| CVE-2024-54383 | Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9. | critical | 2026-04-23 |
| CVE-2024-54382 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in boldthemes Bold Page Builder bold-page-builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through <= 5.1.5. | medium | 2026-04-23 |
| CVE-2024-54381 | Missing Authorization vulnerability in Dotstore Advance Menu Manager advance-menu-manager.This issue affects Advance Menu Manager: from n/a through <= 3.1.1. | high | 2026-04-23 |
| CVE-2024-54380 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Filippo Bodei WP Cookies Enabler wp-cookies-enabler allows PHP Local File Inclusion.This issue affects WP Cookies Enabler: from n/a through <= 1.0.1. | high | 2026-04-23 |
| CVE-2024-54379 | Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through <= 1.0.5. | high | 2026-04-23 |
| CVE-2024-54378 | Missing Authorization vulnerability in Quietly Quietly Insights quietly-insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through <= 1.2.2. | high | 2026-04-23 |
| CVE-2024-54376 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Spider Themes EazyDocs eazydocs allows PHP Local File Inclusion.This issue affects EazyDocs: from n/a through <= 2.8.0. | high | 2026-04-23 |
| CVE-2024-54375 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Woolook woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through <= 1.7.0. | high | 2026-04-23 |
| CVE-2024-54374 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Sogrid sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through <= 1.5.6. | high | 2026-04-23 |
| CVE-2024-54373 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chris Gardenberg EduAdmin Booking eduadmin-booking allows PHP Local File Inclusion.This issue affects EduAdmin Booking: from n/a through <= 5.2.0. | high | 2026-04-23 |
| CVE-2024-54372 | Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify insertify allows Code Injection.This issue affects Insertify: from n/a through <= 1.1.4. | critical | 2026-04-23 |
| CVE-2024-54370 | Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through <= 1.1.0. | critical | 2026-04-23 |
| CVE-2024-54369 | Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through <= 1.0.2. | critical | 2026-04-23 |
| CVE-2024-54368 | Cross-Site Request Forgery (CSRF) vulnerability in rubengarzajr GitSync git-sync allows Code Injection.This issue affects GitSync: from n/a through <= 1.1.0. | critical | 2026-04-23 |
| CVE-2024-54367 | Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.This issue affects ForumWP: from n/a through <= 2.1.0. | critical | 2026-04-23 |
| CVE-2024-54366 | Generation of Error Message Containing Sensitive Information vulnerability in videogallery Vimeography vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through <= 2.4.4. | medium | 2026-04-23 |
| CVE-2024-54365 | Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through <= 1.0.0. | high | 2026-04-23 |
| CVE-2024-54364 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spartac Feedpress Generator feedpress-generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through <= 1.2.1. | high | 2026-04-23 |
| CVE-2024-54363 | Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0. | critical | 2026-04-23 |
| CVE-2024-54362 | Path Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects GetShop ecommerce: from n/a through <= 1.3. | high | 2026-04-23 |
| CVE-2024-54361 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tenteeglobal Instant Appointment instant-appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through <= 1.2. | critical | 2026-04-23 |
| CVE-2024-54360 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in premila Gutensee gutensee allows DOM-Based XSS.This issue affects Gutensee: from n/a through <= 1.0.6. | medium | 2026-04-23 |
| CVE-2024-54358 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enrico Cantori 3D Avatar User Profile 3d-avatar-user-profile allows Reflected XSS.This issue affects 3D Avatar User Profile: from n/a through <= 1.0.0. | high | 2026-04-23 |
| CVE-2024-54357 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada avada.This issue affects Avada: from n/a through <= 7.11.10. | medium | 2026-04-23 |
| CVE-2024-54356 | Cross-Site Request Forgery (CSRF) vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.5. | medium | 2026-04-23 |
| CVE-2024-54355 | Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster wp-mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through <= 1.8.17.0. | high | 2026-04-23 |
| CVE-2024-54354 | Missing Authorization vulnerability in beat.k Termin-Kalender termin-kalender allows Stored XSS.This issue affects Termin-Kalender: from n/a through <= 0.99.47. | medium | 2026-04-23 |
| CVE-2024-54353 | Cross-Site Request Forgery (CSRF) vulnerability in wpgear Hack-Info hack-info allows Stored XSS.This issue affects Hack-Info: from n/a through <= 3.17. | high | 2026-04-23 |
| CVE-2024-54352 | Cross-Site Request Forgery (CSRF) vulnerability in Sabri Sogrid sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through <= 1.5.2. | high | 2026-04-23 |
| CVE-2024-54351 | Cross-Site Request Forgery (CSRF) vulnerability in Thomas K Landis Fancy Roller Scroller fancy-roller-scroller allows Stored XSS.This issue affects Fancy Roller Scroller: from n/a through <= 1.4.0. | high | 2026-04-23 |
| CVE-2024-54350 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hjyl hmd hmd allows Stored XSS.This issue affects hmd: from n/a through <= 2.0. | high | 2026-04-23 |
| CVE-2024-54349 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mashiurz Plain Post plain-post allows Stored XSS.This issue affects Plain Post: from n/a through <= 1.0.3. | medium | 2026-04-23 |
| CVE-2024-54348 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yaycommerce Brand brand allows Stored XSS.This issue affects Brand: from n/a through <= 1.1.6. | medium | 2026-04-23 |
| CVE-2024-54347 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BAKKBONE Australia FloristPress bakkbone-florist-companion allows Reflected XSS.This issue affects FloristPress: from n/a through <= 7.2.0. | high | 2026-04-23 |
| CVE-2024-54346 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 Barter barter allows DOM-Based XSS.This issue affects Barter: from n/a through <= 1.6. | medium | 2026-04-23 |
| CVE-2024-54345 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 Bicycleshop bicycleshop allows DOM-Based XSS.This issue affects Bicycleshop: from n/a through <= 1.5. | medium | 2026-04-23 |
| CVE-2024-54344 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Quick Shop wp-quick-shop allows Reflected XSS.This issue affects WP Quick Shop: from n/a through <= 1.3.1. | high | 2026-04-23 |
| CVE-2024-54343 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thehowarde Connect Contact Form 7 to Constant Contact connect-contact-form-7-to-constant-contact-v3 allows Reflected XSS.This issue affects Connect Contact Form 7 to Constant Contact: from n/a through <= 1.4. | high | 2026-04-23 |
| CVE-2024-54342 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in STAGGS STAGGS staggs allows Reflected XSS.This issue affects STAGGS: from n/a through <= 2.0.0. | high | 2026-04-23 |
| CVE-2024-54341 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LabelGrid LabelGrid Tools label-grid-tools allows Reflected XSS.This issue affects LabelGrid Tools: from n/a through <= 1.3.58. | high | 2026-04-23 |
| CVE-2024-54340 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sylviavanos Simple Presenter simple-presenter allows Reflected XSS.This issue affects Simple Presenter: from n/a through <= 1.5.1. | high | 2026-04-23 |
| CVE-2024-54339 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jbd7 geoFlickr geoflickr allows Reflected XSS.This issue affects geoFlickr: from n/a through <= 1.3. | high | 2026-04-23 |
| CVE-2024-54338 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in christer_f Hello Event Widgets For Elementor hello-event-widgets-for-elementor allows DOM-Based XSS.This issue affects Hello Event Widgets For Elementor: from n/a through <= 1.0.2. | medium | 2026-04-23 |
| CVE-2024-54337 | Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site devrix-dark-site allows Stored XSS.This issue affects DX Dark Site: from n/a through <= 1.0.1. | high | 2026-04-23 |
| CVE-2024-54336 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia projectopia-core allows Authentication Bypass.This issue affects Projectopia: from n/a through <= 5.1.7. | high | 2026-04-23 |
| CVE-2024-54335 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImmoSoft ImmoToolBox Connect immotoolbox-connect allows Reflected XSS.This issue affects ImmoToolBox Connect: from n/a through <= 1.3.3. | high | 2026-04-23 |
| CVE-2024-54334 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zeshanb Quran Phrases About Most People Shortcodes quran-phrases-about-most-people-shortcodes allows DOM-Based XSS.This issue affects Quran Phrases About Most People Shortcodes: from n/a through <= 1.4. | medium | 2026-04-23 |
| CVE-2024-54333 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Check Pincode For Woocommerce check-pincode-for-woocommerce allows Reflected XSS.This issue affects Check Pincode For Woocommerce: from n/a through <= 1.1. | high | 2026-04-23 |
| CVE-2024-54332 | Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Currency Exchange Rates wp-currency-exchange-rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through <= 1.2.0. | high | 2026-04-23 |
| CVE-2024-54331 | Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree i-plant-a-tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through <= 1.7.3. | high | 2026-04-23 |
