CVE List - 2024 / December

Showing 1901 - 2000 of 3433 CVEs for December 2024 (Page 20 of 35)

Back to List Previous Next

CVE ID	Date	Title
CVE-2024-54297	2024-12-13	WordPress vBSSO-lite plugin <= 1.4.3 - Account Takeover vulnerability
CVE-2024-54298	2024-12-13	WordPress Car Dealer plugin <= 4.46 - Broken Access Control vulnerability
CVE-2024-54299	2024-12-13	WordPress Revi.io plugin <= 5.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54300	2024-12-13	WordPress AutoWP plugin <= 2.0.8 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-54301	2024-12-13	WordPress FormFacade plugin <= 1.3.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54302	2024-12-13	WordPress VForm plugin <= 3.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54303	2024-12-13	WordPress Simple Payment plugin <= 2.3.7 - Refleceted Cross Site Scripting (XSS) vulnerability
CVE-2024-54304	2024-12-13	WordPress Hive Support plugin <= 1.1.2 - SQL Injection vulnerability
CVE-2024-54305	2024-12-13	WordPress J&T Express Malaysia plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54306	2024-12-13	WordPress AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot plugin <= 1.6.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-54307	2024-12-13	WordPress AIcomments plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-54308	2024-12-13	WordPress Cryptocurrency Price Widget plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-54309	2024-12-13	WordPress PostBox plugin <= 1.0.4 - Sensitive Data Exposure vulnerability
CVE-2024-54310	2024-12-13	WordPress Gou Manage My Account Menu plugin <= 1.0.1.8 - Broken Access Control vulnerability
CVE-2024-54311	2024-12-13	WordPress Mark New Posts plugin <= 7.5.1 - Broken Access Control vulnerability
CVE-2024-54312	2024-12-13	WordPress افزونه پیامک ووکامرس Persian WooCommerce SMS plugin <= 7.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54313	2024-12-13	WordPress FULL – Cliente plugin <= 3.1.25 - Local File Inclusion vulnerability
CVE-2024-54314	2024-12-13	WordPress Primary Addon for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-54315	2024-12-13	WordPress Events Addon for Elementor plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-54316	2024-12-13	WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-54317	2024-12-13	WordPress Web Stories plugin <= 1.37.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-54318	2024-12-13	WordPress NiceJob plugin <= 3.6.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-54319	2024-12-13	WordPress Kundgenerator plugin <= 1.0.6 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54320	2024-12-13	WordPress ICDSoft Reseller Store plugin<= 2.4.5 -Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54321	2024-12-13	WordPress Hive Support plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-54322	2024-12-13	WordPress Media Downloader plugin <= 0.4.7.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54323	2024-12-13	WordPress New User Approve plugin <= 2.6.2 - Broken Access Control vulnerability
CVE-2024-54324	2024-12-13	WordPress SMSify plugin <= 6.0.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54325	2024-12-13	WordPress CarDealerPress plugin <= 6.6.2410.02 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54326	2024-12-13	WordPress GEO my WP plugin <= 4.5.0.4 - Broken Access Control vulnerability
CVE-2024-54327	2024-12-13	WordPress UNIVERSAM plugin < 8.59 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54328	2024-12-13	WordPress Invoice Payment for WooCommerce plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54329	2024-12-13	WordPress CleverNode Related Content plugin <= 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54330	2024-12-13	WordPress Hurrakify plugin <= 2.4 - Server Side Request Forgery (SSRF) vulnerability
CVE-2024-54333	2024-12-13	WordPress Check Pincode For Woocommerce plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54334	2024-12-13	WordPress Quran Phrases About Most People Shortcodes plugin <= 1.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-54335	2024-12-13	WordPress ImmoToolBox Connect plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54336	2024-12-13	WordPress Projectopia plugin <= 5.1.7 - Account Takeover vulnerability
CVE-2024-54337	2024-12-13	WordPress DX Dark Site plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2024-54338	2024-12-13	WordPress Hello Event Widgets For Elementor plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2024-54339	2024-12-13	WordPress geoFlickr plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54340	2024-12-13	WordPress Simple Presenter plugin <= 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54341	2024-12-13	WordPress LabelGrid Tools plugin <= 1.3.58 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54342	2024-12-13	WordPress Staggs plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54343	2024-12-13	WordPress Connect Contact Form 7 to Constant Contact plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54344	2024-12-13	WordPress WP Quick Shop plugin <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54345	2024-12-13	WordPress Bicycleshop theme <= 1.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-54346	2024-12-13	WordPress Barter theme <= 1.6 - Cross Site Scripting (XSS) vulnerability
CVE-2024-54347	2024-12-13	WordPress FloristPress plugin <= 7.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-54349	2024-12-13	WordPress Plain Post plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-54351	2024-12-13	WordPress Fancy Roller Scroller plugin <= 1.4.0 - CSRF to Stored XSS vulnerability
CVE-2024-9945	2024-12-13	Limited Information Disclosure in GoAnywhere MFT Prior to 7.7.0
CVE-2024-54139	2024-12-13	Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter
CVE-2024-55661	2024-12-13	Laravel Pulse Allows Remote Code Execution via Unprotected Query Method
CVE-2024-55887	2024-12-13	Ucum-java has an XXE vulnerability in XML parsing
CVE-2024-46971	2024-12-13	GPU DDK - UAF of memory in PMRUnlockSysPhysAddressesLocalMem for on-demand PMRs on PCI (LMA) systems
CVE-2024-47892	2024-12-13	GPU DDK - UAF of kernel memory in PMRUnlockPhysAddressesOSMem for on-demand non-4KB PMRs in system memory (UMA)
CVE-2024-55890	2024-12-13	D-Tale allows Remote Code Execution through the Custom Filter Input
CVE-2024-55946	2024-12-13	Playloom Engine Data Storage Vulnerability
CVE-2024-12552	2024-12-13	Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability
CVE-2024-12553	2024-12-13	GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability
CVE-2023-29476	2024-12-14	In Menlo On-Premise Appliance before 2.88, web policy may not...
CVE-2024-12555	2024-12-14	SIP Calculator <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2024-11873	2024-12-14	glomex oEmbed <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11889	2024-12-14	My IDX Home Search <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11867	2024-12-14	Companion Portfolio – Responsive Portfolio Plugin <= 2.4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11865	2024-12-14	Tabs Maker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12578	2024-12-14	Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure
CVE-2024-11755	2024-12-14	IMS Countdown <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11751	2024-12-14	TCBD Popover <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11759	2024-12-14	Bukza <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11876	2024-12-14	Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11095	2024-12-14	Visualmodo Elements <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
CVE-2024-11770	2024-12-14	Post Carousel & Slider <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11462	2024-12-14	Filestack Official <= 2.0.0 - Reflected Cross-Site Scripting
CVE-2024-11763	2024-12-14	Plezi <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12517	2024-12-14	WooCommerce Cart Count Shortcode <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11883	2024-12-14	Connatix Video Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12448	2024-12-14	Posts and Products Views for WooCommerce <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12411	2024-12-14	WP Ad Guru – Banner ad, Responsive popup, Popup maker, Ad rotator & More <= 2.5.4 - Reflected Cross-Site Scripting
CVE-2024-12458	2024-12-14	Smart PopUp Blaster <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12523	2024-12-14	States Map US <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12447	2024-12-14	Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode
CVE-2024-11855	2024-12-14	Koalendar – Events & Appointments Booking Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter
CVE-2024-11894	2024-12-14	The Permalinker <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12502	2024-12-14	My IDX Home Search <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11877	2024-12-14	Cricket Live Score <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11869	2024-12-14	Buk for WordPress <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11888	2024-12-14	IDer Login for WordPress <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-9698	2024-12-14	Crafthemes Demo Import <= 3.3 - Authenticated (Admin+) Arbitrary File Upload in process_uploaded_files
CVE-2024-11884	2024-12-14	Wp photo text slider 50 <= 8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12501	2024-12-14	Simple Locator <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-10646	2024-12-14	Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject
CVE-2024-10690	2024-12-14	Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure
CVE-2024-12474	2024-12-14	GeoDataSource Country Region DropDown <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-11752	2024-12-14	Eveeno <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12459	2024-12-14	Ganohrs Toggle Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-12422	2024-12-14	Import Eventbrite Events <= 1.7.4 - Reflected Cross-Site Scripting
CVE-2024-12628	2024-12-14	bodi0’s Easy Cache <= 0.8 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE-2024-12446	2024-12-14	Post to Pdf <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting