CVE List - 2024 / December
Showing 2101 - 2200 of 3433 CVEs for December 2024 (Page 22 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-54398 | 2024-12-16 | WordPress Flaming Forms plugin <= 1.0.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54397 | 2024-12-16 | WordPress Go Animate plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54394 | 2024-12-16 | WordPress Mandrill WP plugin <= 1.0.5 - CSRF to Stored XSS vulnerability |
| CVE-2024-54393 | 2024-12-16 | WordPress WP Fiddle plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54392 | 2024-12-16 | WordPress WP微信机器人 plugin <= 5.3.5 - CSRF to Stored XSS vulnerability |
| CVE-2024-54391 | 2024-12-16 | WordPress WordPress Filter plugin <= 1.4.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54389 | 2024-12-16 | WordPress addWeather plugin <= 2.5.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-54388 | 2024-12-16 | WordPress Multiple Admin Emails plugin <= 1.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-54386 | 2024-12-16 | WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability |
| CVE-2024-54353 | 2024-12-16 | WordPress Hack-Info plugin <= 3.17 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54332 | 2024-12-16 | WordPress WP Currency Exchange Rates plugin <= 1.2.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-56005 | 2024-12-16 | WordPress Posti Shipping Plugin <= 3.10.3 - CSRF to Settings Change vulnerability |
| CVE-2024-54419 | 2024-12-16 | WordPress Ui Slider Filter By Price plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54418 | 2024-12-16 | WordPress DTC Documents plugin <= 1.1.05 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54396 | 2024-12-16 | WordPress Bet sport Free plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54372 | 2024-12-16 | WordPress Insertify plugin <= 1.1.4 - CSRF to Remote Code Execution vulnerability |
| CVE-2024-54356 | 2024-12-16 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54355 | 2024-12-16 | WordPress WP Mailster plugin <= 1.8.17.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54352 | 2024-12-16 | WordPress Sogrid plugin <= 1.5.2 - CSRF to Privilege Escalation vulnerability |
| CVE-2024-54331 | 2024-12-16 | WordPress I Plant A Tree plugin <= 1.7.3 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2024-56011 | 2024-12-16 | WordPress Responsive Google Maps | by imbaa plugin <= 1.2.5 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54443 | 2024-12-16 | WordPress Advanced Data Table For Elementor plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54442 | 2024-12-16 | WordPress Better WP Login Page plugin <= 1.1.2 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54441 | 2024-12-16 | WordPress Utech World Time Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54360 | 2024-12-16 | WordPress Gutensee plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-56009 | 2024-12-16 | WordPress Spreadr Woocommerce plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2024-56007 | 2024-12-16 | WordPress Leader plugin <= 2.6.1 - Broken Access Control vulnerability |
| CVE-2024-56001 | 2024-12-16 | WordPress Ksher plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2024-55994 | 2024-12-16 | WordPress 畅言评论系统 plugin <= 2.0.5 - Broken Access Control vulnerability |
| CVE-2024-55993 | 2024-12-16 | WordPress Job Board Manager plugin <= 2.1.60 - Broken Access Control vulnerability |
| CVE-2024-55992 | 2024-12-16 | WordPress WooCommerce Basic Ordernumbers plugin <= 1.4.4 - Broken Access Control vulnerability |
| CVE-2024-54417 | 2024-12-16 | WordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2024-54384 | 2024-12-16 | WordPress Falcon – WordPress Optimizations & Tweaks plugin <= 2.8.3 - Broken Access Control vulnerability |
| CVE-2024-56013 | 2024-12-16 | WordPress Wovax IDX plugin <= 1.2.2 - Account Takeover vulnerability |
| CVE-2024-55996 | 2024-12-16 | WordPress Payment gateway per Product for WooCommerce plugin <= 3.5.6 - Broken Access Control vulnerability |
| CVE-2024-55988 | 2024-12-16 | WordPress Navayan CSV Export Plugin <= 1.0.9 - SQL Injection vulnerability |
| CVE-2024-55987 | 2024-12-16 | WordPress Advanced What should we write next about plugin <= 1.0.3 - SQL Injection vulnerability |
| CVE-2024-55986 | 2024-12-16 | WordPress Service plugin <= 1.0.4 - SQL Injection vulnerability |
| CVE-2024-55982 | 2024-12-16 | WordPress Share Buttons – Social Media plugin <= 1.0.2 - SQL Injection vulnerability |
| CVE-2024-55981 | 2024-12-16 | WordPress Nabz Image Gallery plugin <= v1.00 - SQL Injection vulnerability |
| CVE-2024-55980 | 2024-12-16 | WordPress Wr Age Verification plugin <= 2.0.0 - SQL Injection vulnerability |
| CVE-2024-55979 | 2024-12-16 | WordPress Wr Age Verification plugin <= 2.0.0 - SQL Injection vulnerability |
| CVE-2024-55978 | 2024-12-16 | WordPress Code Generator Pro plugin <= 1.2 - SQL Injection vulnerability |
| CVE-2024-55977 | 2024-12-16 | WordPress LaunchPage.app Importer plugin <= 1.1 - SQL Injection vulnerability |
| CVE-2024-55976 | 2024-12-16 | WordPress Critical Site Intel plugin <= 1.0 - SQL Injection vulnerability |
| CVE-2024-55974 | 2024-12-16 | WordPress Mimoos plugin <= 1.2 - SQL Injection vulnerability |
| CVE-2024-55973 | 2024-12-16 | WordPress TSB Occasion Editor plugin <= 1.2.1 - SQL Injection vulnerability |
| CVE-2024-55972 | 2024-12-16 | WordPress eTemplates plugin <= 0.2.1 - SQL Injection vulnerability |
| CVE-2024-54422 | 2024-12-16 | WordPress Evernote Sync plugin <= 3.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54406 | 2024-12-16 | WordPress Comments On Feed plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54403 | 2024-12-16 | WordPress Visual Recent Posts plugin <= 1.2.3 - Reflected Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54395 | 2024-12-16 | WordPress Increase Sociability plugin <= 1.3.0 - Reflected Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-54390 | 2024-12-16 | WordPress TagGator plugin <= 1.54 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54387 | 2024-12-16 | WordPress Posts Date Ranges plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54385 | 2024-12-16 | WordPress Radio Player plugin <= 2.0.82 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-54382 | 2024-12-16 | WordPress Bold Page Builder plugin <= 5.1.5 - Path Traversal vulnerability |
| CVE-2024-54380 | 2024-12-16 | WordPress WP Cookies Enabler plugin <= 1.0.1 - Local File Inclusion vulnerability |
| CVE-2024-54379 | 2024-12-16 | WordPress Minterpress plugin <= 1.0.5 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-54378 | 2024-12-16 | WordPress Quietly Insights plugin <= 1.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-54375 | 2024-12-16 | WordPress Woolook plugin <= 1.7.0 - Local File Inclusion vulnerability |
| CVE-2024-54374 | 2024-12-16 | WordPress Sogrid plugin <= 1.5.6 - Local File Inclusion vulnerability |
| CVE-2024-54370 | 2024-12-16 | WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.0 - Arbitrary File Upload vulnerability |
| CVE-2024-54369 | 2024-12-16 | WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability |
| CVE-2024-54368 | 2024-12-16 | WordPress GitSync plugin <= 1.1.0 - CSRF to Remote Code Execution vulnerability |
| CVE-2024-54367 | 2024-12-16 | WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability |
| CVE-2024-54365 | 2024-12-16 | WordPress KH Easy User Settings plugin <= 1.0.0 - Privilege Escalation vulnerability |
| CVE-2024-54364 | 2024-12-16 | WordPress Feedpress Generator plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54363 | 2024-12-16 | WordPress Wp NssUser Register plugin <= 1.0.0 - Privilege Escalation vulnerability |
| CVE-2024-54361 | 2024-12-16 | WordPress Instant Appointment plugin <= 1.2 - SQL Injection vulnerability |
| CVE-2024-54359 | 2024-12-16 | WordPress Banner System plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2024-54358 | 2024-12-16 | WordPress 3D Avatar User Profile plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54354 | 2024-12-16 | WordPress Termin-Kalender plugin <= 0.99.47 - Broken Access Control vulnerability |
| CVE-2024-56015 | 2024-12-16 | WordPress Tidy Up Plugin <= 1.3 - CSRF to Reflected Cross-Site Scripting vulnerability |
| CVE-2024-10972 | 2024-12-16 | WinPmem Improper Input Validation vulnerability |
| CVE-2024-12668 | 2024-12-16 | Velocidex WinPmem Out of Bounds Write Vulnerability |
| CVE-2024-37251 | 2024-12-16 | WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49775 | 2024-12-16 | A vulnerability has been identified in Opcenter Execution Foundation (All... |
| CVE-2024-12089 | 2024-12-16 | Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2024-12090 | 2024-12-16 | Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x |
| CVE-2024-12091 | 2024-12-16 | Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2024-12092 | 2024-12-16 | Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x |
| CVE-2024-54229 | 2024-12-16 | WordPress SV100 Companion plugin <= 2.0.02 - Privilege Escalation vulnerability |
| CVE-2024-12653 | 2024-12-16 | FabulaTech USB over Network IOCT ftusbbus2.sys 0x22040C null pointer dereference |
| CVE-2024-43234 | 2024-12-16 | WordPress Woffice theme <= 5.4.14 - Unauthenticated Account Takeover vulnerability |
| CVE-2024-54249 | 2024-12-16 | WordPress Advanced Options Editor plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54257 | 2024-12-16 | WordPress tydskrif theme <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54279 | 2024-12-16 | WordPress WP-NERD Toolkit plugin <= 1.1 - Sensitive Data Exposure vulnerability |
| CVE-2024-54280 | 2024-12-16 | WordPress WPBookit plugin <= 1.6.0 - SQL Injection vulnerability |
| CVE-2024-54283 | 2024-12-16 | WordPress SeedProd Pro plugin <= 6.18.10 - SQL Injection vulnerability |
| CVE-2024-54284 | 2024-12-16 | WordPress SeedProd Pro plugin <= 6.18.10 - SQL Injection vulnerability |
| CVE-2024-54285 | 2024-12-16 | WordPress SeedProd Pro plugin <= 6.18.10 - Remote Code Execution (RCE) vulnerability |
| CVE-2024-54348 | 2024-12-16 | WordPress Brandy theme <= 1.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-55999 | 2024-12-16 | WordPress XML Multilanguage Sitemap Generator plugin <= 2.0.6 - Broken Access Control vulnerability |
| CVE-2024-56003 | 2024-12-16 | WordPress Caldera SMTP Mailer plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2024-54376 | 2024-12-16 | WordPress EazyDocs plugin <= 2.5.5 - Local File Inclusion vulnerability |
| CVE-2024-54357 | 2024-12-16 | WordPress Avada theme <= 7.11.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-12654 | 2024-12-16 | FabulaTech USB over Network IOCT ftusbbus2.sys 0x220408 null pointer dereference |
| CVE-2024-11358 | 2024-12-16 | Insecure Android File Provider Paths |
| CVE-2024-12655 | 2024-12-16 | FabulaTech USB over Network IOCT ftusbbus2.sys 0x220420 null pointer dereference |
| CVE-2024-10095 | 2024-12-16 | Progress UI for WPF format provider unsafe deserialization vulnerability |