from n/a through 1.2.1. | -- | Dec 16, 2024 |
| CVE-2024-54405 | Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Social Share allows Stored XSS.This issue affects ECT Social Share: from n/a through 1.3. | -- | Dec 16, 2024 |
| CVE-2024-54404 | Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Comment Toolbar allows Stored XSS.This issue affects MDC Comment Toolbar: from n/a through 1.1. | -- | Dec 16, 2024 |
| CVE-2024-54403 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Ryan Scott Visual Recent Posts allows Reflected XSS.This issue affects Visual Recent Posts: from n/a through 1.2.3. | -- | Dec 16, 2024 |
| CVE-2024-54402 | Missing Authorization vulnerability in Jozoor Arabic Webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through 1.4.6. | -- | Dec 16, 2024 |
| CVE-2024-54401 | Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Advanced Fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through 1.1.1. | -- | Dec 16, 2024 |
| CVE-2024-54400 | Cross-Site Request Forgery (CSRF) vulnerability in MELONIQ.NET AppMaps allows Stored XSS.This issue affects AppMaps: from n/a through 1.1. | -- | Dec 16, 2024 |
| CVE-2024-54399 | Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through 1.0.2. | -- | Dec 16, 2024 |
| CVE-2024-54398 | Cross-Site Request Forgery (CSRF) vulnerability in Project Caruso Flaming Forms allows Stored XSS.This issue affects Flaming Forms: from n/a through 1.0.1. | -- | Dec 16, 2024 |
| CVE-2024-54397 | Cross-Site Request Forgery (CSRF) vulnerability in Antonio Gocaj Go Animate allows Stored XSS.This issue affects Go Animate: from n/a through 1.0. | -- | Dec 16, 2024 |
| CVE-2024-54396 | Cross-Site Request Forgery (CSRF) vulnerability in Ryan Bet sport Free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through 1.0.0. | -- | Dec 16, 2024 |
| CVE-2024-54395 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Becky Sanders Increase Sociability allows Reflected XSS.This issue affects Increase Sociability: from n/a through 1.3.0. | -- | Dec 16, 2024 |
| CVE-2024-54394 | Cross-Site Request Forgery (CSRF) vulnerability in Web solution soft Mandrill WP allows Stored XSS.This issue affects Mandrill WP: from n/a through 1.0.5. | -- | Dec 16, 2024 |
| CVE-2024-54393 | Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through 1.0. | -- | Dec 16, 2024 |
| CVE-2024-54392 | Cross-Site Request Forgery (CSRF) vulnerability in Midoks WP????? allows Stored XSS.This issue affects WP?????: from n/a through 5.3.5. | -- | Dec 16, 2024 |
| CVE-2024-54391 | Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPress Filter allows Stored XSS.This issue affects WordPress Filter: from n/a through 1.4.1. | -- | Dec 16, 2024 |
| CVE-2024-54390 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Bouzid Nazim Zitouni TagGator allows Reflected XSS.This issue affects TagGator: from n/a through 1.54. | -- | Dec 16, 2024 |
| CVE-2024-54389 | Cross-Site Request Forgery (CSRF) vulnerability in Eduardo Chiaro addWeather allows Cross Site Request Forgery.This issue affects addWeather: from n/a through 2.5.1. | -- | Dec 16, 2024 |
| CVE-2024-54388 | Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through 1.0. | -- | Dec 16, 2024 |
| CVE-2024-54387 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Jaytesh Barange Posts Date Ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through 2.2. | -- | Dec 16, 2024 |
| CVE-2024-54386 | Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9. | -- | Dec 16, 2024 |
| CVE-2024-54385 | Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through 2.0.82. | -- | Dec 16, 2024 |
| CVE-2024-54384 | Missing Authorization vulnerability in eLightUp Falcon – WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through 2.8.3. | -- | Dec 16, 2024 |
| CVE-2024-54383 | Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9. | -- | Dec 18, 2024 |
| CVE-2024-54382 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5. | -- | Dec 16, 2024 |
| CVE-2024-54381 | Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1. | -- | Dec 18, 2024 |
| CVE-2024-54380 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Filippo Bodei WP Cookies Enabler allows PHP Local File Inclusion.This issue affects WP Cookies Enabler: from n/a through 1.0.1. | -- | Dec 16, 2024 |
| CVE-2024-54379 | Missing Authorization vulnerability in Blokhaus Minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through 1.0.5. | -- | Dec 16, 2024 |
| CVE-2024-54378 | Missing Authorization vulnerability in Quietly Quietly Insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through 1.2.2. | -- | Dec 16, 2024 |
| CVE-2024-54376 | Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\') vulnerability in Spider-themes EazyDocs.This issue affects EazyDocs: from n/a through 2.5.5. | -- | Dec 16, 2024 |
| CVE-2024-54375 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Sabri Taieb Woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through 1.7.0. | -- | Dec 16, 2024 |
| CVE-2024-54374 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Sabri Taieb Sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through 1.5.6. | -- | Dec 16, 2024 |
| CVE-2024-54373 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Chris Gårdenberg, MultiNet Interactive AB EduAdmin Booking allows PHP Local File Inclusion.This issue affects EduAdmin Booking: from n/a through 5.2.0. | -- | Dec 16, 2024 |
| CVE-2024-54372 | Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4. | -- | Dec 16, 2024 |
| CVE-2024-54370 | Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0. | -- | Dec 16, 2024 |
| CVE-2024-54369 | Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2. | -- | Dec 16, 2024 |
| CVE-2024-54368 | Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0. | -- | Dec 16, 2024 |
| CVE-2024-54367 | Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0. | -- | Dec 16, 2024 |
| CVE-2024-54366 | Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4. | -- | Dec 16, 2024 |
| CVE-2024-54365 | Incorrect Privilege Assignment vulnerability in Halim KH Easy User Settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through 1.0.0. | -- | Dec 16, 2024 |
| CVE-2024-54364 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Spartac Feedpress Generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through 1.2.1. | -- | Dec 16, 2024 |
| CVE-2024-54363 | Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0. | -- | Dec 16, 2024 |
| CVE-2024-54361 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2. | -- | Dec 16, 2024 |
