Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-4731

    The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modif... Read more

    Affected Products : ladipage
    • Published: Mar. 12, 2024
    • Modified: Jan. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-31219

    Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via `whispers_allowed_groups` and reactions are made on whispers on public topics, the contents of the whisper and the reaction data a... Read more

    Affected Products : discourse_reactions
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13494

    The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfu_file_details' function. This makes it possible for un... Read more

    Affected Products : wordpress_file_upload
    • Published: Feb. 25, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-31383

    Cross-Site Request Forgery (CSRF) vulnerability in Pagelayer PopularFX.This issue affects PopularFX: from n/a through 1.2.4. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31940

    Cross-Site Request Forgery (CSRF) vulnerability in RedNao Extra Product Options Builder for WooCommerce.This issue affects Extra Product Options Builder for WooCommerce: from n/a through 1.2.104. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31427

    Cross-Site Request Forgery (CSRF) vulnerability in Marker.Io Marker.Io.This issue affects Marker.Io : from n/a through 1.1.8. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32435

    Cross-Site Request Forgery (CSRF) vulnerability in Affieasy Team AffiEasy.This issue affects AffiEasy: from n/a through 1.1.4. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32088

    Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.15.20. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-3949

    The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprod_lite_get_revisisons' function in... Read more

    Affected Products : website_builder_by_seedprod
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-1898

    Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator. ... Read more

    Affected Products : devolutions_server
    • Published: Mar. 05, 2024
    • Modified: Mar. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-1901

    Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable. ... Read more

    Affected Products : devolutions_server
    • Published: Mar. 05, 2024
    • Modified: Mar. 28, 2025

  • 4.3

    MEDIUM
    CVE-2024-37898

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having del... Read more

    Affected Products : xwiki
    • Published: Jul. 31, 2024
    • Modified: Sep. 06, 2024

  • 4.3

    MEDIUM
    CVE-2023-49783

    Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a `ModelAd... Read more

    Affected Products : admin
    • Published: Jan. 23, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32099

    Cross-Site Request Forgery (CSRF) vulnerability in James Ward WP Mail Catcher.This issue affects WP Mail Catcher: from n/a through 2.1.6. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-4628

    The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladif... Read more

    Affected Products : ladipage
    • Published: Mar. 12, 2024
    • Modified: Jan. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-32104

    Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.18.1. ... Read more

    Affected Products : nextmove
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32448

    Cross-Site Request Forgery (CSRF) vulnerability in VideoYield.Com Ads.Txt Admin.This issue affects Ads.Txt Admin: from n/a through 1.3. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-28173

    In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed... Read more

    Affected Products : teamcity
    • Published: Mar. 06, 2024
    • Modified: Dec. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-40722

    The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer ov... Read more

    Affected Products : tcb_servisign
    • Published: Aug. 02, 2024
    • Modified: Aug. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-31364

    Cross-Site Request Forgery (CSRF) vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts.This issue affects ELEX WooCommerce Dynamic Pricing and Discounts: from n/a through 2.1.2. ... Read more

    Affected Products :
    • Published: Apr. 12, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293609 Results