CVE List - 2024 / March
Showing 1201 - 1300 of 3299 CVEs for March 2024 (Page 13 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-0830 | 2024-03-13 | The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing... |
| CVE-2024-1684 | 2024-03-13 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox... |
| CVE-2023-6825 | 2024-03-13 | The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via... |
| CVE-2023-7015 | 2024-03-13 | The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization... |
| CVE-2024-0896 | 2024-03-13 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due... |
| CVE-2024-1391 | 2024-03-13 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12... |
| CVE-2023-6809 | 2024-03-13 | The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input... |
| CVE-2024-0631 | 2024-03-13 | The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and... |
| CVE-2024-0681 | 2024-03-13 | The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the... |
| CVE-2024-1074 | 2024-03-13 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2... |
| CVE-2024-0898 | 2024-03-13 | The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in... |
| CVE-2024-0700 | 2024-03-13 | The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input... |
| CVE-2024-1951 | 2024-03-13 | The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via... |
| CVE-2024-1505 | 2024-03-13 | The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due... |
| CVE-2023-5663 | 2024-03-13 | The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user... |
| CVE-2024-1497 | 2024-03-13 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, and including, 2.10.30 due to... |
| CVE-2024-1393 | 2024-03-13 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12... |
| CVE-2024-0683 | 2024-03-13 | The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes... |
| CVE-2024-1365 | 2024-03-13 | The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feed_id parameter in all versions up to, and including, 4.2.3 due to insufficient input... |
| CVE-2024-2030 | 2024-03-13 | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3... |
| CVE-2024-0369 | 2024-03-13 | The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to,... |
| CVE-2024-0829 | 2024-03-13 | The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or... |
| CVE-2024-1541 | 2024-03-13 | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including,... |
| CVE-2024-0377 | 2024-03-13 | The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all... |
| CVE-2024-1126 | 2024-03-13 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all... |
| CVE-2024-1806 | 2024-03-13 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s)... |
| CVE-2024-2028 | 2024-03-13 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient... |
| CVE-2024-2286 | 2024-03-13 | The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper... |
| CVE-2024-1080 | 2024-03-13 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4... |
| CVE-2024-1311 | 2024-03-13 | The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and... |
| CVE-2024-0827 | 2024-03-13 | The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4.... |
| CVE-2024-1499 | 2024-03-13 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings['title_tags'] parameter in all versions up to, and including,... |
| CVE-2024-1038 | 2024-03-13 | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due... |
| CVE-2024-2194 | 2024-03-13 | The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization... |
| CVE-2024-1723 | 2024-03-13 | The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and... |
| CVE-2024-0368 | 2024-03-13 | The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys.... |
| CVE-2024-1489 | 2024-03-13 | The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or... |
| CVE-2024-2252 | 2024-03-13 | The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to,... |
| CVE-2024-1950 | 2024-03-13 | The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted... |
| CVE-2024-1793 | 2024-03-13 | The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id'... |
| CVE-2023-6957 | 2024-03-13 | The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input... |
| CVE-2024-1413 | 2024-03-13 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient... |
| CVE-2024-0687 | 2024-03-13 | The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes... |
| CVE-2024-1751 | 2024-03-13 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1... |
| CVE-2024-1894 | 2024-03-13 | The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all versions up to, and including,... |
| CVE-2024-1291 | 2024-03-13 | The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient... |
| CVE-2024-2239 | 2024-03-13 | The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient... |
| CVE-2024-2237 | 2024-03-13 | The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input... |
| CVE-2024-1996 | 2024-03-13 | The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient... |
| CVE-2024-1997 | 2024-03-13 | The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12... |
| CVE-2024-2238 | 2024-03-13 | The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient... |
| CVE-2024-1668 | 2024-03-13 | The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page.... |
| CVE-2024-2000 | 2024-03-13 | The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12... |
| CVE-2024-24549 | 2024-03-13 | Apache Tomcat: HTTP/2 header handling DoS |
| CVE-2024-23672 | 2024-03-13 | Apache Tomcat: WebSocket DoS with incomplete closing handshake |
| CVE-2024-26630 | 2024-03-13 | mm: cachestat: fix folio read-after-free in cache walk |
| CVE-2024-25097 | 2024-03-13 | WordPress TNC PDF viewer Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-25099 | 2024-03-13 | WordPress Paytium: Mollie payment forms & donations Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-0161 | 2024-03-13 | Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary... |
| CVE-2024-25101 | 2024-03-13 | WordPress Maspik – Spam blacklist Plugin <= 0.10.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-27952 | 2024-03-13 | WordPress Advanced Sermons plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-0162 | 2024-03-13 | Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound... |
| CVE-2024-0163 | 2024-03-13 | Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise... |
| CVE-2024-27953 | 2024-03-13 | WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.8 is vulnerable to Broken Access Control |
| CVE-2024-20327 | 2024-03-13 | A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to... |
| CVE-2024-0154 | 2024-03-13 | Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of... |
| CVE-2024-20320 | 2024-03-13 | A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could... |
| CVE-2024-20266 | 2024-03-13 | A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting... |
| CVE-2024-20322 | 2024-03-13 | A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a... |
| CVE-2024-20315 | 2024-03-13 | A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a... |
| CVE-2024-20318 | 2024-03-13 | A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in... |
| CVE-2024-20262 | 2024-03-13 | A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system... |
| CVE-2024-20319 | 2024-03-13 | A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network... |
| CVE-2024-0173 | 2024-03-13 | Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of... |
| CVE-2024-28196 | 2024-03-13 | Clickjacking in your_spotify |
| CVE-2024-28195 | 2024-03-13 | Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify |
| CVE-2024-2431 | 2024-03-13 | GlobalProtect App: Local User Can Disable GlobalProtect |
| CVE-2024-2432 | 2024-03-13 | GlobalProtect App: Local Privilege Escalation (PE) Vulnerability |
| CVE-2024-2433 | 2024-03-13 | PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss |
| CVE-2024-2418 | 2024-03-13 | SourceCodester Best POS Management System view_order.php sql injection |
| CVE-2024-2403 | 2024-03-13 | Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access... |
| CVE-2024-28194 | 2024-03-13 | Authentication Bypass Because of Hardcoded JWT Secret in your_spotify |
| CVE-2024-0799 | 2024-03-13 | Authentication Bypass via wizardLogin in Arcserve Unified Data Protection |
| CVE-2024-0800 | 2024-03-13 | Authentication Bypass via wizardLogin in Arcserve Unified Data Protection |
| CVE-2024-0801 | 2024-03-13 | Unauthenticated DoS in Arcserve Unified Data Protection |
| CVE-2024-24692 | 2024-03-13 | Zoom Rooms Client for Windows - Race Condition |
| CVE-2024-24693 | 2024-03-13 | Zoom Rooms Client for Windows - Improper Access Control |
| CVE-2024-28192 | 2024-03-13 | NoSQL Injection Leading to Authentication Bypass in your_spotify |
| CVE-2024-28193 | 2024-03-13 | Disclosure of Spotify API Access Tokens to Guest Users Using Public Tokens in your_spotify |
| CVE-2024-27102 | 2024-03-13 | Improper isolation of server file access in github.com/pterodactyl/wings |
| CVE-2024-27097 | 2024-03-13 | Potential log injection in reset user endpoint in ckan |
| CVE-2024-22167 | 2024-03-13 | SanDisk PrivateAccess DLL Hijacking Vulnerability |
| CVE-2024-28175 | 2024-03-13 | Cross-site scripting on application summary component in argo-cd |
| CVE-2023-50726 | 2024-03-13 | Users with `create` but not `override` privileges can perform local sync in argo-cd |
| CVE-2023-38534 | 2024-03-13 | Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated RPC. |
| CVE-2023-38535 | 2024-03-13 | Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic keys. |
| CVE-2023-38536 | 2024-03-13 | HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting. |
| CVE-2020-11862 | 2024-03-13 | Insecure renegotiation in SSL protocol caused Denial of service attack in Privileged Account Manager |
| CVE-2024-2079 | 2024-03-13 | The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'per_line_mobile' shortcode in all versions up to, and including, 3.8.1 due... |
| CVE-2024-2242 | 2024-03-13 | The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5.9 due to insufficient input sanitization... |