Total
6073 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32092 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Bester Kimili Flash Embed.This issue affects Kimili Flash Embed: from n/a through 2.5.3. | |||||
| CVE-2024-32091 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slider.This issue affects Sangar Slider: from n/a through 1.3.2. | |||||
| CVE-2024-32090 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27. | |||||
| CVE-2024-32089 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. | |||||
| CVE-2024-32088 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.15.20. | |||||
| CVE-2024-32085 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0. | |||||
| CVE-2024-32084 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Gold Plugins Before And After.This issue affects Before And After: from n/a through 3.9. | |||||
| CVE-2024-32082 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in kp4coder Sync Post With Other Site allows Cross-Site Scripting (XSS).This issue affects Sync Post With Other Site: from n/a through 1.5.1. | |||||
| CVE-2024-31988 | 2024-11-21 | N/A | 9.6 CRITICAL | ||
| XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the attacker can get the admin to execute arbitrary XWiki syntax including scripting macros with Groovy or Python code. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9. As a workaround, one may update `RTFrontend.ConvertHTML` manually with the patch. This will, however, break some synchronization processes in the realtime editor, so upgrading should be the preferred way on installations where this editor is used. | |||||
| CVE-2024-31986 | 2024-11-21 | N/A | 9.0 CRITICAL | ||
| XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page. | |||||
| CVE-2024-31985 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, manually apply the patch by modifying the `Scheduler.WebHome` page. | |||||
| CVE-2024-31944 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4. | |||||
| CVE-2024-31943 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2. | |||||
| CVE-2024-31942 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.2. | |||||
| CVE-2024-31941 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Media Player.This issue affects CP Media Player: from n/a through 1.1.3. | |||||
| CVE-2024-31940 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in RedNao Extra Product Options Builder for WooCommerce.This issue affects Extra Product Options Builder for WooCommerce: from n/a through 1.2.104. | |||||
| CVE-2024-31939 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3. | |||||
| CVE-2024-31938 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Themeinwp NewsXpress.This issue affects NewsXpress: from n/a through 1.0.7. | |||||
| CVE-2024-31936 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6. | |||||
| CVE-2024-31935 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6. | |||||