| CVE-2024-54434 | Cross-Site Request Forgery (CSRF) vulnerability in BenJemin phZoom phzoom allows Stored XSS.This issue affects phZoom: from n/a through <= 1.2.92. | high | 2026-04-23 |
| CVE-2024-54433 | Cross-Site Request Forgery (CSRF) vulnerability in Marcel CL Simple Booking Widget simple-booking-widget allows Stored XSS.This issue affects Simple Booking Widget: from n/a through <= 1.1. | high | 2026-04-23 |
| CVE-2024-54432 | Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Patnaik WP Flipkart Importer wp-flipkart-importer allows Stored XSS.This issue affects WP Flipkart Importer: from n/a through <= 1.4. | high | 2026-04-23 |
| CVE-2024-54431 | Cross-Site Request Forgery (CSRF) vulnerability in phpdevp Admin Customization wpp-customization allows Stored XSS.This issue affects Admin Customization: from n/a through <= 2.2. | high | 2026-04-23 |
| CVE-2024-54430 | Cross-Site Request Forgery (CSRF) vulnerability in Europe Ecologie Les Verts EELV Newsletter eelv-newsletter allows Cross Site Request Forgery.This issue affects EELV Newsletter: from n/a through <= 4.8.2. | medium | 2026-04-23 |
| CVE-2024-54429 | Cross-Site Request Forgery (CSRF) vulnerability in ivan-ovsyannikov Aphorismus aphorismus allows Stored XSS.This issue affects Aphorismus: from n/a through <= 1.2.0. | high | 2026-04-23 |
| CVE-2024-54428 | Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Add image to Post add-image-to-post allows Stored XSS.This issue affects Add image to Post: from n/a through <= 0.6. | high | 2026-04-23 |
| CVE-2024-54427 | Cross-Site Request Forgery (CSRF) vulnerability in ljmacphee Category of Posts list-one-category-of-posts allows Stored XSS.This issue affects Category of Posts: from n/a through <= 1.0. | high | 2026-04-23 |
| CVE-2024-54426 | Cross-Site Request Forgery (CSRF) vulnerability in crossfitatgg LeaderBoard Plugin leaderboard-lite allows Stored XSS.This issue affects LeaderBoard Plugin: from n/a through <= 1.2.4. | high | 2026-04-23 |
| CVE-2024-54425 | Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.com LionScripts: Site Maintenance & Noindex Nofollow Plugin maintenance-and-noindex-nofollow allows Stored XSS.This issue affects LionScripts: Site Maintenance & Noindex Nofollow Plugin: from n/a through <= 2.1. | high | 2026-04-23 |
| CVE-2024-54424 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ilya_compman Like in Vk.com like-on-vkontakte allows Stored XSS.This issue affects Like in Vk.com: from n/a through <= 0.5.2. | high | 2026-04-23 |
| CVE-2024-54423 | Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing social-media-sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through <= 1.1. | high | 2026-04-23 |
| CVE-2024-54422 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tgw365 Evernote Sync evernote-sync allows Reflected XSS.This issue affects Evernote Sync: from n/a through <= 3.0.0. | high | 2026-04-23 |
| CVE-2024-54421 | Cross-Site Request Forgery (CSRF) vulnerability in Sanjay_Negi Floating Video Player floating-player allows Stored XSS.This issue affects Floating Video Player: from n/a through <= 1.0. | high | 2026-04-23 |
| CVE-2024-54420 | Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Novikov Metrika metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through <= 1.2. | high | 2026-04-23 |
| CVE-2024-54419 | Cross-Site Request Forgery (CSRF) vulnerability in chenyenming Ui Slider Filter By Price ui-slider-filter-by-price allows Cross Site Request Forgery.This issue affects Ui Slider Filter By Price: from n/a through <= 1.1. | medium | 2026-04-23 |
| CVE-2024-54418 | Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technology Corp. DTC Documents dtc-documents allows Cross Site Request Forgery.This issue affects DTC Documents: from n/a through <= 1.1.05. | medium | 2026-04-23 |
| CVE-2024-54417 | Missing Authorization vulnerability in pixelgrade PixProof pixproof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through <= 2.0.1. | medium | 2026-04-23 |
| CVE-2024-54416 | Cross-Site Request Forgery (CSRF) vulnerability in Navdeep Wp Login with Ajax wp-login-with-ajax allows Stored XSS.This issue affects Wp Login with Ajax: from n/a through <= 0.6. | high | 2026-04-23 |
| CVE-2024-54415 | Cross-Site Request Forgery (CSRF) vulnerability in cconoly WP-HideThat wp-hide-that allows Stored XSS.This issue affects WP-HideThat: from n/a through <= 1.2. | high | 2026-04-23 |
| CVE-2024-54414 | Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode geoportail-shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through <= 2.4.4. | high | 2026-04-23 |
| CVE-2024-54413 | Cross-Site Request Forgery (CSRF) vulnerability in brandt-net Display Future Posts display-future-posts allows Stored XSS.This issue affects Display Future Posts: from n/a through <= 0.2.3. | high | 2026-04-23 |
| CVE-2024-54412 | Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Product Carousel ect-product-carousel allows Stored XSS.This issue affects ECT Product Carousel: from n/a through <= 1.9. | high | 2026-04-23 |
| CVE-2024-54411 | Cross-Site Request Forgery (CSRF) vulnerability in hosting.io WP Controller wp-management-controller allows Stored XSS.This issue affects WP Controller: from n/a through <= 3.2.0. | high | 2026-04-23 |
| CVE-2024-54410 | Cross-Site Request Forgery (CSRF) vulnerability in eagerterrier SOPA Blackout sopa-blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through <= 1.4. | high | 2026-04-23 |
| CVE-2024-54409 | Cross-Site Request Forgery (CSRF) vulnerability in fzmaster XPD Reduce Image Filesize xpd-reduce-image-filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through <= 1.0. | high | 2026-04-23 |
| CVE-2024-54408 | Cross-Site Request Forgery (CSRF) vulnerability in codehandling Youtube Video Grid youmax-channel-embeds-for-youtube-businesses allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Video Grid: from n/a through <= 1.9. | medium | 2026-04-23 |
| CVE-2024-54407 | Cross-Site Request Forgery (CSRF) vulnerability in a328496647 CK and SyntaxHighlighter ck-and-syntaxhighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through <= 3.4.2. | high | 2026-04-23 |
| CVE-2024-54406 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moallemi Comments On Feed comments-on-feed allows Reflected XSS.This issue affects Comments On Feed: from n/a through <= 1.2.1. | high | 2026-04-23 |
| CVE-2024-54405 | Cross-Site Request Forgery (CSRF) vulnerability in etemplates ECT Social Share ect-social-share allows Stored XSS.This issue affects ECT Social Share: from n/a through <= 1.3. | high | 2026-04-23 |
| CVE-2024-54404 | Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Comment Toolbar mdc-comment-toolbar allows Stored XSS.This issue affects MDC Comment Toolbar: from n/a through <= 1.1. | high | 2026-04-23 |
| CVE-2024-54403 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in oktoberfive Visual Recent Posts visual-recent-posts allows Reflected XSS.This issue affects Visual Recent Posts: from n/a through <= 1.2.3. | high | 2026-04-23 |
| CVE-2024-54402 | Missing Authorization vulnerability in Mohamed Abd Elhalim Arabic Webfonts arabic-webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through <= 1.4.6. | medium | 2026-04-23 |
| CVE-2024-54401 | Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Turcu Advanced Fancybox advanced-fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through <= 1.1.1. | high | 2026-04-23 |
| CVE-2024-54400 | Cross-Site Request Forgery (CSRF) vulnerability in meloniq AppMaps appmaps allows Stored XSS.This issue affects AppMaps: from n/a through <= 1.1. | high | 2026-04-23 |
| CVE-2024-54399 | Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button crudlab-google-plus allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through <= 1.0.2. | high | 2026-04-23 |
| CVE-2024-54398 | Cross-Site Request Forgery (CSRF) vulnerability in jcaruso001 Flaming Forms flaming-forms allows Stored XSS.This issue affects Flaming Forms: from n/a through <= 1.0.1. | high | 2026-04-23 |
| CVE-2024-54397 | Cross-Site Request Forgery (CSRF) vulnerability in antonio.gocaj Go Animate goanimate allows Stored XSS.This issue affects Go Animate: from n/a through <= 1.0. | high | 2026-04-23 |
| CVE-2024-54396 | Cross-Site Request Forgery (CSRF) vulnerability in elmervillanueva Bet sport Free bet-sport-free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through <= 1.0.0. | medium | 2026-04-23 |
| CVE-2024-54395 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in preblogging Increase Sociability increase-sociability allows Reflected XSS.This issue affects Increase Sociability: from n/a through <= 1.3.0. | high | 2026-04-23 |
| CVE-2024-54394 | Cross-Site Request Forgery (CSRF) vulnerability in khubbaib Mandrill WP email-form-under-post allows Stored XSS.This issue affects Mandrill WP: from n/a through <= 1.0.5. | high | 2026-04-23 |
| CVE-2024-54393 | Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle wp-fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through <= 1.0. | high | 2026-04-23 |
| CVE-2024-54392 | Cross-Site Request Forgery (CSRF) vulnerability in midoks WP微信机器人 wp-weixin-robot allows Stored XSS.This issue affects WP微信机器人: from n/a through <= 5.3.5. | high | 2026-04-23 |
| CVE-2024-54391 | Cross-Site Request Forgery (CSRF) vulnerability in mattwalters WordPress Filter wordpress-filter allows Stored XSS.This issue affects WordPress Filter: from n/a through <= 1.4.1. | high | 2026-04-23 |
| CVE-2024-54390 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bouzid Nazim Zitouni TagGator taggator allows Reflected XSS.This issue affects TagGator: from n/a through <= 1.54. | high | 2026-04-23 |
| CVE-2024-54389 | Cross-Site Request Forgery (CSRF) vulnerability in Eduardo addWeather myweather allows Cross Site Request Forgery.This issue affects addWeather: from n/a through <= 2.5.1. | high | 2026-04-23 |
| CVE-2024-54388 | Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails multiple-admin-emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through <= 1.0. | high | 2026-04-23 |
| CVE-2024-54386 | Cross-Site Request Forgery (CSRF) vulnerability in pushmonkey Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart push-monkey-desktop-push-notifications allows Cross Site Request Forgery.This issue affects Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart: from n/a through <= 3.9. | high | 2026-04-23 |
| CVE-2024-54385 | Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.83. | high | 2026-04-23 |
| CVE-2024-54384 | Missing Authorization vulnerability in Anh Tran Falcon – WordPress Optimizations & Tweaks falcon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon – WordPress Optimizations & Tweaks: from n/a through <= 2.8.3. | medium | 2026-04-23 |
