NVD Vulnerability Information Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

Update Date:Jan. 10, 2025, 4:11 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
651 7.5 HIGH
Network
- - The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all version… New CWE-89
SQL Injection
CVE-2024-12157 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
652 6.1 MEDIUM
Network
- - The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includi… New CWE-79
Cross-site Scripting
CVE-2024-12153 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
653 4.3 MEDIUM
Network
- - The Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render… New CWE-200
Information Exposure
CVE-2024-12140 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
654 6.1 MEDIUM
Network
- - The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘google_error’ parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitizati… New CWE-79
Cross-site Scripting
CVE-2024-12126 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
655 6.1 MEDIUM
Network
- - The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_id’ parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and… New CWE-79
Cross-site Scripting
CVE-2024-12124 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
656 6.1 MEDIUM
Network
- - The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order', 'post', and 'idd' parameters in all versions up to, and including, 1.17.11 due to insufficient … New CWE-79
Cross-site Scripting
CVE-2024-12049 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
657 6.1 MEDIUM
Network
- - The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message_id' parameter in all versions up to, and including, 1.0.26 due to insufficient input… New CWE-79
Cross-site Scripting
CVE-2024-11810 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
658 6.1 MEDIUM
Network
- - The Financial Stocks & Crypto Market Data Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'e' parameter in all versions up to, and including, 1.10.3 due to insuffi… New CWE-79
Cross-site Scripting
CVE-2024-11690 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
659 6.5 MEDIUM
Network
- - The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including… New CWE-862
 Missing Authorization
CVE-2024-11496 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
660 7.2 HIGH
Network
- - The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo… New CWE-502
 Deserialization of Untrusted Data
CVE-2024-11465 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
661 6.4 MEDIUM
Network
- - The Image Magnify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_magnify' shortcode in all versions up to, and including, 1.1 due to insufficient input sani… New CWE-79
Cross-site Scripting
CVE-2024-11445 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
662 6.1 MEDIUM
Network
- - The WP – Bulk SMS – by SMS.to plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.12 due to insufficient input sani… New CWE-79
Cross-site Scripting
CVE-2024-11434 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
663 6.4 MEDIUM
Network
- - The CC Canadian Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cc-mortgage-canada' shortcode in all versions up to, and including, 2.1.0 due t… New CWE-79
Cross-site Scripting
CVE-2024-11383 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
664 6.4 MEDIUM
Network
- - The Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'commonninja' shortc… New CWE-79
Cross-site Scripting
CVE-2024-11382 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
665 6.1 MEDIUM
Network
- - The Bizapp for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'error' parameter in all versions up to, and including, 2.0.8 due to insufficient input sanitiz… New CWE-79
Cross-site Scripting
CVE-2024-11378 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
666 6.1 MEDIUM
Network
- - The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.7.0 due to insufficient input sa… New CWE-79
Cross-site Scripting
CVE-2024-11377 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
667 6.1 MEDIUM
Network
- - The WC1C plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.23.0. Thi… New CWE-79
Cross-site Scripting
CVE-2024-11375 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
668 6.1 MEDIUM
Network
- - The Same but Different – Related Posts by Taxonomy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping… New CWE-79
Cross-site Scripting
CVE-2024-11363 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
669 6.4 MEDIUM
Network
- - The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtm' and 'venue' parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitiz… New CWE-79
Cross-site Scripting
CVE-2024-11338 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
670 6.4 MEDIUM
Network
- - The Horoscope And Tarot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'divine_horoscope' shortcode in all versions up to, and including, 1.3.0 due to insufficient… New CWE-79
Cross-site Scripting
CVE-2024-11337 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
671 5.3 MEDIUM
Network
- - The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for un… New CWE-200
Information Exposure
CVE-2024-11290 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
672 3.1 LOW
Network
- - The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. Th… New CWE-862
 Missing Authorization
CVE-2024-10527 2025-01-7 14:15 2025-01-7 Show GitHub Exploit DB Packet Storm
673 6.4 MEDIUM
Network
- - The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization… New CWE-79
Cross-site Scripting
CVE-2024-12592 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
674 6.4 MEDIUM
Network
- - The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and ou… New CWE-79
Cross-site Scripting
CVE-2024-12590 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
675 5.3 MEDIUM
Network
- - The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in… New CWE-862
 Missing Authorization
CVE-2024-12559 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
676 6.1 MEDIUM
Network
- - The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.84. This is due to missing nonce validation on a function. This makes it… New CWE-352
 Origin Validation Error
CVE-2024-12557 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
677 5.4 MEDIUM
Network
- - The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on t… New CWE-352
 Origin Validation Error
CVE-2024-12541 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
678 6.1 MEDIUM
Network
- - The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and inclu… New CWE-79
Cross-site Scripting
CVE-2024-12540 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
679 4.3 MEDIUM
Network
- - The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft' function… New CWE-200
Information Exposure
CVE-2024-12538 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
680 6.4 MEDIUM
Network
- - The WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all ver… New CWE-79
Cross-site Scripting
CVE-2024-12528 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
681 6.5 MEDIUM
Network
- - The The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due … New CWE-94
Code Injection
CVE-2024-12419 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
682 7.5 HIGH
Network
- - The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotiv_seen_products_.*' cookie in all versions up to, and including, 3.6.1 due t… New CWE-89
SQL Injection
CVE-2024-12416 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
683 9.8 CRITICAL
Network
- - The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. Thi… New CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-12402 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
684 6.1 MEDIUM
Network
- - The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utm_keyword' parameter in all versions up to, and including, 2.0.2 due to insufficient inpu… New CWE-79
Cross-site Scripting
CVE-2024-12098 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
685 5.3 MEDIUM
Network
- - The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including,… New CWE-862
 Missing Authorization
CVE-2024-12022 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
686 6.4 MEDIUM
Network
- - The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘address’ parameter in all versions up to, and inclu… New CWE-79
Cross-site Scripting
CVE-2024-11934 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
687 6.4 MEDIUM
Network
- - The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sliderpro' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sani… New CWE-79
Cross-site Scripting
CVE-2024-11899 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
688 6.4 MEDIUM
Network
- - The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sell_media_search_form_gutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to ins… New CWE-79
Cross-site Scripting
CVE-2024-11777 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
689 4.9 MEDIUM
Network
- - The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter a… New CWE-89
SQL Injection
CVE-2024-11437 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
690 - -
- - Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading… New CWE-280
Improper Handling of Insufficient Permissions or Privileges 
CVE-2025-22395 2025-01-7 12:15 2025-01-7 Show GitHub Exploit DB Packet Storm
691 - -
- - Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different d… New CWE-200
Information Exposure
CVE-2025-21620 2025-01-7 08:15 2025-01-7 Show GitHub Exploit DB Packet Storm
692 - -
- - The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone call… New - CVE-2024-53932 2025-01-7 07:15 2025-01-7 Show GitHub Exploit DB Packet Storm
693 - -
- - The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by s… New - CVE-2024-53931 2025-01-7 07:15 2025-01-7 Show GitHub Exploit DB Packet Storm
694 - -
- - Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and su… New CWE-20
 Improper Input Validation 
CVE-2024-51741 2025-01-7 07:15 2025-01-7 Show GitHub Exploit DB Packet Storm
695 - -
- - Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code… New CWE-416
 Use After Free
CVE-2024-46981 2025-01-7 07:15 2025-01-7 Show GitHub Exploit DB Packet Storm
696 - -
- - Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password. New - CVE-2024-55076 2025-01-7 06:15 2025-01-7 Show GitHub Exploit DB Packet Storm
697 - -
- - Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes. New - CVE-2024-55075 2025-01-7 06:15 2025-01-7 Show GitHub Exploit DB Packet Storm
698 - -
- - The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370. New - CVE-2024-55074 2025-01-7 06:15 2025-01-7 Show GitHub Exploit DB Packet Storm
699 - -
- - A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /_parse/_call_main_search_ajax.php of th… Update - CVE-2024-13093 2025-01-7 06:15 2025-01-2 Show GitHub Exploit DB Packet Storm
700 - -
- - A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. This vulnerability affects unknown code of the file /_parse/_call_job/search_ajax.php of the component Job Post … Update - CVE-2024-13092 2025-01-7 06:15 2025-01-2 Show GitHub Exploit DB Packet Storm