Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-54675

    Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup allows Cross Site Request Forgery. This issue affects YITH WooCommerce Popup: from n/a through 1.48.0.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-3624

    Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.... Read more

    Affected Products : ops_center_analyzer
    • Published: May. 16, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2022-41354

    An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.... Read more

    Affected Products : argo-cd
    • Published: Mar. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-8245

    The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : gamipress gamipress_-_reset_user
    • Published: May. 15, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2022-30852

    Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).... Read more

    Affected Products : known
    • Published: Jul. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-45072

    Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual CMS premium plugin <= 4.5.13 on WordPress.... Read more

    Affected Products : wpml
    • Published: Nov. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-35931

    Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1. ... Read more

    Affected Products : shescape
    • Published: Jun. 23, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13715

    The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers... Read more

    Affected Products : zstore_manager_basic
    • Published: Jan. 30, 2025
    • Modified: Jan. 30, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2020-23588

    A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Change port number" t... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 4.3

    MEDIUM
    CVE-2023-2083

    The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plug... Read more

    Affected Products : essential_blocks
    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4376

    The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.... Read more

    Affected Products : woocommerce_multi_currency
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-23622

    Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whethe... Read more

    Affected Products : discourse
    • Published: Mar. 17, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1169

    The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level ... Read more

    Affected Products : ooohboi_steroids_for_elementor
    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-23972

    Cross-Site Request Forgery (CSRF) vulnerability in Brian S. Reed Contact Form 7 reCAPTCHA allows Cross Site Request Forgery. This issue affects Contact Form 7 reCAPTCHA: from n/a through 1.2.0.... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2022-4103

    The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create... Read more

    Affected Products : royal_elementor_addons
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-4948

    The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions... Read more

    Affected Products : flyingpress
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-24744

    Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3.... Read more

    Affected Products : bridge_core
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-24419

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability t... Read more

    Affected Products : commerce commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-35044

    Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Securimage-WP plugin <= 3.6.16 versions.... Read more

    Affected Products : securimage-wp-fixed
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13546

    The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function. This makes it possible for authenticated attackers, with Contributor-level access... Read more

    Affected Products : generateblocks
    • Published: Mar. 01, 2025
    • Modified: Mar. 01, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 294718 Results