Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2020-36735

    The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation... Read more

    Affected Products : wp_erp
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-36737

    The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it poss... Read more

    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-36738

    The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it pos... Read more

    Affected Products : cool_timeline
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4384

    The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the load_images_thumbnail() and edit_gallery() fu... Read more

    Affected Products : photo-contest
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-36739

    The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the my_fts_fb_load_more() funct... Read more

    Affected Products : feed_them_social
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-36744

    The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthentic... Read more

    Affected Products : notificationx
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13060

    A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1.... Read more

    Affected Products : anythingllm anythingllm_docker
    • Published: Mar. 20, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2020-36742

    The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthen... Read more

    Affected Products : custom_field_template
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4389

    The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attac... Read more

    Affected Products : wp_travel
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-29195

    Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point o... Read more

    Affected Products : vitess
    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-26839

    A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site.... Read more

    Affected Products : churchcrm
    • Published: Apr. 25, 2023
    • Modified: Feb. 04, 2025

  • 4.3

    MEDIUM
    CVE-2014-125054

    A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The patch is identi... Read more

    Affected Products : reddit-on-rails
    • Published: Jan. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13832

    The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. This makes it poss... Read more

    Affected Products : ultra_addons_lite_for_elementor
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-0801

    The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenti... Read more

    Affected Products : ratemyagent
    • Published: Feb. 28, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2021-4392

    The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() functi... Read more

    Affected Products : ecommerce_product_catalog
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-30544

    Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account w... Read more

    Affected Products : kiwi_tcms
    • Published: Apr. 24, 2023
    • Modified: Feb. 04, 2025

  • 4.3

    MEDIUM
    CVE-2023-5531

    The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthe... Read more

    Affected Products : thumbnail_slider_with_lightbox
    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-7045

    In version v0.3.8 of open-webui/open-webui, improper access control vulnerabilities allow an attacker to view any prompts. The application does not verify whether the attacker is an administrator, allowing the attacker to directly call the /api/v1/prompts... Read more

    Affected Products : open_webui
    • Published: Mar. 20, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-7476

    A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2. The vulnerability allows an authenticated attacker to modify any user's templates by sending a crafted HTTP POST request to the /v1/templates/{id}/versions endp... Read more

    Affected Products : lunary
    • Published: Mar. 20, 2025
    • Modified: Jul. 02, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2021-4391

    The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possi... Read more

    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294754 Results