CVE List - 2024 / December
Showing 1501 - 1600 of 3433 CVEs for December 2024 (Page 16 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-54502 | 2024-12-11 | The issue was addressed with improved checks. This issue is... |
| CVE-2024-54514 | 2024-12-11 | The issue was addressed with improved checks. This issue is... |
| CVE-2024-44241 | 2024-12-11 | The issue was addressed with improved bounds checks. This issue... |
| CVE-2024-54492 | 2024-12-11 | This issue was addressed by using HTTPS when sending information... |
| CVE-2024-44200 | 2024-12-11 | This issue was addressed with improved redaction of sensitive information.... |
| CVE-2024-54484 | 2024-12-11 | The issue was resolved by sanitizing logging. This issue is... |
| CVE-2024-54485 | 2024-12-11 | The issue was addressed by adding additional logic. This issue... |
| CVE-2024-44201 | 2024-12-11 | The issue was addressed with improved memory handling. This issue... |
| CVE-2024-54493 | 2024-12-11 | This issue was addressed through improved state management. This issue... |
| CVE-2024-54515 | 2024-12-11 | A logic issue was addressed with improved restrictions. This issue... |
| CVE-2024-54503 | 2024-12-11 | An inconsistent user interface issue was addressed with improved state... |
| CVE-2024-54489 | 2024-12-11 | A path handling issue was addressed with improved validation. This... |
| CVE-2024-54466 | 2024-12-11 | An authorization issue was addressed with improved state management. This... |
| CVE-2024-44299 | 2024-12-11 | The issue was addressed with improved bounds checks. This issue... |
| CVE-2024-12492 | 2024-12-11 | code-projects Farmacia visualizar-usuario.php sql injection |
| CVE-2024-12497 | 2024-12-11 | 1000 Projects Attendance Tracking Management System check_admin_login.php sql injection |
| CVE-2024-31670 | 2024-12-12 | rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins,... |
| CVE-2024-54810 | 2024-12-12 | A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul... |
| CVE-2024-54811 | 2024-12-12 | A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing... |
| CVE-2024-54842 | 2024-12-12 | A SQL injection vulnerability was found in phpgurukul Online Nurse... |
| CVE-2024-55099 | 2024-12-12 | A SQL Injection vulnerability was found in /admin/index.php in phpgurukul... |
| CVE-2024-12503 | 2024-12-12 | ClassCMS Model Management Page admin cross site scripting |
| CVE-2024-12536 | 2024-12-12 | SourceCodester Kortex Lite Advocate Office Management System client_data.php cross site scripting |
| CVE-2024-41146 | 2024-12-12 | Use of Multiple Resources with Duplicate Identifier (CWE-694) in the... |
| CVE-2024-42407 | 2024-12-12 | Insertion of Sensitive Information into Log File (CWE-532) in the... |
| CVE-2024-11442 | 2024-12-12 | Horizontal scroll image slideshow <= 10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12341 | 2024-12-12 | Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation |
| CVE-2024-11430 | 2024-12-12 | SQL Chart Builder <= 2.3.6 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-11413 | 2024-12-12 | HostFact bestelformulier integratie <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11689 | 2024-12-12 | HQ Rental Software <= 1.5.29 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-11279 | 2024-12-12 | Schema App Structured Data <= 2.2.4 - Reflected Cross-Site Scripting |
| CVE-2024-11427 | 2024-12-12 | Catch Popup <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11914 | 2024-12-12 | Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11433 | 2024-12-12 | Surbma | SalesAutopilot Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12461 | 2024-12-12 | WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11419 | 2024-12-12 | Password for WP <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11443 | 2024-12-12 | de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-11015 | 2024-12-12 | Sign In With Google <= 1.8.0 - Authentication Bypass in authenticate_user |
| CVE-2024-11417 | 2024-12-12 | dejure.org Vernetzungsfunktion <= 1.97.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11901 | 2024-12-12 | PowerBI Embed Reports <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10111 | 2024-12-12 | OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass |
| CVE-2024-12338 | 2024-12-12 | Website Toolbox Community <= 2.0.1 - Reflected Cross-Site Scripting via websitetoolbox_username |
| CVE-2024-12260 | 2024-12-12 | Ultimate Endpoints With Rest Api <= 2.2.2 - Reflected Cross-Site Scripting |
| CVE-2024-12258 | 2024-12-12 | WP Service Payment Form With Authorize.net <= 2.6.3 - Reflected Cross-Site Scripting |
| CVE-2024-11683 | 2024-12-12 | Newsletter Subscriptions <= 2.1 - Reflected Cross-Site Scripting |
| CVE-2024-11723 | 2024-12-12 | kvCORE IDX <= 2.3.35 - Reflected Cross-Site Scripting |
| CVE-2024-12406 | 2024-12-12 | Library Management System <= 3.0.0 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-11891 | 2024-12-12 | Perfect Font Awesome Integration <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11750 | 2024-12-12 | ONLYOFFICE DocSpace <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10910 | 2024-12-12 | Grid Plus – Unlimited grid layout <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via grid_plus_load_by_category |
| CVE-2024-11875 | 2024-12-12 | Add infos to the events calendar <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10590 | 2024-12-12 | Opt-In Downloads <= 4.07 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-11410 | 2024-12-12 | Top and footer bars for announcements, notifications, advertisements, promotions – YooBar <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11384 | 2024-12-12 | Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12463 | 2024-12-12 | Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode |
| CVE-2024-10182 | 2024-12-12 | Cognito Forms <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-11804 | 2024-12-12 | Planaday API <= 11.4 - Reflected Cross-Site Scripting |
| CVE-2024-11459 | 2024-12-12 | Country Blocker <= 3.2 - Reflected Cross-Site Scripting |
| CVE-2024-12162 | 2024-12-12 | Video & Photo Gallery for Ultimate Member <= 1.1.1 - Reflected Cross-Site Scripting |
| CVE-2024-12156 | 2024-12-12 | AI Content Writer, RSS Feed to Post, Autoblogging SEO Help <= 6.1.3 - Reflected Cross-Site Scripting |
| CVE-2024-12441 | 2024-12-12 | BP Email Assign Templates <= 1.5 - Reflected Cross-Site Scripting |
| CVE-2024-11709 | 2024-12-12 | AI Post Generator | AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/Page Deletion |
| CVE-2024-12526 | 2024-12-12 | Arena.IM – Live Blogging for real-time events <= 0.3.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-11882 | 2024-12-12 | FAQ And Answers – Create Frequently Asked Questions Area on WP Sites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11781 | 2024-12-12 | Smart Agenda – Prise de rendez-vous en ligne <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12040 | 2024-12-12 | Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme' |
| CVE-2024-11359 | 2024-12-12 | Library Bookshelves <= 5.8 - Reflected Cross-Site Scripting |
| CVE-2024-12018 | 2024-12-12 | Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion |
| CVE-2024-12072 | 2024-12-12 | Analytics Cat – Google Analytics Made Easy <= 1.1.2 - Reflected Cross-Site Scripting |
| CVE-2024-11765 | 2024-12-12 | WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12172 | 2024-12-12 | WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update |
| CVE-2024-10124 | 2024-12-12 | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation |
| CVE-2024-12255 | 2024-12-12 | Accept Stripe Payments Using Contact Form 7 <= 2.5 - Unauthenticated Information Exposure |
| CVE-2024-11757 | 2024-12-12 | WP GeoNames <= 1.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11871 | 2024-12-12 | Social Media Shortcodes <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11785 | 2024-12-12 | Integrate Firebase <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11766 | 2024-12-12 | WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11052 | 2024-12-12 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.19 - Unauthenticated Stored Cross-Site Scripting via Form Calculations |
| CVE-2024-12265 | 2024-12-12 | Web3 Cryptocurrency Payments by DePay for WooCommerce <= 2.12.17 - Missing Authorization to Information Exposure |
| CVE-2024-12059 | 2024-12-12 | ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options Read |
| CVE-2024-12263 | 2024-12-12 | Child Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete |
| CVE-2024-10010 | 2024-12-12 | LearnPress < 4.2.7.2 - Admin+ Stored XSS |
| CVE-2024-10499 | 2024-12-12 | AI-Engine < 2.6.5 - Admin+ SQLi |
| CVE-2024-10517 | 2024-12-12 | ProfilePress < 4.15.15 - Admin+ Stored XSS |
| CVE-2024-10518 | 2024-12-12 | ProfilePress < 4.15.15 - Admin+ Stored XSS |
| CVE-2024-10568 | 2024-12-12 | Ajax Search Lite < 4.12.4 - Admin+ Stored XSS |
| CVE-2024-10637 | 2024-12-12 | Kadence Blocks < 3.2.54 - Admin+ Stored XSS |
| CVE-2024-9428 | 2024-12-12 | Popup Builder < 4.3.5 - Admin+ Stored XSS |
| CVE-2024-9641 | 2024-12-12 | LuckyWP Table of Contents < 2.1.7 - Admin+ Stored XSS |
| CVE-2024-9881 | 2024-12-12 | LearnPress < 4.2.7.2 - Admin+ Stored XSS |
| CVE-2024-10784 | 2024-12-12 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.126 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11181 | 2024-12-12 | Greenshift – animation and page builder blocks <= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-11727 | 2024-12-12 | NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2024-10583 | 2024-12-12 | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder <= 1.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12312 | 2024-12-12 | Print Science Designer <= 1.3.152 - Unauthenticated PHP Object Injection |
| CVE-2024-12201 | 2024-12-12 | Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation |
| CVE-2024-11724 | 2024-12-12 | Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Whitelist Script |
| CVE-2024-12329 | 2024-12-12 | Essential Real Estate <= 5.1.6 - Missing Authorization to Authenticated (Contributor+) Information Exposure |
| CVE-2024-12564 | 2024-12-12 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ODA CDE inWEB SDK before 2025.3 |
| CVE-2024-21574 | 2024-12-12 | The issue stems from a missing validation of the pip... |