CVE List - 2024 / December
Showing 901 - 1000 of 3433 CVEs for December 2024 (Page 10 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-30479 | 2024-12-09 | WordPress Stamped.io Product Reviews & UGC for WooCommerce plugin <= 2.3.2 - Broken Access Control vulnerability |
| CVE-2023-30476 | 2024-12-09 | WordPress Blogger Buzz theme <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2023-29433 | 2024-12-09 | WordPress tencentcloud-cos plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2023-29431 | 2024-12-09 | WordPress qTranslate X Cleanup and WPML Import plugin <= 3.0.1 - Broken Access Control vulnerability |
| CVE-2023-29429 | 2024-12-09 | WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability |
| CVE-2023-29422 | 2024-12-09 | WordPress Dynamics 365 Integration plugin <= 1.3.13 - Broken Access Control vulnerability |
| CVE-2023-29239 | 2024-12-09 | WordPress LuckyWP Scripts Control plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2023-29237 | 2024-12-09 | WordPress Remove Duplicate Posts plugin <= 1.3.5 - Broken Access Control vulnerability |
| CVE-2023-29173 | 2024-12-09 | WordPress Product Category Tree plugin <= 2.5 - Broken Access Control vulnerability |
| CVE-2023-28689 | 2024-12-09 | WordPress JS Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2023-28688 | 2024-12-09 | WordPress TH Variation Swatches plugin <= 1.2.7 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2023-28536 | 2024-12-09 | WordPress Branded Social Images plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2023-28532 | 2024-12-09 | WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation |
| CVE-2023-28417 | 2024-12-09 | WordPress Dynamics 365 Integration plugin <= 1.3.12 - Broken Access Control vulnerability |
| CVE-2023-28416 | 2024-12-09 | WordPress Chankhe theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation vulnerability |
| CVE-2023-28168 | 2024-12-09 | WordPress WordPress Console plugin <= 0.3.9 - Broken Access Control vulnerability |
| CVE-2023-28165 | 2024-12-09 | WordPress Backup Bank: WordPress Backup Plugin plugin <= 4.0.28 - Broken Access Control vulnerability |
| CVE-2023-27626 | 2024-12-09 | WordPress Stock Ticker plugin <= 3.23.0 - Broken Access Control vulnerability |
| CVE-2023-27625 | 2024-12-09 | WordPress Site Reviews plugin <= 6.5.0 - Broken Access Control vulnerability |
| CVE-2023-27454 | 2024-12-09 | WordPress Rife Elementor Extensions & Templates plugin <= 1.1.10 - Broken Access Control vulnerability |
| CVE-2023-27449 | 2024-12-09 | WordPress Total Poll Lite plugin <= 4.8.6 - Broken Access Control vulnerability |
| CVE-2023-27428 | 2024-12-09 | WordPress WP users media plugin <= 4.2.3 - Broken Access Control vulnerability |
| CVE-2023-26522 | 2024-12-09 | WordPress WP Repost plugin <= 0.1 - Broken Access Control vulnerability |
| CVE-2023-26520 | 2024-12-09 | WordPress Advanced Text Widget plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2023-25993 | 2024-12-09 | WordPress Top 10 – Popular posts plugin for WordPress plugin <= 3.2.3 - Broken Access Control vulnerability |
| CVE-2023-25966 | 2024-12-09 | WordPress FileBird plugin <= 5.1.4 - Broken Access Control vulnerability |
| CVE-2023-25959 | 2024-12-09 | WordPress Apollo13 Framework Extensions plugin <= 1.8.10 - Broken Access Control |
| CVE-2023-25791 | 2024-12-09 | WordPress Fontiran plugin <= 2.1 - Broken Access Control vulnerability |
| CVE-2023-25714 | 2024-12-09 | WordPress Quick Paypal Payments plugin <= 5.7.25 - Broken Access Control vulnerability |
| CVE-2023-25703 | 2024-12-09 | WordPress Meta slider and carousel with lightbox plugin <= 1.6.2 - Broken Access Control vulnerability |
| CVE-2023-25486 | 2024-12-09 | WordPress Clone plugin <= 2.3.7 - Broken Access Control vulnerability |
| CVE-2023-25469 | 2024-12-09 | WordPress Easy Table of Contents plugin <= 2.0.45.2 - Broken Access Control vulnerability |
| CVE-2023-25455 | 2024-12-09 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.6.0 - Arbitrary Content Deletion vulnerability |
| CVE-2023-25454 | 2024-12-09 | WordPress Protected Posts Logout Button plugin <= 1.4.5 - Broken Access Control vulnerability |
| CVE-2023-25067 | 2024-12-09 | WordPress We’re Open! plugin <= 1.45 - Broken Access Control vulnerability |
| CVE-2023-25060 | 2024-12-09 | WordPress Album and Image Gallery plus Lightbox plugin <= 1.6.2 - Broken Access Control vulnerability |
| CVE-2023-25048 | 2024-12-09 | WordPress Fantastic Content Protector Free plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2023-25037 | 2024-12-09 | WordPress Booking Calendar Contact Form plugin <= 1.2.34 - Broken Access Control vulnerability |
| CVE-2023-25035 | 2024-12-09 | WordPress Quick Contact Form plugin <= 8.0.3.1 - Broken Access Control vulnerability |
| CVE-2023-25026 | 2024-12-09 | WordPress PayPal Brasil para WooCommerce plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2023-24407 | 2024-12-09 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Broken Access Control vulnerability |
| CVE-2023-24375 | 2024-12-09 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 - Broken Access Control vulnerability |
| CVE-2023-23986 | 2024-12-09 | WordPress Reviews and Rating – Google My Business plugin <= 4.14 - Broken Access Control vulnerability |
| CVE-2023-23975 | 2024-12-09 | WordPress Quick Event Manager plugin <= 9.7.4 - Broken Access Control vulnerability |
| CVE-2023-23895 | 2024-12-09 | WordPress WP Time Slots Booking Form plugin <= 1.1.82 - Broken Access Control vulnerability |
| CVE-2023-23893 | 2024-12-09 | WordPress Simple Giveaways plugin <= 2.48.0 - Broken Access Control vulnerability |
| CVE-2023-23887 | 2024-12-09 | WordPress Easy Google Analytics for WordPress plugin <= 1.6.0 - Broken Access Control vulnerability |
| CVE-2023-23886 | 2024-12-09 | WordPress WP-RecentComments plugin <= 2.2.7 - Broken Access Control vulnerability |
| CVE-2023-23868 | 2024-12-09 | WordPress Cost of Goods for WooCommerce plugin <= 2.8.6 - Broken Access Control vulnerability |
| CVE-2023-23834 | 2024-12-09 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Activate_Plugin vulnerability |
| CVE-2023-23825 | 2024-12-09 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Import_WPforms vulnerability |
| CVE-2023-23823 | 2024-12-09 | WordPress Enhanced Text Widget plugin <= 1.5.8 - Broken Access Control vulnerability |
| CVE-2023-23814 | 2024-12-09 | WordPress Calendar Event Multi View plugin <= 1.4.13 - Broken Access Control vulnerability |
| CVE-2023-23726 | 2024-12-09 | WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.1.0 - CSRF Leading To Post Status Change Vulnerability |
| CVE-2023-23725 | 2024-12-09 | WordPress Shortcodes by Angie Makes plugin <= 3.46 - Broken Access Control vulnerability |
| CVE-2023-23716 | 2024-12-09 | WordPress Zendesk Support for WordPress plugin <= 1.8.4 - Broken Access Control vulnerability |
| CVE-2023-23715 | 2024-12-09 | WordPress JobBoardWP – Job Board Listings and Submissions plugin <= 1.2.2 - IDOR Leading To Job Removal Vulnerability |
| CVE-2023-22708 | 2024-12-09 | WordPress Kraken.io Image Optimizer plugin <= 2.6.7 - Broken Access Control vulnerability |
| CVE-2023-22701 | 2024-12-09 | WordPress Ebook Store plugin <= 5.775 - Broken Authentication vulnerability |
| CVE-2024-54223 | 2024-12-09 | WordPress ARForms plugin <= 1.7.1 - HTML Injection vulnerability |
| CVE-2024-54225 | 2024-12-09 | WordPress Designer plugin <= 1.3.3 - Local File Inclusion vulnerability |
| CVE-2024-54255 | 2024-12-09 | WordPress Login Widget With Shortcode plugin <= 6.1.2 - Open Redirection vulnerability |
| CVE-2024-54226 | 2024-12-09 | WordPress Country Blocker plugin <= 3.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-54260 | 2024-12-09 | WordPress News Kit Elementor Addons plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54232 | 2024-12-09 | WordPress RRAddons for Elementor plugin <= 1.1.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54230 | 2024-12-09 | WordPress Unlock Addons for Elementor plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54228 | 2024-12-09 | WordPress Wot Elementor Widgets plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54224 | 2024-12-09 | WordPress ElementsReady Addons for Elementor plugin <= 6.4.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54251 | 2024-12-09 | WordPress Prodigy Commerce plugin <= 3.0.9 - Broken Access Control vulnerability |
| CVE-2024-54227 | 2024-12-09 | WordPress Minimum and Maximum Quantity for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2023-48277 | 2024-12-09 | WordPress Super Progressive Web Apps plugin <= 2.2.21 - Broken Access Control vulnerability |
| CVE-2024-43222 | 2024-12-09 | WordPress Sweet Date - More than a Wordpress Dating Theme theme <= 3.7.3 - Privilege Escalation vulnerability |
| CVE-2024-53790 | 2024-12-09 | WordPress Lenxel Core plugin <= 1.2.5 - Local File Inclusion vulnerability |
| CVE-2024-53822 | 2024-12-09 | WordPress Pie Register Premium plugin < 3.8.3.3 - Arbitrary File Upload vulnerability |
| CVE-2024-54215 | 2024-12-09 | WordPress Revy plugin <= 1.18 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-53819 | 2024-12-09 | WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.0 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-54254 | 2024-12-09 | WordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Broken Access Control vulnerability |
| CVE-2024-54253 | 2024-12-09 | WordPress Xpro Addons For Elementor plugin <= 1.4.6.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54247 | 2024-12-09 | WordPress ABCBiz Addons and Templates for Elementor plugin <= 2.0.2 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54220 | 2024-12-09 | WordPress FAT Services Booking plugin <= 5.6 - Subscriber+ Site-Wide Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54219 | 2024-12-09 | WordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Site-Wide Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53818 | 2024-12-09 | WordPress PostX plugin <= 4.1.15 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53798 | 2024-12-09 | WordPress FloristPress plugin <= 7.3.0 - Nonce Leakage to Broken Access Control vulnerability |
| CVE-2024-53791 | 2024-12-09 | WordPress Lenxel Core plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54217 | 2024-12-09 | WordPress ARForms plugin <= 6.4.1 - Plugin Settings Change vulnerability |
| CVE-2024-53816 | 2024-12-09 | WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerability |
| CVE-2024-53785 | 2024-12-09 | WordPress Chatter plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2024-52480 | 2024-12-09 | WordPress Jobify plugin <= 4.2.3 - Broken Access Control vulnerability |
| CVE-2024-52391 | 2024-12-09 | WordPress Pie Register Premium plugin < 3.8.3.3 - Broken Access Control vulnerability |
| CVE-2024-52385 | 2024-12-09 | WordPress Team Member – Multi Language Supported Team plugin <= 7.3 - Limited Local File Inclusion vulnerability |
| CVE-2024-54218 | 2024-12-09 | WordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Plugin Settings Change vulnerability |
| CVE-2024-53814 | 2024-12-09 | WordPress Analytify plugin <= 5.4.3 - Broken Access Control vulnerability |
| CVE-2023-41953 | 2024-12-09 | WordPress ProfilePress plugin <= 4.13.1 - Broken Access Control vulnerability |
| CVE-2024-8259 | 2024-12-09 | Unauthenticated SQLi in Eryaz IT's NatraCar B2B Dealer Management Program |
| CVE-2024-53947 | 2024-12-09 | Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions |
| CVE-2024-53948 | 2024-12-09 | Apache Superset: Error verbosity exposes metadata in analytics databases |
| CVE-2024-53949 | 2024-12-09 | Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled |
| CVE-2024-49602 | 2024-12-09 | Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper... |
| CVE-2024-49603 | 2024-12-09 | Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect... |
| CVE-2024-11991 | 2024-12-09 | Uninitialized memory access in Motoko incremental garbage collector |