Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-13687

    The Team Builder – Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions up to, and including, 1.3. This makes it possible for au... Read more

    Affected Products : team_builder
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-0827

    The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions... Read more

    Affected Products : play.ht
    • Published: Mar. 13, 2024
    • Modified: Mar. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-0830

    The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possib... Read more

    • Published: Mar. 13, 2024
    • Modified: Mar. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-43397

    Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessar... Read more

    Affected Products : apollo
    • Published: Aug. 20, 2024
    • Modified: Aug. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-13306

    The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_... Read more

    Affected Products : wp_google_map
    • Published: Feb. 15, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-5880

    The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password protection is enabled. This makes it possible for unauth... Read more

    Affected Products :
    • Published: Aug. 21, 2024
    • Modified: Aug. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32939

    Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visi... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 22, 2024
    • Modified: Aug. 23, 2024

  • 4.3

    MEDIUM
    CVE-2023-4731

    The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modif... Read more

    Affected Products : ladipage
    • Published: Mar. 12, 2024
    • Modified: Jan. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-45193

    An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects produc... Read more

    Affected Products : olm
    • Published: Aug. 22, 2024
    • Modified: Jun. 17, 2025

  • 4.3

    MEDIUM
    CVE-2023-4628

    The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladif... Read more

    Affected Products : ladipage
    • Published: Mar. 12, 2024
    • Modified: Jan. 15, 2025

  • 4.3

    MEDIUM
    CVE-2025-25195

    Zulip is an open source team chat application. A weekly cron job (added in 50256f48314250978f521ef439cafa704e056539) demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to all ... Read more

    Affected Products : zulip zulip_server
    • Published: Feb. 13, 2025
    • Modified: Feb. 13, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2024-1870

    The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authen... Read more

    Affected Products : colibri_page_builder
    • Published: Mar. 09, 2024
    • Modified: Jan. 28, 2025

  • 4.3

    MEDIUM
    CVE-2023-50346

    HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information. ... Read more

    Affected Products : dryice_myxalytics
    • Published: Jan. 03, 2024
    • Modified: Jun. 18, 2025

  • 4.3

    MEDIUM
    CVE-2024-1906

    The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unaut... Read more

    Affected Products : categorify
    • Published: Feb. 27, 2024
    • Modified: Jan. 07, 2025

  • 4.3

    MEDIUM
    CVE-2024-0766

    The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request function in all versions up to, and including, 1.4.4. This mak... Read more

    • Published: Feb. 28, 2024
    • Modified: Jan. 08, 2025

  • 4.3

    MEDIUM
    CVE-2024-13229

    The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it poss... Read more

    Affected Products : seo
    • Published: Feb. 13, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-28173

    In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed... Read more

    Affected Products : teamcity
    • Published: Mar. 06, 2024
    • Modified: Dec. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-43336

    Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10.... Read more

    Affected Products : wp_user_manager
    • Published: Aug. 26, 2024
    • Modified: Aug. 27, 2024

  • 4.3

    MEDIUM
    CVE-2022-34013

    OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.... Read more

    Affected Products : oneblog
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-43295

    Cross-Site Request Forgery (CSRF) vulnerability in Passionate Programmers B.V. WP Data Access.This issue affects WP Data Access: from n/a through 5.5.7.... Read more

    Affected Products : wp_data_access
    • Published: Aug. 26, 2024
    • Modified: Sep. 12, 2024
Showing 20 of 293609 Results