CVEs from 2024
Total
6,622
critical
critical 169
high
high 1,066
medium
medium 2,079
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- propertyhive 5
- glibc 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-30478 | high | 7.2 | 7.2 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bulletin WordPress Announcement & Notification Banner Plugin – Bulletin.This issue affects WordPr… | |||
| CVE-2024-29100 | high | 7.2 | 7.2 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4. | |||
| CVE-2024-30231 | high | 7.2 | 7.2 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1. | |||
| CVE-2024-25902 | high | 7.2 | 7.2 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2. | |||
| CVE-2024-24714 | high | 7.2 | 7.2 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.This issue affects Icons Font Loader: from n/a through 1.1.4. | |||
| CVE-2024-22147 | high | 7.2 | 7.2 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packi… | |||
| CVE-2024-22152 | high | 7.2 | 7.2 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7. | |||
| CVE-2024-22135 | high | 7.2 | 7.2 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through… | |||
| CVE-2024-58014 | high | 7.1 | 7.1 | 7mo ago | Moderate: kernel security update | |||
| CVE-2024-50301 | high | 7.1 | 7.1 | 8mo ago | Moderate: kernel security update | |||
| CVE-2024-57929 | high | 7.1 | 7.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum… | |||
| CVE-2024-42094 | high | 7.1 | 7.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net/iucv: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask var… | |||
| CVE-2024-35967 | high | 7.1 | 7.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix not validating setsockopt user input syzbot reported sco_sock_setsockopt() is copying data without checking u… | |||
| CVE-2024-35966 | high | 7.1 | 7.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input syzbot reported rfcomm_sock_setsockopt_old() is copying data without … | |||
| CVE-2024-50033 | high | 7.1 | 7.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against mal… | |||
| CVE-2024-46743 | high | 7.1 | 7.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address … | |||
| CVE-2024-50035 | high | 7.1 | 7.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is c… | |||
| CVE-2024-35965 | high | 7.1 | 7.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data. | |||
| CVE-2024-42292 | high | 7.1 | 7.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: kobject_uevent: Fix OOB access within zap_modalias_env() zap_modalias_env() wrongly calculates size of memory block to move, so w… | |||
| CVE-2024-49300 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affec… | |||
| CVE-2024-57945 | high | 7.1 | 7.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as… | |||
| CVE-2024-56014 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markyis Cool Olivia allows Reflected XSS.This issue affects Olivia: from n/a through 0.9.5. | |||
| CVE-2024-56026 | high | 7.1 | 7.1 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg – SiteOrigin Simple Proxy simple-proxy allows Reflected XSS.This issue affects Simple Proxy:… | |||
| CVE-2024-12582 | high | 7.1 | 7.1 | 2y ago | A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud en… | |||
| CVE-2024-56017 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Registration Spam allows Stored XSS.This issue affects Stop Registration Spam: from n/a through 1.23. | |||
| CVE-2024-54257 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molefed allows Reflected XSS.This issue affects tydskrif: from n/a through 1.1.3. | |||
| CVE-2024-54249 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jules Colle Advanced Options Editor allows Reflected XSS.This issue affects Advanced Options Edit… | |||
| CVE-2024-56015 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in John Godley Tidy Up allows Reflected XSS.This issue affects Tidy Up: from n/a through 1.3. | |||
| CVE-2024-53821 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Genetech Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from … | |||
| CVE-2024-52452 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1. | |||
| CVE-2024-53750 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2. | |||
| CVE-2024-38635 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 whi… | |||
| CVE-2024-10676 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wojciechborowicz Conversion Helper conversion-helper allows Reflected XSS.This issue affects Conv… | |||
| CVE-2024-49678 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jinwen js allows Reflected XSS.This issue affects js paper: from n/a through 2.5.7. | |||
| CVE-2024-49900 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of new_ea in ea_buffer syzbot reports that lzo1x_1_do_compress is using uninit-value: =============… | |||
| CVE-2024-47723 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG() and diAlloc() In dbNextAG() , there is no check for the case where bmp->db_numag is greater … | |||
| CVE-2024-49248 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spacetime Ad Inserter ad-inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a t… | |||
| CVE-2024-49316 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zodiac Akismet htaccess writer akismet-htaccess-writer allows Reflected XSS.This issue affects Ak… | |||
| CVE-2024-44029 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in David Garlitz viala allows Reflected XSS.This issue affects viala: from n/a through 1.3.1. | |||
| CVE-2024-46865 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be … | |||
| CVE-2024-46854 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be… | |||
| CVE-2024-35896 | high | 7.1 | 7.1 | 2y ago | Important: kernel security update | |||
| CVE-2024-40978 | high | 7.1 | 7.1 | 2y ago | Important: kernel security update | |||
| CVE-2024-26982 | high | 7.1 | 7.1 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-38659 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of… | |||
| CVE-2024-38381 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses recei… | |||
| CVE-2024-38599 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no large… | |||
| CVE-2024-38560 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from users… | |||
| CVE-2024-36916 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg->delay is shifted righ… | |||
| CVE-2024-35849 | high | 7.1 | 7.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for in btrfs_ioctl_log… | |||
| CVE-2024-4747 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Propovoice Propovoice CRM allows Stored XSS.This issue affects Propovoice CRM: from n/a through 1… | |||
| CVE-2024-34818 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This issue affects WebinarPress: from n/a through 1.33.17. | |||
| CVE-2024-34431 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-etracker WP etracker allows Reflected XSS.This issue affects WP etracker: from n/a through 1.0… | |||
| CVE-2024-34369 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n… | |||
| CVE-2024-34367 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2. | |||
| CVE-2024-33924 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Realtyna Realtyna Organic IDX plugin allows Reflected XSS.This issue affects Realtyna Organic IDX… | |||
| CVE-2024-33946 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPify s.R.O. WPify Woo Czech allows Reflected XSS.This issue affects WPify Woo Czech: from n/a th… | |||
| CVE-2024-33681 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting (XSS).This issue affects Regenerate post permalink: from n/a through 1.0.3. | |||
| CVE-2024-33562 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5. | |||
| CVE-2024-33548 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team WZone allows Reflected XSS.This issue affects WZone: from n/a through 14.0.10. | |||
| CVE-2024-33646 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting (XSS).This issue affects Sticky Anything: from n/a through 2.1.5. | |||
| CVE-2024-33645 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eftakhairul Islam & Sirajus Salayhin Easy Set Favicon allows Reflected XSS.This issue affects Eas… | |||
| CVE-2024-33633 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons F… | |||
| CVE-2024-4077 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign allows Reflected XSS.This issue affects UDesign: from n/a through 4.7.3. | |||
| CVE-2024-32958 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannidis Slash Admin allows Cross-Site Scripting (XSS).This issue affects Slash Admin: from n/a through 3.8.1. | |||
| CVE-2024-32789 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross-Site Scripting (XSS).This issue affects Seers: from n/a through 8.1.0. | |||
| CVE-2024-32952 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BloomPixel Max Addons Pro for Bricks allows Reflected XSS.This issue affects Max Addons Pro for B… | |||
| CVE-2024-32950 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeBAAT WP Media Category Management allows Reflected XSS.This issue affects WP Media Category Man… | |||
| CVE-2024-32695 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.This issue affects Language Switc… | |||
| CVE-2024-32694 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plu… | |||
| CVE-2024-32582 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager allows Stored XSS.This issue affects Debug Log Manager: from n/a through 2… | |||
| CVE-2024-32574 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Reflected XSS.This issue affects WP Simple HTML Sitema… | |||
| CVE-2024-32570 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Archetyped Cornerstone allows Reflected XSS.This issue affects Cornerstone: from n/a through 0.8.… | |||
| CVE-2024-32563 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VikBooking Hotel Booking Engine & PMS allows Reflected XSS.This issue affects VikBooking Hotel Bo… | |||
| CVE-2024-32559 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hwk-fr WP 404 Auto Redirect to Similar Post allows Reflected XSS.This issue affects WP 404 Auto R… | |||
| CVE-2024-32558 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog allows Reflected XSS.This issue affects eCommerce Product Cat… | |||
| CVE-2024-32595 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mat Bao Corp WP Helper Premium allows Reflected XSS.This issue affects WP Helper Premium: from n/… | |||
| CVE-2024-32588 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Impo… | |||
| CVE-2024-32531 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Everest themes GuCherry Blog allows Reflected XSS.This issue affects GuCherry Blog: from n/a thro… | |||
| CVE-2024-32528 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seerox WP Dynamic Keywords Injector allows Reflected XSS.This issue affects WP Dynamic Keywords I… | |||
| CVE-2024-32510 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Loopus WP Cost Estimation & Payment Forms Builder allows Reflected XSS.This issue affects WP Cost… | |||
| CVE-2024-32546 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam Bowen Tax Rate Upload allows Reflected XSS.This issue affects Tax Rate Upload: from n/a thro… | |||
| CVE-2024-32545 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Canva Canva – Design beautiful blog graphics allows Reflected XSS.This issue affects Canva – Desi… | |||
| CVE-2024-32544 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through 2.8. | |||
| CVE-2024-32543 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Minoji MJ Update History allows Reflected XSS.This issue affects MJ Update History: from n/a thro… | |||
| CVE-2024-32542 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Organic Themes Bulk Block Converter allows Reflected XSS.This issue affects Bulk Block Converter:… | |||
| CVE-2024-32541 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tobias Battenberg WP-Cufon allows Stored XSS.This issue affects WP-Cufon: from n/a through 1.6.10. | |||
| CVE-2024-32535 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jojaba Access Category Password allows Reflected XSS.This issue affects Access Category Password:… | |||
| CVE-2024-32533 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Shaw LH Add Media From Url allows Reflected XSS.This issue affects LH Add Media From Url: f… | |||
| CVE-2024-32550 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in BMI Adult & Kid Calculator allows Stored XSS.This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.1. | |||
| CVE-2024-32549 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Microkid Related Posts for WordPress allows Cross-Site Scripting (XSS).This issue affects Related Posts for WordPress: from n/a through 4.0.3. | |||
| CVE-2024-31093 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Kaloyan K. Tsvetkov Broken Images allows Cross-Site Scripting (XSS).This issue affects Broken Images: from n/a through 0.2. | |||
| CVE-2024-31086 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change default login logo,url and title allows Cross-Site Scripting (XSS).This issue affects Change default login logo,url and title: from… | |||
| CVE-2024-30545 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Nick Powers Social Author Bio allows Stored XSS.This issue affects Social Author Bio: from n/a through 2.4. | |||
| CVE-2024-31285 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3. | |||
| CVE-2024-27992 | high | 7.1 | 7.1 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.This issue affects Link Whisper Free: from n/… | |||
| CVE-2024-31299 | high | 7.1 | 7.1 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.… | |||
| CVE-2024-31367 | high | 7.1 | 7.1 | 2y ago | Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2. | |||
| CVE-2024-31366 | high | 7.1 | 7.1 | 2y ago | Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8. | |||
| CVE-2024-31291 | high | 7.1 | 7.1 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6. |