Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-34389

    Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4. ... Read more

    Affected Products : wp_post_author
    • Published: May. 06, 2024
    • Modified: Feb. 07, 2025

  • 4.3

    MEDIUM
    CVE-2024-31096

    Cross-Site Request Forgery (CSRF) vulnerability in kopatheme Nictitate.This issue affects Nictitate: from n/a through 1.1.4. ... Read more

    Affected Products :
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32784

    Missing Authorization vulnerability in CookieHub.This issue affects CookieHub: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Jun. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5489

    The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for auth... Read more

    Affected Products : custom_font_uploader
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5449

    The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_op... Read more

    Affected Products : wp_dark_mode
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5453

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to,... Read more

    Affected Products : profilegrid
    • Published: Jun. 05, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-1717

    The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attacker... Read more

    Affected Products :
    • Published: Jun. 04, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-28492

    Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through 1.4.10.... Read more

    Affected Products :
    • Published: Jun. 03, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-31576

    Missing Authorization vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PostmarkApp Email Integrator: from n/a through 2.4.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2022-3173

    Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.... Read more

    Affected Products : snipe-it
    • Published: Sep. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4344

    The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.1.13. This is due to missing or incorrect nonce validation on the exec funct... Read more

    Affected Products : shield_security
    • Published: Jun. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4427

    The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with s... Read more

    Affected Products : comparison_slider
    • Published: May. 30, 2024
    • Modified: Feb. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-4139

    Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrit... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-3949

    The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprod_lite_get_revisisons' function in... Read more

    Affected Products : website_builder_by_seedprod
    • Published: May. 09, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2022-38299

    An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint.... Read more

    Affected Products : appsmith
    • Published: Sep. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-0900

    The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_cr... Read more

    Affected Products :
    • Published: Apr. 23, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-3609

    The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. Th... Read more

    Affected Products : reviewx
    • Published: May. 16, 2024
    • Modified: Jun. 27, 2025

  • 4.3

    MEDIUM
    CVE-2024-24583

    Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.This vulnerabilitty co... Read more

    Affected Products : libigl
    • Published: May. 28, 2024
    • Modified: Feb. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-31880

    Cross-Site Request Forgery (CSRF) vulnerability in Stylemix Pearl allows Cross Site Request Forgery. This issue affects Pearl: from n/a through 1.3.9.... Read more

    Affected Products : pearl_header_builder
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31845

    Cross-Site Request Forgery (CSRF) vulnerability in Rohit Choudhary Theme Duplicator allows Cross Site Request Forgery. This issue affects Theme Duplicator: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293613 Results