The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-37308 - The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escapin... read CVE-2024-37308
Published: June 13, 2024; 10:15:12 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-31378 - Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.1.
Published: April 15, 2024; 7:15:09 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-8787 - The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This mak... read CVE-2024-8787
Published: October 15, 2024; 10:15:06 PM -0400V3.1: 6.1 MEDIUM
-
CVE-2024-7624 - The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access... read CVE-2024-7624
Published: August 14, 2024; 11:15:05 PM -0400 -
CVE-2024-7356 - The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. This makes it possi... read CVE-2024-7356
Published: August 03, 2024; 6:15:51 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-1860 - The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in ... read CVE-2024-1860
Published: February 28, 2024; 5:15:09 AM -0500V3.1: 5.3 MEDIUM
-
CVE-2018-19873 - An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
Published: December 26, 2018; 4:29:02 PM -0500V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
-
CVE-2024-1516 - The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and including, 3.15.1. This makes it possible for unauthenti... read CVE-2024-1516
Published: February 28, 2024; 4:15:43 AM -0500 -
CVE-2025-24596 - Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.8.7.
Published: January 24, 2025; 1:15:36 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2025-24644 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Stored XSS. This issue affects WooCommerce PDF Invoi... read CVE-2025-24644
Published: January 24, 2025; 1:15:38 PM -0500V3.1: 4.8 MEDIUM
-
CVE-2025-0803 - A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/submit_plan_new.php. The manipulation of the argument planid... read CVE-2025-0803
Published: January 28, 2025; 9:15:27 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2025-0806 - A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as problematic. This issue affects some unknown processing of the file _call_job_search_ajax.php. The manipulation of the argument job_type leads to cross site scrip... read CVE-2025-0806
Published: January 28, 2025; 10:15:06 PM -0500V3.1: 6.1 MEDIUM
-
CVE-2024-1368 - The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_dat_page() function in all versions up to, and including, 0.1.1. This makes it possible for unauthentica... read CVE-2024-1368
Published: February 28, 2024; 4:15:42 AM -0500 -
CVE-2022-21882 - Win32k Elevation of Privilege Vulnerability
Published: January 11, 2022; 4:15:11 PM -0500 -
CVE-2025-24598 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.17.0.
Published: February 04, 2025; 10:15:23 AM -0500V3.1: 6.1 MEDIUM
-
CVE-2025-24559 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.15.0.
Published: February 03, 2025; 10:15:25 AM -0500V3.1: 6.1 MEDIUM
-
CVE-2025-22303 - Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0.
Published: January 07, 2025; 6:15:14 AM -0500V3.1: 7.5 HIGH
-
CVE-2025-21408 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Published: February 06, 2025; 6:15:09 PM -0500V3.1: 8.8 HIGH
-
CVE-2024-49311 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Stored XSS.This issue affects Edwiser Bridge: from n/a through 3.0.7.
Published: October 17, 2024; 3:15:24 PM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-49312 - Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.7.
Published: October 17, 2024; 2:15:14 PM -0400V3.1: 8.6 HIGH