CVE List - 2024 / May
Showing 301 - 400 of 4994 CVEs for May 2024 (Page 4 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-33950 | 2024-05-02 | WordPress Archives Calendar Widget plugin <= 1.0.15 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-28798 | 2024-05-02 | Out-of-bounds write to heap in pacparser |
| CVE-2023-41970 | 2024-05-02 | Repair App local code execution with arbitrary privileges |
| CVE-2023-41971 | 2024-05-02 | Windows ZCC Upgrade DoS And Privilege Escalation Through RPC Control |
| CVE-2024-23459 | 2024-05-02 | Multiple Arbitrary Creates/Overwrites by link following |
| CVE-2024-23461 | 2024-05-02 | ZCC macOS Upgrade ZIP Bomb DoS |
| CVE-2024-23462 | 2024-05-02 | ZCC Mac validinstaller file integrity check missing |
| CVE-2023-37244 | 2024-05-02 | Privilege escalation in N-Able's AutomationManagerAgent |
| CVE-2024-4128 | 2024-05-02 | CSRF in firebase-tools emulator suite |
| CVE-2024-34144 | 2024-05-02 | A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass... |
| CVE-2024-34145 | 2024-05-02 | A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts,... |
| CVE-2024-34146 | 2024-05-02 | Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public... |
| CVE-2024-34147 | 2024-05-02 | Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with... |
| CVE-2024-34148 | 2024-05-02 | Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property... |
| CVE-2024-30251 | 2024-05-02 | Denial of service when trying to parse malformed POST requests in aiohttp |
| CVE-2024-34061 | 2024-05-02 | Reflected cross site scripting in changedetection.io |
| CVE-2024-3543 | 2024-05-02 | LoadMaster Reversible Password Encryption Algorithm |
| CVE-2024-3544 | 2024-05-02 | LoadMaster Hardcoded SSH Key |
| CVE-2023-47727 | 2024-05-02 | IBM QRadar Suite Software file manipulation |
| CVE-2024-4029 | 2024-05-02 | Wildfly: no timeout for eap management interface may lead to denial of service (dos) |
| CVE-2024-4405 | 2024-05-02 | Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability |
| CVE-2024-4406 | 2024-05-02 | Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability |
| CVE-2024-4433 | 2024-05-02 | WordPress Simple Image Popup plugin <= 2.4.0 - Cross-Site Scripting (XSS) vulnerability |
| CVE-2024-33949 | 2024-05-02 | WordPress Min and Max Purchase for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33948 | 2024-05-02 | WordPress TweetScroll Widget plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-1945 | 2024-05-02 | The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check... |
| CVE-2023-6962 | 2024-05-02 | The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for... |
| CVE-2024-3023 | 2024-05-02 | The AnnounceKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping.... |
| CVE-2024-3581 | 2024-05-02 | The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the add_media_library_images_to_gallery function in all versions up to, and including, 6.4.2. This... |
| CVE-2024-3585 | 2024-05-02 | The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all... |
| CVE-2024-2831 | 2024-05-02 | The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied... |
| CVE-2024-3520 | 2024-05-02 | The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tc_csca_patch_settings function in all versions up... |
| CVE-2024-3074 | 2024-05-02 | The Elementor ImageBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image box widget in all versions up to, and including, 1.2.8 due to insufficient input sanitization... |
| CVE-2024-1348 | 2024-05-02 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.5... |
| CVE-2024-2085 | 2024-05-02 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets all versions up to, and including,... |
| CVE-2024-1959 | 2024-05-02 | The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialWarfare' shortcode in all versions up to, and including, 4.4.6.1 due... |
| CVE-2024-3107 | 2024-05-02 | The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with... |
| CVE-2024-2345 | 2024-05-02 | The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the folder name parameter in all versions up to, and... |
| CVE-2024-1896 | 2024-05-02 | The Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to,... |
| CVE-2024-4083 | 2024-05-02 | The Easy Restaurant Table Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce... |
| CVE-2024-3717 | 2024-05-02 | The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the... |
| CVE-2024-2840 | 2024-05-02 | The Enhanced Media Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload functionality in all versions up to, and including, 2.8.9 due to the plugin allowing... |
| CVE-2024-3957 | 2024-05-02 | The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and... |
| CVE-2024-4334 | 2024-05-02 | The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the ‘typing_cursor’ parameter in versions up to, and... |
| CVE-2024-0847 | 2024-05-02 | The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect... |
| CVE-2024-3047 | 2024-05-02 | The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can... |
| CVE-2024-4003 | 2024-05-02 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_team_members_image_rounded parameter in the Team... |
| CVE-2024-3206 | 2024-05-02 | The Different Menu in Different Pages – Control Menu Visibility (All in One) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax()... |
| CVE-2024-3985 | 2024-05-02 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due... |
| CVE-2024-4156 | 2024-05-02 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_event_text_color’ parameter in versions up... |
| CVE-2024-3728 | 2024-05-02 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery & Interactive... |
| CVE-2024-3554 | 2024-05-02 | The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... |
| CVE-2024-2503 | 2024-05-02 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid Widget in all versions up to, and including, 2.6.9.2 due to insufficient... |
| CVE-2024-1584 | 2024-05-02 | The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the... |
| CVE-2024-3045 | 2024-05-02 | The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient... |
| CVE-2024-3021 | 2024-05-02 | The Mhr Post Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Header Title value in all versions up to, and including, 1.1 due to insufficient input... |
| CVE-2024-2750 | 2024-05-02 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3... |
| CVE-2024-3675 | 2024-05-02 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip Carousel, Flip Box, Post Grid, and Taxonomy List widgets in all... |
| CVE-2024-3546 | 2024-05-02 | The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to,... |
| CVE-2024-3308 | 2024-05-02 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget's attributes in all versions up to, and including,... |
| CVE-2024-1841 | 2024-05-02 | The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization... |
| CVE-2024-3341 | 2024-05-02 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.5... |
| CVE-2024-1897 | 2024-05-02 | The Grid Gallery – Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of... |
| CVE-2024-3338 | 2024-05-02 | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input... |
| CVE-2024-2661 | 2024-05-02 | The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to blind SQL Injection via the... |
| CVE-2024-3885 | 2024-05-02 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the subcontainer value parameter in all versions up to, and including, 4.10.28 due to insufficient... |
| CVE-2024-3895 | 2024-05-02 | The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including,... |
| CVE-2024-3819 | 2024-05-02 | The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Banner widget in all versions up to, and including, 2.6.4 due to... |
| CVE-2024-3071 | 2024-05-02 | The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfg_update_fields() function in all versions up to, and including,... |
| CVE-2024-3161 | 2024-05-02 | The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's attributes in all versions up to, and including, 2.6.4 due to insufficient input... |
| CVE-2024-3647 | 2024-05-02 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post ticker widget in all versions up to, and including, 4.10.28 due to... |
| CVE-2024-3599 | 2024-05-02 | The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete()... |
| CVE-2024-3734 | 2024-05-02 | The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary... |
| CVE-2024-1572 | 2024-05-02 | The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_ulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization... |
| CVE-2024-2867 | 2024-05-02 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter... |
| CVE-2024-4203 | 2024-05-02 | The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient... |
| CVE-2024-3674 | 2024-05-02 | The Inline Google Spreadsheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdoc' shortcode in all versions up to, and including, 0.13.2 due to insufficient... |
| CVE-2024-2790 | 2024-05-02 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Accordion widget in all versions up to, and including, 2.4.8 due to... |
| CVE-2023-6214 | 2024-05-02 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.6 via the purchased_products function. This... |
| CVE-2024-1396 | 2024-05-02 | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.15.5 due... |
| CVE-2024-3991 | 2024-05-02 | The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id... |
| CVE-2024-1678 | 2024-05-02 | The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it... |
| CVE-2024-3275 | 2024-05-02 | The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the search_posts function. This makes... |
| CVE-2024-3499 | 2024-05-02 | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generate_navigation_markup function of the Onepage Scroll module.... |
| CVE-2024-3670 | 2024-05-02 | The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including,... |
| CVE-2024-1688 | 2024-05-02 | The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and... |
| CVE-2024-3942 | 2024-05-02 | The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check... |
| CVE-2024-2958 | 2024-05-02 | The SVS Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via pricing table settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization... |
| CVE-2024-1842 | 2024-05-02 | The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Heading tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization... |
| CVE-2024-3649 | 2024-05-02 | The Contact Form by WPForms – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to price manipulation in versions up to, and including, 1.8.7.2. This is... |
| CVE-2024-2043 | 2024-05-02 | The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading... |
| CVE-2024-1677 | 2024-05-02 | The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of... |
| CVE-2024-1993 | 2024-05-02 | The Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.0 due to insufficient input sanitization and... |
| CVE-2024-3489 | 2024-05-02 | The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient... |
| CVE-2024-2959 | 2024-05-02 | The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation... |
| CVE-2024-1567 | 2024-05-02 | The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to,... |
| CVE-2024-1805 | 2024-05-02 | The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and... |
| CVE-2024-1809 | 2024-05-02 | The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX... |
| CVE-2024-3677 | 2024-05-02 | The Ultimate 410 Gone Status Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 410 entries in all versions up to, and including, 1.1.4 due to insufficient... |
| CVE-2024-1386 | 2024-05-02 | The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions 1.5.0 to 1.7.6 due to insufficient input sanitization and... |