Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-9290 The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migr... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-10590 The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This ma... | 8.8 | HIGH | — | 0 |
| CVE-2024-10910 The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5. Th... | 7.3 | HIGH | — | 0 |
| CVE-2024-11459 The Country Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and out... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-11709 The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ai_post_generator_delete_Post AJAX action in all ver... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-11723 The kvCORE IDX plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter on pages with the kvcoreidx_listings_sitemap_ranges, kvcoreidx_listings_sitemap_page, kvcoreidx_ag... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-11750 The ONLYOFFICE DocSpace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice-docspace' shortcode in all versions up to, and including, 2.1.1 due to insufficie... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11804 The Planaday API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 11.4 due to insufficient input sanitization and outp... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-11875 The Add infos to the events calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fuss' shortcode in all versions up to, and including, 1.4.1 due to insufficient... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11891 The Perfect Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfai' shortcode in all versions up to, and including, 2.3 due to insufficient i... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12156 The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.3... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-12162 The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to insuffici... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-10124 The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-11359 The Library Bookshelves plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includin... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-11757 The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode in all versions up to, and including, 1.9.0.1 due to insufficient input sanit... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11765 The WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_portfol... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11766 The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_book_showcase' shortc... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11781 The Smart Agenda – Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartagenda' shortcode in all versions up to, and including, 4.6 du... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11785 The Integrate Firebase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'firebase_show' shortcode in all versions up to, and including, 0.9.3 due to insufficient inpu... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11871 The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode in all versions up to, and including, 1.3.0 due to insufficient input... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-11882 The FAQ And Answers – Create Frequently Asked Questions Area on WP Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'faq' shortcode in all versions up to, and i... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12018 The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as auth... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-12040 The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wc... | 8.8 | HIGH | — | 0 |
| CVE-2024-12172 The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the w... | 7.5 | HIGH | — | 0 |
| CVE-2024-12263 The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-12265 The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint i... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-11727 The NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Sc... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-12312 The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-p... | 8.1 | HIGH | — | 0 |
| CVE-2024-11760 The Currency Converter Widget ⚡ PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including, 1... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-12160 The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versi... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-12333 The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does n... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-12401 A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the ce... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-21574 The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This a... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-54104 Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 6.2 | MEDIUM | — | 0 |
| CVE-2024-54105 Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | 5.1 | MEDIUM | — | 0 |
| CVE-2024-54106 Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | 7.1 | HIGH | — | 0 |
| CVE-2024-54111 Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | 5.7 | MEDIUM | — | 0 |
| CVE-2024-54114 Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. | 4.4 | MEDIUM | — | 0 |
| CVE-2024-54115 Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-54116 Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-54117 Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 6.2 | MEDIUM | — | 0 |
| CVE-2021-32007 This issue affects: Secomea GateManager Version 9.5 and all prior versions. Protection Mechanism Failure vulnerability in web server of Secomea GateManager to potentially leak information to remote se... | 3.5 | LOW | — | 0 |
| CVE-2024-12271 The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization ... | 4.4 | MEDIUM | — | 0 |
| CVE-2024-54118 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2024-21575 ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension ... | 8.6 | HIGH | — | 0 |
| CVE-2024-55875 http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML conten... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-55878 SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execu... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-55888 Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any c... | 7.1 | HIGH | — | 0 |
| CVE-2024-12212 The vulnerability occurs in the parsing of CSP files. The issues result from the lack of proper validation of user-supplied data, which could allow reading past the end of allocated data structures,... | 7.8 | HIGH | — | 0 |
| CVE-2024-9508 Horner Automation Cscape contains a memory corruption vulnerability, which could allow an attacker to disclose information and execute arbitrary code. | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.