Export limit exceeded: 10506 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10506 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31086 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change default login logo,url and title allows Cross-Site Scripting (XSS).This issue affects Change default login logo,url and title: from n/a through 2.0. | ||||
| CVE-2024-30546 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Login With Ajax.This issue affects Login With Ajax: from n/a through 4.1. | ||||
| CVE-2024-30541 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Optimize.This issue affects LWS Optimize: from n/a through 1.9.1. | ||||
| CVE-2024-30521 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Landingi Landingi Landing Pages.This issue affects Landingi Landing Pages: from n/a through 3.1.1. | ||||
| CVE-2024-30505 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18. | ||||
| CVE-2024-30421 | 2 Pixelite, Wordpress | 2 Events Manager, Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1. | ||||
| CVE-2024-2904 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33. | ||||
| CVE-2024-29774 | 2 Wordpress, Wpdirectorykit | 2 Wordpress, Wp Directory Kit | 2024-11-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.This issue affects WP Directory Kit: from n/a through 1.2.9. | ||||
| CVE-2024-27955 | 2 Wordpress, Wp Automatic | 2 Wordpress, Automatic | 2024-11-21 | 8.3 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0. | ||||
| CVE-2024-25927 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0. | ||||
| CVE-2024-25922 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9. | ||||
| CVE-2024-25915 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2. | ||||
| CVE-2024-25908 | 2 Joomunited, Wordpress | 2 Wp Media Folder, Wordpress | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | ||||
| CVE-2024-25907 | 2 Joomunited, Wordpress | 2 Wp Media Folder, Wordpress | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | ||||
| CVE-2024-25902 | 2 Miniorange, Wordpress | 2 Malware Scanner, Wordpress | 2024-11-21 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2. | ||||
| CVE-2024-24805 | 2 Deepak Anand, Wordpress | 2 Wp Dummy Content Generator, Wordpress | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2. | ||||
| CVE-2024-24719 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9. | ||||
| CVE-2024-24705 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6. | ||||
| CVE-2024-1566 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 6.5 Medium |
| The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could lead to undesired redirection to phishing sites or malicious web pages. | ||||
| CVE-2024-1340 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.4 Medium |
| The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and higher, to export this plugin's settings that include whitelisted IP addresses as well as a global unlock key. With the global unlock key an attacker can add their IP address to the whitelist. | ||||