Lista CVE - 2024 / Marzo
Visualizzazione 3101 - 3200 di 3299 CVE per Marzo 2024 (Pagina 32 di 33)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-1872 | 2024-03-29 | The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.28 via deserialization of untrusted input in the button_shortcode function. This makes... |
| CVE-2024-0956 | 2024-03-29 | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter... |
| CVE-2024-2280 | 2024-03-29 | The Better Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget link URL values in all versions up to, and including, 1.4.1 due to insufficient... |
| CVE-2024-2250 | 2024-03-29 | The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including,... |
| CVE-2024-2409 | 2024-03-29 | The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function... |
| CVE-2024-2411 | 2024-03-29 | The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated... |
| CVE-2023-52629 | 2024-03-29 | sh: push-switch: Reorder cleanup operations to avoid use-after-free bug |
| CVE-2024-3061 | 2024-03-29 | The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the 'type' parameter. This... |
| CVE-2024-2848 | 2024-03-29 | The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2.... |
| CVE-2024-23449 | 2024-03-29 | Elasticsearch Uncaught Exception |
| CVE-2023-6047 | 2024-03-29 | Reflected XSS in Algoritim E-commerce Software |
| CVE-2023-6191 | 2024-03-29 | SQLi in WebPDKS |
| CVE-2024-3078 | 2024-03-29 | Qdrant Full Snapshot REST API snapshots.rs path traversal |
| CVE-2024-30520 | 2024-03-29 | WordPress Carousel Anything For WPBakery Page Builder plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30519 | 2024-03-29 | WordPress Lordicon Animated Icons plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30503 | 2024-03-29 | WordPress Mailster plugin <= 4.0.6 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30483 | 2024-03-29 | WordPress Sponsors plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30458 | 2024-03-29 | WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30457 | 2024-03-29 | WordPress MDTF plugin <= 1.3.3.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30456 | 2024-03-29 | WordPress WPCS – WordPress Currency Switcher Professional plugin <=1.2.0.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2022-47153 | 2024-03-29 | WordPress Jobeleon theme <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30423 | 2024-03-29 | WordPress Better Elementor Addons plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30425 | 2024-03-29 | WordPress Beaver Builder – WordPress Page Builder plugin <= 2.7.4.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30426 | 2024-03-29 | WordPress Hash Elements plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30427 | 2024-03-29 | WordPress Spiffy Calendar plugin <= 4.9.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30428 | 2024-03-29 | WordPress Contest Gallery plugin <= 21.3.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30429 | 2024-03-29 | WordPress wp-forecast plugin <= 9.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30430 | 2024-03-29 | WordPress FluentCRM plugin <= 2.8.44 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30500 | 2024-03-29 | WordPress CubeWP plugin <= 1.1.12 - Arbitrary File Upload vulnerability |
| CVE-2024-30510 | 2024-03-29 | WordPress Salon booking system plugin <= 9.5 - Arbitrary File Upload vulnerability |
| CVE-2024-30478 | 2024-03-29 | WordPress Announcement & Notification Banner – Bulletin plugin <= 3.8.5 - SQL Injection vulnerability |
| CVE-2024-30486 | 2024-03-29 | WordPress Media Library Folders plugin <= 8.1.7 - Auth. SQL Injection vulnerability |
| CVE-2024-30487 | 2024-03-29 | WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.1 - Broken Access Control vulnerability |
| CVE-2024-30488 | 2024-03-29 | WordPress Zotpress plugin <= 7.3.7 - SQL Injection vulnerability |
| CVE-2024-30490 | 2024-03-29 | WordPress ProfileGrid plugin <= 5.7.8 - SQL Injection vulnerability |
| CVE-2024-30491 | 2024-03-29 | WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.8 - SQL Injection vulnerability |
| CVE-2024-30493 | 2024-03-29 | WordPress Church Admin plugin <= 4.1.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30494 | 2024-03-29 | WordPress OSS Aliyun plugin <= 1.4.10 - SQL Injection vulnerability |
| CVE-2024-30495 | 2024-03-29 | WordPress Falang multilanguage for WordPress plugin <= 1.3.47 - SQL Injection vulnerability |
| CVE-2024-30496 | 2024-03-29 | WordPress Element Pack Lite plugin <= 5.5.3 - SQL Injection vulnerability |
| CVE-2024-30497 | 2024-03-29 | WordPress WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.17 - SQL Injection vulnerability |
| CVE-2024-30498 | 2024-03-29 | WordPress CRM Perks Forms plugin <= 1.1.4 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-30499 | 2024-03-29 | WordPress CRM Perks Forms plugin <= 1.1.4 - SQL Injection vulnerability |
| CVE-2024-30501 | 2024-03-29 | WordPress Download Monitor theme <= 4.9.4 - Auth. SQL Injection vulnerability |
| CVE-2024-30502 | 2024-03-29 | WordPress WP Travel Engine plugin <= 5.7.9 - Unauth. Blind SQL Injection vulnerability |
| CVE-2024-30504 | 2024-03-29 | WordPress WP Travel Engine plugin <= 5.7.9 - SQL Injection vulnerability |
| CVE-2024-30505 | 2024-03-29 | WordPress Church Admin plugin <= 4.1.18 - Broken Access Control vulnerability |
| CVE-2024-30506 | 2024-03-29 | WordPress All In One Redirection plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30507 | 2024-03-29 | WordPress Molongui Authorship plugin <= 4.7.7 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-30508 | 2024-03-29 | WordPress WP Hotel Booking plugin <= 2.0.9.2 - Broken Access Control vulnerability |
| CVE-2024-28867 | 2024-03-29 | Swift Prometheus un-sanitized metric name or labels can be used to take over exported metrics |
| CVE-2024-3081 | 2024-03-29 | EasyCorp EasyAdmin Autocomplete autocomplete.js cross site scripting |
| CVE-2024-23539 | 2024-03-29 | Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries. |
| CVE-2024-23538 | 2024-03-29 | Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries. |
| CVE-2024-23537 | 2024-03-29 | Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any role. |
| CVE-2024-29024 | 2024-03-29 | JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality |
| CVE-2024-29020 | 2024-03-29 | JumpServer allows nn authorized attacker to get sensitive information in playbook files when playbook_id is leaked |
| CVE-2024-29201 | 2024-03-29 | JumpServer's insecure Ansible playbook validation leads to RCE in Celery |
| CVE-2024-29202 | 2024-03-29 | JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery |
| CVE-2024-29890 | 2024-03-29 | Remote code execution in datalens-ui |
| CVE-2024-29893 | 2024-03-29 | Uncontrolled Resource Consumption vulnerability in ArgoCD's repo server |
| CVE-2024-29900 | 2024-03-29 | @electron/packager's build process memory potentially leaked into final executable |
| CVE-2024-29901 | 2024-03-29 | @workos-inc/authkit-nextjs session replay vulnerability |
| CVE-2024-29904 | 2024-03-29 | CodeIgniter4 Language class DoS Vulnerability |
| CVE-2024-30492 | 2024-03-29 | WordPress Export and Import Users and Customers plugin <= 2.5.2 - Path Traversal vulnerability |
| CVE-2024-30514 | 2024-03-29 | WordPress Paid Memberships Pro – Payfast Gateway Add On plugin <= 1.4.1 - Sensitive Data Exposure via Log File vulnerability |
| CVE-2024-30511 | 2024-03-29 | WordPress FG PrestaShop to WooCommerce plugin <= 4.45.1 - Sensitive Data Exposure via Log File vulnerability |
| CVE-2024-30469 | 2024-03-29 | WordPress Wholesale For WooCommerce plugin <= 2.3.0 - Unauthenticated Sensitive Data Exposure vulnerability |
| CVE-2024-30513 | 2024-03-29 | WordPress ProfileGrid plugin <= 5.7.2 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-30246 | 2024-03-29 | Tuleap deleting or moving an artifact can delete values from unrelated artifacts |
| CVE-2024-30521 | 2024-03-29 | WordPress Landingi Landing Pages plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30518 | 2024-03-29 | WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30247 | 2024-03-29 | Command Injection as root in NextCloudPi web panel |
| CVE-2024-30482 | 2024-03-29 | WordPress Simple Revisions Delete plugin <= 1.5.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30477 | 2024-03-29 | WordPress Klarna Payments for WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability |
| CVE-2024-30468 | 2024-03-29 | WordPress All-In-One Security (AIOS) – Security and Firewall plugin <= 5.2.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30463 | 2024-03-29 | WordPress BEAR plugin <= 1.1.4.3 - Broken Access Control vulnerability |
| CVE-2024-30462 | 2024-03-29 | WordPress HUSKY plugin <= 1.3.5.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-25944 | 2024-03-29 | Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the... |
| CVE-2024-30454 | 2024-03-29 | WordPress WP SMS plugin <= 6.6.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30460 | 2024-03-29 | WordPress Tumult Hype Animations plugin <= 1.9.11 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30455 | 2024-03-29 | WordPress GamiPress plugin <= 6.8.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-30453 | 2024-03-29 | WordPress Brave plugin <= 0.6.5 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-30452 | 2024-03-29 | WordPress Landing Page Builder plugin <= 1.5.1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30451 | 2024-03-29 | WordPress Geo Controller plugin <= 8.6.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30450 | 2024-03-29 | WordPress OpenStreetMap for Gutenberg and WPBakery Page Builder plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30449 | 2024-03-29 | WordPress Booking Activities plugin <= 1.15.19 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30448 | 2024-03-29 | WordPress Slider by Supsystic plugin <= 1.8.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-3094 | 2024-03-29 | Xz: malicious code in distributed source |
| CVE-2024-30447 | 2024-03-29 | WordPress Creative Image Slider plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30446 | 2024-03-29 | WordPress CRM Perks Forms plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30445 | 2024-03-29 | WordPress Web Icons plugin <= 1.0.0.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30444 | 2024-03-29 | WordPress WordPress Page Builder – Zion Builder plugin <= 3.6.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30443 | 2024-03-29 | WordPress GS Testimonial Slider plugin <= 3.1.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30442 | 2024-03-29 | WordPress Bold Page Builder plugin <= 4.8.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30441 | 2024-03-29 | WordPress Combo Blocks plugin <= 2.2.74 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30440 | 2024-03-29 | WordPress Themify Event Post plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30439 | 2024-03-29 | WordPress Limit Attempts by BestWebSoft plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30438 | 2024-03-29 | WordPress Print Page block plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-30437 | 2024-03-29 | WordPress Webinar and Video Conference with Jitsi Meet plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability |