Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-37243

    MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint.... Read more

    • EPSS Score: %0.60
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-6030

    The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src/Hooks/Users.php) in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL... Read more

    Affected Products : logdash_activity_log
    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2023-7086

    The SVG Uploads Support WordPress plugin through 2.1.1 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.... Read more

    Affected Products : svg_uploads_support
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-10504

    The Contact Form, Survey, Quiz & Popup Form Builder WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.... Read more

    Affected Products : arforms
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-10818

    The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : jsfiddle_shortcode
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-11502

    The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and a... Read more

    Affected Products : planning_center_online_giving
    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025

  • 5.4

    MEDIUM
    CVE-2024-11718

    The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : tarteaucitron-wp
    • Published: May. 15, 2025
    • Modified: Jun. 09, 2025

  • 5.4

    MEDIUM
    CVE-2024-5440

    The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor r... Read more

    • Published: May. 15, 2025
    • Modified: Jun. 11, 2025

  • 5.4

    MEDIUM
    CVE-2025-48027

    The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver.... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025

  • 5.4

    MEDIUM
    CVE-2024-6668

    The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks... Read more

    Affected Products : profilepro
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2022-36358

    Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings.... Read more

    Affected Products : seo_scout
    • EPSS Score: %0.08
    • Published: Aug. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-8851

    The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ... Read more

    Affected Products : polls_cp
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-8854

    The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ... Read more

    Affected Products : polls_cp
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-9238

    The AVIF Uploader WordPress plugin before 1.1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.... Read more

    Affected Products : avif_uploader
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-9599

    The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for... Read more

    Affected Products : popup_box popup_box
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-9645

    The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with ... Read more

    Affected Products : post_grid
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025

  • 5.4

    MEDIUM
    CVE-2024-9662

    The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (fo... Read more

    Affected Products : cyan_backup
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-9709

    The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : ekc_tournament_manager
    • Published: May. 15, 2025
    • Modified: May. 28, 2025

  • 5.4

    MEDIUM
    CVE-2024-9838

    The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products : auto_affiliate_links
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025

  • 5.4

    MEDIUM
    CVE-2025-2248

    The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more

    Affected Products : wp-pmanager
    • Published: May. 15, 2025
    • Modified: Jun. 04, 2025
Showing 20 of 290954 Results