CVEs from 2024
Total
6,614
critical
critical 174
high
high 1,069
medium
medium 2,083
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- mbed_tls 15
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31388 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Pauple Table & Contact Form 7 Database – Tablesome.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.25. | |||
| CVE-2024-31385 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. | |||
| CVE-2024-31384 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Spa and Salon.This issue affects Spa and Salon: from n/a through 1.2.7. | |||
| CVE-2024-31383 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Pagelayer PopularFX.This issue affects PopularFX: from n/a through 1.2.4. | |||
| CVE-2024-31381 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in RebelCode Spotlight Social Media Feeds.This issue affects Spotlight Social Media Feeds: from n/a through 1.6.10. | |||
| CVE-2024-31379 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through 4.2.1. | |||
| CVE-2024-30546 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Login With Ajax.This issue affects Login With Ajax: from n/a through 4.1. | |||
| CVE-2024-31940 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in RedNao Extra Product Options Builder for WooCommerce.This issue affects Extra Product Options Builder for WooCommerce: from n/a through 1.2.104. | |||
| CVE-2024-31938 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Themeinwp NewsXpress.This issue affects NewsXpress: from n/a through 1.0.7. | |||
| CVE-2024-31923 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page.This issue affects Feather Login Page: from n/a through 1.1.5. | |||
| CVE-2024-31922 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Anton Aleksandrov WordPress Hosting Benchmark tool.This issue affects WordPress Hosting Benchmark tool: from n/a through 1.3.6. | |||
| CVE-2024-31921 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through 5.2.15. | |||
| CVE-2024-31920 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Currency per Product for WooCommerce.This issue affects Currency per Product for WooCommerce: from n/a through 1.6.0. | |||
| CVE-2024-31431 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0. | |||
| CVE-2024-31428 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme The Conference.This issue affects The Conference: from n/a through 1.2.0. | |||
| CVE-2024-31427 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Marker.Io Marker.Io.This issue affects Marker.Io : from n/a through 1.1.8. | |||
| CVE-2024-31426 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Data443 Inline Related Posts.This issue affects Inline Related Posts: from n/a through 3.3.1. | |||
| CVE-2024-31422 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Philippe Bernard Favicon.This issue affects Favicon: from n/a through 1.3.29. | |||
| CVE-2024-32437 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in impleCode eCommerce Product Catalog.This issue affects eCommerce Product Catalog: from n/a through 3.3.28. | |||
| CVE-2024-32436 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift Vouchers.This issue affects Gift Vouchers: from n/a through 4.4.0. | |||
| CVE-2024-32434 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce.This issue affects Order Delivery Date for WooCommerce: from n/a through 3.20.2. | |||
| CVE-2024-32104 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.18.1. | |||
| CVE-2024-32102 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Scott Kingsley Clark Crony Cronjob Manager.This issue affects Crony Cronjob Manager: from n/a through 0.5.0. | |||
| CVE-2024-32099 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in James Ward WP Mail Catcher.This issue affects WP Mail Catcher: from n/a through 2.1.6. | |||
| CVE-2024-32095 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in MultiParcels MultiParcels Shipping For WooCommerce.This issue affects MultiParcels Shipping For WooCommerce: from n/a before 1.16.9. | |||
| CVE-2024-32094 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in ChurchThemes Church Content – Sermons, Events and More.This issue affects Church Content – Sermons, Events and More: from n/a through 2.6. | |||
| CVE-2024-32089 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. | |||
| CVE-2024-32088 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance M… | |||
| CVE-2024-32084 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Gold Plugins Before And After.This issue affects Before And After: from n/a through 3.9. | |||
| CVE-2024-32451 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages.This issue affects Legal Pages: from n/a through 1.4.2. | |||
| CVE-2024-32450 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team WpTravelly.This issue affects WpTravelly: from n/a through 1.6.0. | |||
| CVE-2024-32448 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in VideoYield.Com Ads.Txt Admin.This issue affects Ads.Txt Admin: from n/a through 1.3. | |||
| CVE-2024-32447 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1. | |||
| CVE-2024-31364 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.… | |||
| CVE-2024-31360 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Coded Commerce, LLC Benchmark Email Lite.This issue affects Benchmark Email Lite: from n/a through 4.1. | |||
| CVE-2024-31354 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | |||
| CVE-2024-31305 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in rtCamp Transcoder.This issue affects Transcoder: from n/a through 1.3.5. | |||
| CVE-2024-31289 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Elementor Hello Elementor.This issue affects Hello Elementor: from n/a through 3.0.0. | |||
| CVE-2024-31271 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16. | |||
| CVE-2024-31251 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1. | |||
| CVE-2024-31250 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3. | |||
| CVE-2024-31239 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3. | |||
| CVE-2024-31235 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5. | |||
| CVE-2024-31372 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1. | |||
| CVE-2024-31371 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6. | |||
| CVE-2024-32105 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.… | |||
| CVE-2024-32109 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a throug… | |||
| CVE-2024-32108 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Convert Post Types.This issue affects Convert Post Types: from n/a through 1.4. | |||
| CVE-2024-32107 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. | |||
| CVE-2024-31935 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6. | |||
| CVE-2024-31934 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.9. | |||
| CVE-2024-32112 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Leadinfo leadinfo. The patch was released under the same version which was reported as vulnerable. We consider the current version as vulnerable.Thi… | |||
| CVE-2024-25908 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | |||
| CVE-2024-24883 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10. | |||
| CVE-2024-31939 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3. | |||
| CVE-2024-31386 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Em… | |||
| CVE-2024-31944 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/… | |||
| CVE-2024-31943 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2. | |||
| CVE-2024-22155 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2. | |||
| CVE-2024-29225 | medium | 4.3 | 4.3 | 2y ago | ELECOM wireless LAN routers allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request. | |||
| CVE-2024-31096 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate.This issue affects Nictitate: from n/a through 1.1.4. | |||
| CVE-2024-30541 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Optimize.This issue affects LWS Optimize: from n/a through 1.9.1. | |||
| CVE-2024-30536 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Slugs Manager.This issue affects Slugs Manager: from n/a through 2.6.7. | |||
| CVE-2024-30526 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through 6.5.6. | |||
| CVE-2024-30468 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in All In One WP Security & Firewall Team All In One WP Security & Firewall.This issue affects All In One WP Security & Firewall: from n/a through 5.2.… | |||
| CVE-2024-30460 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Tumult Inc Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.11. | |||
| CVE-2024-30455 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 6.8.5. | |||
| CVE-2024-30518 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0. | |||
| CVE-2024-30492 | medium | 4.3 | 4.3 | 2y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a thro… | |||
| CVE-2024-30421 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1. | |||
| CVE-2024-28004 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248. | |||
| CVE-2024-2951 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.3.0.0. | |||
| CVE-2024-24719 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9. | |||
| CVE-2024-24711 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | |||
| CVE-2024-23520 | medium | 4.3 | 4.3 | 2y ago | Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0. | |||
| CVE-2024-24708 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19. | |||
| CVE-2024-24837 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG P… | |||
| CVE-2024-24706 | medium | 4.3 | 4.3 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8. | |||
| CVE-2024-0456 | medium | 4.3 | 4.3 | 2y ago | An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that t… | |||
| CVE-2024-47263 | medium | 4.1 | 4.1 | 2d ago | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenti… | |||
| CVE-2024-56275 | medium | 4.1 | 4.1 | 1y ago | Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14. | |||
| CVE-2024-32078 | medium | 4.1 | 4.1 | 2y ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212. | |||
| CVE-2024-2097 | medium | — | — | 2y ago | RHSA-2024:1141: mysql security update (Moderate) |