Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-4754

    The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and a... Read more

    Affected Products : easy_social_box
    • Published: Feb. 21, 2023
    • Modified: Mar. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-4717

    The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting a... Read more

    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-4782

    The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.... Read more

    Affected Products : clickfunnels
    • Published: Aug. 16, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4757

    The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting ... Read more

    Affected Products : list_pages_shortcode
    • Published: Feb. 27, 2023
    • Modified: Mar. 10, 2025

  • 5.4

    MEDIUM
    CVE-2022-4751

    The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : word_balloon
    • Published: Jan. 23, 2023
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2022-4825

    The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks wh... Read more

    Affected Products : download_wp-showhide
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-4668

    The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting at... Read more

    Affected Products : easy_appointments easy_appointments
    • Published: Jan. 23, 2023
    • Modified: Apr. 02, 2025

  • 5.4

    MEDIUM
    CVE-2022-4664

    The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Sto... Read more

    Affected Products : gs_logo_slider logo_slider logo_slider
    • Published: Feb. 06, 2023
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2022-4792

    The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.... Read more

    Affected Products : news_\&_blog_designer_pack
    • Published: Jan. 30, 2023
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-4795

    The Galleries by Angie Makes WordPress plugin through 1.67 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above t... Read more

    Affected Products : galleries_by_angie_makes
    • Published: Feb. 27, 2023
    • Modified: Mar. 10, 2025

  • 5.4

    MEDIUM
    CVE-2022-4679

    The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform ... Read more

    Affected Products : shortcode
    • Published: Feb. 27, 2023
    • Modified: Mar. 18, 2025

  • 5.4

    MEDIUM
    CVE-2022-4598

    A vulnerability has been found in Shoplazza LifeStyle 1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/api/theme-edit/ of the component Announcement Handler. The manipulation of the argument ... Read more

    Affected Products : lifestyle
    • Published: Dec. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4835

    The Social Sharing Toolkit WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting... Read more

    Affected Products : social_sharing_toolkit
    • Published: Jan. 30, 2023
    • Modified: Mar. 27, 2025

  • 5.4

    MEDIUM
    CVE-2022-4699

    The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting atta... Read more

    Affected Products : mediaelement.js mediaelement.js
    • Published: Jan. 30, 2023
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-4667

    The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting att... Read more

    Affected Products : rss_aggregator_by_feedzy
    • Published: Jan. 30, 2023
    • Modified: Apr. 21, 2025

  • 5.4

    MEDIUM
    CVE-2022-4625

    The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting att... Read more

    Affected Products : login_logout_menu
    • Published: Jan. 23, 2023
    • Modified: Apr. 02, 2025

  • 5.4

    MEDIUM
    CVE-2022-4600

    A vulnerability was found in Shoplazza LifeStyle 1.1. It has been classified as problematic. This affects an unknown part of the file /admin/api/theme-edit/ of the component Product Carousel Handler. The manipulation of the argument Heading/Description le... Read more

    Affected Products : lifestyle
    • Published: Dec. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4728

    A vulnerability has been found in Graphite Web and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has be... Read more

    Affected Products : graphite
    • Published: Dec. 27, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4602

    A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/api/theme-edit/ of the component Review Flow Handler. The manipulation of the argument Title leads to cro... Read more

    Affected Products : lifestyle
    • Published: Dec. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2022-4542

    The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripti... Read more

    Affected Products : compact_wp_audio_player
    • Published: Jan. 23, 2023
    • Modified: Apr. 03, 2025
Showing 20 of 293624 Results