VULNMAP - Security Vulnerabilities

CVE List - 2024 / December

Showing 1701 - 1800 of 3433 CVEs for December 2024 (Page 18 of 35)

CVE ID Date Title
CVE-2024-12465 2024-12-13 Property Hive Stamp Duty Calculator <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11012 2024-12-13 Notibar – Notification Bar for WordPress <= 2.1.4 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via njt_nofi_text
CVE-2024-9290 2024-12-13 Super Backup & Clone - Migrate for WordPress <= 2.3.3 - Unauthenticated Arbitrary File Upload
CVE-2024-10783 2024-12-13 MainWP Child <= 5.2 - Missing Authorization to Unauthenticated Privilege Escalation
CVE-2024-52057 2024-12-13 Potential arbitrary SQL query execution in Queuing Service while parsing malicious remote commands or configuration files
CVE-2024-52058 2024-12-13 Potential arbitrary command execution in System Designer while parsing malicious HTTP/REST requests
CVE-2024-52059 2024-12-13 Potential heap buffer overflow in Security Plugins while creating a DomainParticipant that uses a malformed Identity Certificate
CVE-2024-52060 2024-12-13 Potential stack overflow when using XML configuration file referencing environment variables
CVE-2024-52061 2024-12-13 Potential stack buffer overflow when parsing an XML type
CVE-2024-52062 2024-12-13 Potential stack buffer write overflow in Connext applications while parsing malicious XML types document
CVE-2024-52063 2024-12-13 Potential stack buffer write overflow in Connext applications while parsing malicious XML types document
CVE-2024-52064 2024-12-13 Potential stack buffer write overflow in Connext applications while parsing malicious license file
CVE-2024-52065 2024-12-13 Potential stack buffer write overflow in Persistence Service while parsing malicious environment variable on non-Windows systems
CVE-2024-52066 2024-12-13 Potential stack corruption in Routing Service when using a malicious XML configuration document
CVE-2021-32007 2024-12-13 Missing security header: Referrer-Policy URL
CVE-2024-21576 2024-12-13 ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from...
CVE-2024-21577 2024-12-13 ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains...
CVE-2024-11827 2024-12-13 Out of the Block: OpenStreetMap <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via ootb_query Shortcode
CVE-2024-9608 2024-12-13 MyParcel <= 4.24.1 - Reflected Cross-Site Scripting
CVE-2024-22461 2024-12-13 Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command...
CVE-2024-48008 2024-12-13 Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command...
CVE-2024-55889 2024-12-13 phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames
CVE-2024-11986 2024-12-13 Stored XSS in CrushFTP
CVE-2024-48007 2024-12-13 Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded...
CVE-2024-38488 2024-12-13 Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An...
CVE-2024-24902 2024-12-13 Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access...
CVE-2024-47984 2024-12-13 Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service...
CVE-2024-28980 2024-12-13 Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of...
CVE-2022-43472 2024-12-13 WordPress eRoom plugin <= 1.4.6 - Broken Access Control vulnerability
CVE-2022-45806 2024-12-13 WordPress Formidable Forms plugin <= 5.5.4 - Broken Access Control vulnerability
CVE-2022-45819 2024-12-13 WordPress Popup Maker plugin <= 1.17.1 - Broken Access Control vulnerability
CVE-2022-45826 2024-12-13 WordPress Sunshine Photo Cart plugin <= 2.9.13 - Auth. Broken Access Control vulnerability
CVE-2022-45840 2024-12-13 WordPress Auto Affiliate Links plugin <= 6.2.1.5 - Unauth. Broken Access Control vulnerability
CVE-2022-45841 2024-12-13 WordPress Robo Gallery plugin <= 3.2.9 - Auth. Broken Access Control vulnerability
CVE-2022-46795 2024-12-13 WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 4.7.2 - CSRF Plugin Settings Reset vulnerability
CVE-2022-46796 2024-12-13 WordPress CURCY plugin <= 2.1.25 - Unauthenticated plugin settings change vulnerability
CVE-2022-46807 2024-12-13 WordPress Stock Sync for WooCommerce plugin <= 2.3.2 - Broken Access Control
CVE-2022-46811 2024-12-13 WordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 1.0.21 - Broken Access Control + CSRF
CVE-2022-46838 2024-12-13 WordPress JS Help Desk plugin <= 2.7.1 - Unauthenticated Settings Change Vulnerability
CVE-2022-46840 2024-12-13 WordPress JS Help Desk plugin <= 2.7.1 - Broken Access Control
CVE-2022-46846 2024-12-13 WordPress Trending/Popular Post Slider and Widget plugin <= 1.5.7 - Broken Access Control vulnerability
CVE-2022-47168 2024-12-13 WordPress Printful Integration for WooCommerce plugin <= 2.2.3 - Cross Site Request Forgery (CSRF)
CVE-2022-47176 2024-12-13 WordPress Depicter Slider plugin <= 1.9.0 - Broken Access Control vulnerability
CVE-2022-47182 2024-12-13 WordPress APIExperts Square for WooCommerce plugin <= 4.4.1 - Broken Access Control
CVE-2022-47594 2024-12-13 WordPress Essential Blocks for Gutenberg plugin <= 3.8.5 - Broken Access Control
CVE-2023-22697 2024-12-13 WordPress Survey Maker plugin <= 3.2.0 - Broken Access Control vulnerability
CVE-2022-44578 2024-12-13 WordPress Owl Carousel plugin <= 0.5.3 - Broken Access Control vulnerability
CVE-2022-47429 2024-12-13 WordPress Coming Soon Landing Page and Maintenance Mode WordPress Plugin plugin <= 2.2.0 - Broken Access Control
CVE-2023-25988 2024-12-13 WordPress Video Gallery – YouTube Gallery plugin <= 1.7.6 - Broken Access Control vulnerability
CVE-2023-27456 2024-12-13 WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation
CVE-2023-28990 2024-12-13 WordPress Viral Mag theme <= 1.0.9 - Authenticated Arbitrary Plugin Activation Vulnerability
CVE-2023-30490 2024-12-13 WordPress Easing Slider plugin <= 3.0.8 - Plugin Settings Reset Vulnerability
CVE-2023-32506 2024-12-13 WordPress Link Whisper Free plugin <= 0.6.3 - Unauthenticated Broken Access Control vulnerability
CVE-2023-32507 2024-12-13 WordPress Woo Custom Emails plugin <= 2.2 - Broken Access Control vulnerability
CVE-2023-32519 2024-12-13 WordPress WCP Contact Form plugin <= 3.1.0 - Broken Access Control vulnerability
CVE-2023-32520 2024-12-13 WordPress WCP Contact Form plugin <= 3.1.0 - Broken Access Control vulnerability
CVE-2023-32574 2024-12-13 WordPress Injection Guard plugin <= 1.2.1 - Broken Access Control vulnerability
CVE-2023-32581 2024-12-13 WordPress WP-Chatbot for Messenger plugin <= 4.7 - Broken Access Control
CVE-2023-32585 2024-12-13 WordPress Portfolio Gallery – Responsive Image Gallery plugin <= 1.4.6 - Broken Access Control vulnerability
CVE-2023-32586 2024-12-13 WordPress SoundCloud Is Gold plugin <= 2.5.1 - Broken Access Control vulnerability
CVE-2023-32593 2024-12-13 WordPress GS Pins for Pinterest plugin <= 1.6.7 - Broken Access Control vulnerability
CVE-2023-32599 2024-12-13 WordPress reCAPTCHA for all plugin <= 1.22 - Broken Access Control vulnerability
CVE-2023-32601 2024-12-13 WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.12 - Broken Access Control vulnerability
CVE-2023-32798 2024-12-13 WordPress Simple Page Ordering plugin <= 2.5.0 - Broken Access Control vulnerability
CVE-2023-32963 2024-12-13 WordPress Predictive Search for WooCommerce plugin <= 5.8.0 - Broken Access Control vulnerability
CVE-2023-33215 2024-12-13 WordPress Taggbox plugin <= 3.3 - Broken Access Control vulnerability
CVE-2023-33324 2024-12-13 WordPress Easy Captcha plugin <= 1.0 - Broken Access Control vulnerability
CVE-2023-33928 2024-12-13 WordPress WordPress Backup & Migration plugin <= 1.4.0 - Broken Access Control vulnerability
CVE-2023-33994 2024-12-13 WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability
CVE-2023-33995 2024-12-13 WordPress Photo Gallery by 10Web plugin <= 1.8.15 - Broken Access Control vulnerability
CVE-2023-33996 2024-12-13 WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 6.10 - Broken Access Control vulnerability
CVE-2023-33998 2024-12-13 WordPress Easy Social Icons plugin <= 3.2.5 - Broken Access Control vulnerability
CVE-2023-34009 2024-12-13 WordPress Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.1 - Broken Access Control + CSRF
CVE-2023-34014 2024-12-13 WordPress Grid Plus plugin <= 1.3.2 - Broken Access Control vulnerability
CVE-2023-34019 2024-12-13 WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Broken Access Control vulnerability
CVE-2023-34376 2024-12-13 WordPress Change WooCommerce Add To Cart Button Text plugin <= 1.3 - Broken Access Control vulnerability
CVE-2023-34381 2024-12-13 WordPress Zippy plugin <= 1.6.2 - Broken Access Control vulnerability
CVE-2023-34387 2024-12-13 WordPress Constant Contact Forms plugin <= 2.0.3 - Broken Access Control vulnerability
CVE-2023-35037 2024-12-13 WordPress Surfer plugin <= 1.3.2.357 - Broken Access Control vulnerability
CVE-2023-35046 2024-12-13 WordPress Dynamic Visibility for Elementor plugin <= 5.0.5 - Broken Access Control vulnerability
CVE-2023-35051 2024-12-13 WordPress Contact Forms by Cimatti plugin <= 1.5.7 - Broken Access Control vulnerability
CVE-2023-35052 2024-12-13 WordPress Directorist plugin <= 7.5.4 - Arbitrary Content Deletion vulnerability
CVE-2023-35777 2024-12-13 WordPress The Events Calendar plugin <= 6.1.2.2 - Broken Access Control vulnerability
CVE-2023-35875 2024-12-13 WordPress Gutenverse – Gutenberg Blocks – Page Builder for Site Editor plugin <= 1.8.5 - Broken Access Control vulnerability
CVE-2023-36506 2024-12-13 WordPress YITH WooCommerce Waitlist plugin <= 2.13.0 - Broken Access Control vulnerability
CVE-2023-36509 2024-12-13 WordPress CHP Ads Block Detector plugin <= 3.9.5 - Broken Access Control vulnerability
CVE-2023-36510 2024-12-13 WordPress ReDi Restaurant Reservation plugin <= 23.0211 - Broken Access Control vulnerability
CVE-2023-36518 2024-12-13 WordPress Post Hit Counter plugin <= 1.3.2 - Broken Access Control
CVE-2023-36519 2024-12-13 WordPress SW Product Bundles plugin <= 2.0.15 - Broken Access Control vulnerability
CVE-2023-36526 2024-12-13 WordPress Duplicate Post Page Menu & Custom Post Type plugin <= 2.4.1 - Broken Access Control vulnerability
CVE-2023-36528 2024-12-13 WordPress kk Star Ratings plugin <= 5.4.3 - Rate Manipulation due to IP Spoofing Vulnerability
CVE-2023-36531 2024-12-13 WordPress LiquidPoll plugin <= 3.3.68 - Broken Access Control vulnerability
CVE-2023-36680 2024-12-13 WordPress Image Regenerate & Select Crop plugin <= 7.1.0 - Broken Access Control vulnerability
CVE-2023-36681 2024-12-13 WordPress Cryptocurrency Widgets – Price Ticker & Coins List plugin <= 2.6.2 - Broken Access Control vulnerability
CVE-2023-37887 2024-12-13 WordPress WPSchoolPress plugin <= 2.2.7 - Broken Access Control vulnerability
CVE-2023-37967 2024-12-13 WordPress DirectoryPress plugin <= 3.6.2 - Unauthenticated Broken Access Control Vulnerability
CVE-2023-37969 2024-12-13 WordPress Checkout with Zelle on Woocommerce plugin <= 3.1 - Broken Access Control vulnerability
CVE-2023-37971 2024-12-13 WordPress WooCommerce Product Stock Alert plugin <= 2.0.1 - Broken Access Control vulnerability
CVE-2023-37984 2024-12-13 WordPress Quiz And Survey Master plugin <= 8.1.10 - Broken Access Control vulnerability
CVE-2023-37987 2024-12-13 WordPress YourMembership Single Sign On plugin <= 1.1.3 - Broken Access Control vulnerability