Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-0367

    The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow us... Read more

    • Published: Apr. 17, 2023
    • Modified: Mar. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-0489

    The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform St... Read more

    Affected Products : sideonline
    • Published: Jun. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0362

    Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perf... Read more

    Affected Products : portfolio_post
    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 5.4

    MEDIUM
    CVE-2023-0267

    The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributo... Read more

    • Published: May. 08, 2023
    • Modified: Jan. 29, 2025

  • 5.4

    MEDIUM
    CVE-2023-0270

    The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and abo... Read more

    Affected Products : yamaps
    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 5.4

    MEDIUM
    CVE-2023-0365

    The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform S... Read more

    Affected Products : react_webcam
    • Published: Mar. 20, 2023
    • Modified: Feb. 26, 2025

  • 5.4

    MEDIUM
    CVE-2023-0320

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.This issue affects UBYS: before 23.03.16. ... Read more

    • Published: Mar. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0402

    The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level perm... Read more

    Affected Products : social_warfare
    • Published: Jan. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0165

    The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform ... Read more

    Affected Products : cost_calculator
    • Published: Mar. 06, 2023
    • Modified: Mar. 06, 2025

  • 5.4

    MEDIUM
    CVE-2023-0166

    The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contr... Read more

    Affected Products : product_slider_for_woocommerce
    • Published: Feb. 13, 2023
    • Modified: Mar. 21, 2025

  • 5.4

    MEDIUM
    CVE-2023-0146

    The Naver Map WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stor... Read more

    Affected Products : naver_map
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2017-1000023

    LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document.... Read more

    Affected Products : logicaldoc
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-0173

    The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role... Read more

    Affected Products : drag_\&_drop_sales_funnel_builder
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-0154

    The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store... Read more

    Affected Products : gamipress gamipress_-_reset_user
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-0143

    The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site S... Read more

    Affected Products : send_pdf_for_contact_form_7
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-0404

    The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, wi... Read more

    Affected Products : events_made_easy
    • Published: Jan. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-0177

    The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor rol... Read more

    Affected Products : social_like_box_and_page
    • Published: Feb. 13, 2023
    • Modified: Mar. 20, 2025

  • 5.4

    MEDIUM
    CVE-2023-0066

    The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and a... Read more

    Affected Products : companion_sitemap_generator
    • Published: Mar. 13, 2023
    • Modified: Feb. 27, 2025

  • 5.4

    MEDIUM
    CVE-2023-0072

    The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to ... Read more

    Affected Products : wc_vendors_marketplace
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2023-0082

    The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross... Read more

    Affected Products : exactmetrics
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025
Showing 20 of 293622 Results