Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-0153

    The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and abo... Read more

    Affected Products : vimeo_video_autoplay_automute
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-0178

    The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform ... Read more

    Affected Products : annual_archive
    • Published: Feb. 06, 2023
    • Modified: Mar. 26, 2025

  • 5.4

    MEDIUM
    CVE-2023-0096

    The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-S... Read more

    Affected Products : happyforms
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-41313

    A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP reque... Read more

    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-47418

    LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments.... Read more

    Affected Products : logicaldoc
    • Published: Feb. 07, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-0730

    The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthen... Read more

    Affected Products : wicked_folders
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-47414

    If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality.... Read more

    Affected Products : openkm
    • Published: Feb. 07, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-24690

    ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.... Read more

    Affected Products : churchcrm
    • Published: Feb. 09, 2023
    • Modified: Mar. 24, 2025

  • 5.4

    MEDIUM
    CVE-2022-45091

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01. ... Read more

    Affected Products : smartpower_web smartpower
    • Published: Feb. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4448

    The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored ... Read more

    Affected Products : givewp
    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 5.4

    MEDIUM
    CVE-2023-0275

    The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and... Read more

    Affected Products : easy_accept_payments_for_paypal
    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 5.4

    MEDIUM
    CVE-2023-0405

    The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.... Read more

    Affected Products : gpt_ai_power
    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 5.4

    MEDIUM
    CVE-2018-17302

    Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.... Read more

    Affected Products : espocrm
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-24769

    Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL para... Read more

    Affected Products : changedetection
    • Published: Feb. 17, 2023
    • Modified: Mar. 18, 2025

  • 5.4

    MEDIUM
    CVE-2022-40348

    Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code.... Read more

    Affected Products : intern_record_system
    • Published: Feb. 18, 2023
    • Modified: Mar. 17, 2025

  • 5.4

    MEDIUM
    CVE-2022-4669

    The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and abo... Read more

    Affected Products : page_builder\
    • Published: Feb. 21, 2023
    • Modified: Mar. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-4777

    The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to p... Read more

    Affected Products : bootstrap_shortcodes
    • Published: Feb. 21, 2023
    • Modified: Mar. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-4791

    The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack... Read more

    • Published: Feb. 21, 2023
    • Modified: Mar. 14, 2025

  • 5.4

    MEDIUM
    CVE-2023-0366

    The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform... Read more

    Affected Products : loan_comparison loan_comparison
    • Published: Feb. 21, 2023
    • Modified: Mar. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-4785

    The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to pe... Read more

    Affected Products : video_sidebar_widgets
    • Published: Feb. 21, 2023
    • Modified: Mar. 14, 2025
Showing 20 of 294695 Results