CVE List - 2024 / May
Showing 401 - 500 of 4994 CVEs for May 2024 (Page 5 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-4133 | 2024-05-02 | The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30.... |
| CVE-2024-3724 | 2024-05-02 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Stack Group, Photo Stack, & Horizontal Timeline widgets in all versions up... |
| CVE-2024-2346 | 2024-05-02 | The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder... |
| CVE-2024-2967 | 2024-05-02 | The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all... |
| CVE-2024-4092 | 2024-05-02 | The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and... |
| CVE-2023-7067 | 2024-05-02 | The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized modification of data due to... |
| CVE-2024-3295 | 2024-05-02 | The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check... |
| CVE-2024-2765 | 2024-05-02 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL... |
| CVE-2024-2109 | 2024-05-02 | The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'booster_extension_authorbox_shortcode_display' function. This makes it possible for unauthenticated... |
| CVE-2024-1533 | 2024-05-02 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.5 due... |
| CVE-2024-3312 | 2024-05-02 | The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to... |
| CVE-2024-2084 | 2024-05-02 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget in all versions up to, and including, 2.4.6... |
| CVE-2024-0908 | 2024-05-02 | The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check... |
| CVE-2024-2542 | 2024-05-02 | The Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions... |
| CVE-2024-0848 | 2024-05-02 | The AA Cash Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘invoice’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization... |
| CVE-2024-3650 | 2024-05-02 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions 3.0.7 through 3.1.2 due to insufficient input sanitization and... |
| CVE-2024-1173 | 2024-05-02 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter... |
| CVE-2024-3870 | 2024-05-02 | The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can... |
| CVE-2024-3287 | 2024-05-02 | The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in... |
| CVE-2024-2797 | 2024-05-02 | The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all... |
| CVE-2024-0615 | 2024-05-02 | The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to,... |
| CVE-2024-3729 | 2024-05-02 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes... |
| CVE-2024-3517 | 2024-05-02 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due... |
| CVE-2024-4265 | 2024-05-02 | The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to,... |
| CVE-2024-3215 | 2024-05-02 | The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This... |
| CVE-2024-3199 | 2024-05-02 | The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient... |
| CVE-2024-3715 | 2024-05-02 | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input... |
| CVE-2024-3891 | 2024-05-02 | The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including, 3.10.5 due to insufficient... |
| CVE-2024-3197 | 2024-05-02 | The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in the plugin's widgets in all versions up to, and including, 5.4.2... |
| CVE-2024-3337 | 2024-05-02 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_breadcrumb_element' shortcode in all versions up to, and including, 1.0.272 due to insufficient input... |
| CVE-2024-4085 | 2024-05-02 | The Tabellen von faustball.com plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.4 due to insufficient input sanitization and... |
| CVE-2024-0629 | 2024-05-02 | The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniff_ins function in all versions up... |
| CVE-2024-3550 | 2024-05-02 | The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.2 due to... |
| CVE-2024-3606 | 2024-05-02 | The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pm_upload_cover_image function in... |
| CVE-2024-0613 | 2024-05-02 | The Delete Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.1. This is due to missing or incorrect nonce validation... |
| CVE-2024-4000 | 2024-05-02 | The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm_hb' shortcode in all versions up to, and including, 1.3.6 due... |
| CVE-2024-1679 | 2024-05-02 | The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template and javascript label fields... |
| CVE-2024-2401 | 2024-05-02 | The Admin Page Spider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.20 due to insufficient input sanitization and... |
| CVE-2024-3588 | 2024-05-02 | The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient... |
| CVE-2024-4036 | 2024-05-02 | The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and... |
| CVE-2024-3307 | 2024-05-02 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all versions up to, and including, 2.4.9... |
| CVE-2024-2349 | 2024-05-02 | The Fancy Elementor Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Fancy Elementor Flipbox widget in all versions up to, and including, 2.4.2 due to insufficient... |
| CVE-2024-3500 | 2024-05-02 | The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This... |
| CVE-2023-6961 | 2024-05-02 | The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Referer’ header in all versions up to, and including, 4.5.12 due to insufficient input sanitization... |
| CVE-2024-1840 | 2024-05-02 | The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization... |
| CVE-2024-3233 | 2024-05-02 | The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_create_index() function in all versions... |
| CVE-2024-3725 | 2024-05-02 | The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all... |
| CVE-2024-2082 | 2024-05-02 | The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and... |
| CVE-2024-2417 | 2024-05-02 | The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the... |
| CVE-2024-1416 | 2024-05-02 | The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all... |
| CVE-2024-1797 | 2024-05-02 | The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to SQL Injection via the 'status' and 'id' attributes of the 'wp_ulike_counter' and 'wp_ulike' shortcodes in... |
| CVE-2024-2328 | 2024-05-02 | The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up... |
| CVE-2024-4034 | 2024-05-02 | The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and... |
| CVE-2024-1759 | 2024-05-02 | The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including,... |
| CVE-2024-1415 | 2024-05-02 | The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to... |
| CVE-2024-3607 | 2024-05-02 | The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12.... |
| CVE-2024-4324 | 2024-05-02 | The WP Video Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.9.10 due to insufficient input sanitization... |
| CVE-2024-1716 | 2024-05-02 | The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and... |
| CVE-2024-2876 | 2024-05-02 | The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query'... |
| CVE-2024-4033 | 2024-05-02 | All-in-One Video Gallery <= 3.6.4 - Authenticated (Contributor+) Arbitrary File Upload via featured image |
| CVE-2024-3747 | 2024-05-02 | The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to... |
| CVE-2023-6731 | 2024-05-02 | The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and... |
| CVE-2024-3897 | 2024-05-02 | The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in... |
| CVE-2024-2960 | 2024-05-02 | The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation... |
| CVE-2024-2273 | 2024-05-02 | The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.2.34... |
| CVE-2024-2751 | 2024-05-02 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘exad_infobox_animating_mask_style’ parameter in all versions up to, and including, 2.6.9.2 due to insufficient input... |
| CVE-2023-7030 | 2024-05-02 | The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and... |
| CVE-2023-7064 | 2024-05-02 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input... |
| CVE-2024-3743 | 2024-05-02 | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets in all versions... |
| CVE-2024-4086 | 2024-05-02 | The CM Tooltip Glossary – Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.11. This is due to missing... |
| CVE-2024-3936 | 2024-05-02 | The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check... |
| CVE-2024-3340 | 2024-05-02 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input... |
| CVE-2024-2667 | 2024-05-02 | The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in... |
| CVE-2024-3553 | 2024-05-02 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in... |
| CVE-2024-2752 | 2024-05-02 | The Where Did You Hear About Us Checkout Field for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via order meta in all versions up to, and including,... |
| CVE-2024-3601 | 2024-05-02 | The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all... |
| CVE-2024-3849 | 2024-05-02 | The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers,... |
| CVE-2024-2324 | 2024-05-02 | The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due... |
| CVE-2024-0710 | 2024-05-02 | The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes... |
| CVE-2024-4097 | 2024-05-02 | The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 3.1.67 due to insufficient input... |
| CVE-2024-3473 | 2024-05-02 | The Header Footer Code Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 1.0.16 due to insufficient... |
| CVE-2024-3681 | 2024-05-02 | The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search (s) parameter in all versions up to, and including, 2.4.14 due to insufficient input... |
| CVE-2024-4215 | 2024-05-02 | The Multi Factor Authentication bypass vulnerability in pgAdmin 4 |
| CVE-2024-4216 | 2024-05-02 | XSS vulnerability in /settings/store API response json payload in pgAdmin 4 |
| CVE-2024-34391 | 2024-05-02 | libxmljs attrs type confusion RCE |
| CVE-2024-34392 | 2024-05-02 | libxmljs namespaces type confusion RCE |
| CVE-2024-34393 | 2024-05-02 | libxmljs2 attrs type confusion RCE |
| CVE-2024-34394 | 2024-05-02 | libxmljs2 namespaces type confusion RCE |
| CVE-2024-4140 | 2024-05-02 | An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024)... |
| CVE-2024-25047 | 2024-05-02 | IBM Cognos Analytics log injection |
| CVE-2024-30304 | 2024-05-02 | ZDI-CAN-23040: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30306 | 2024-05-02 | ZDI-CAN-23106: Adobe Acrobat Reader DC AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2024-30305 | 2024-05-02 | ZDI-CAN-23043: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30303 | 2024-05-02 | ZDI-CAN-23044: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30301 | 2024-05-02 | ZDI-CAN-23042: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-30302 | 2024-05-02 | ZDI-CAN-23077: Adobe Acrobat Reader DC AcroForm Use-After-Free Information Disclosure Vulnerability |
| CVE-2024-27453 | 2024-05-03 | In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI). |
| CVE-2024-29417 | 2024-05-03 | Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function. |
| CVE-2024-30851 | 2024-05-03 | Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component. |
| CVE-2024-31636 | 2024-05-03 | An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component. |