Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-48047

    Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through 1.0.5.... Read more

    Affected Products :
    • Published: Oct. 17, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2025-6062

    The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, v1.01. This is due to missing or incorrect nonce validation on the 'yougler-plugin.php' page. This makes it possible fo... Read more

    Affected Products :
    • Published: Jun. 14, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-10521

    The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it po... Read more

    • Published: Nov. 27, 2024
    • Modified: Mar. 19, 2025

  • 4.3

    MEDIUM
    CVE-2022-29903

    The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains.... Read more

    Affected Products : mediawiki
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-30852

    Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).... Read more

    Affected Products : known
    • Published: Jul. 08, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13420

    Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsf_reset_section_options', 'gsf_reset_section_options', 'gsf_create_preset_options' and more in various ver... Read more

    Affected Products : april auteur benaa beyot
    • Published: May. 02, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-47836

    Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.... Read more

    Affected Products : admidio
    • Published: Oct. 16, 2024
    • Modified: Oct. 18, 2024

  • 4.3

    MEDIUM
    CVE-2022-0377

    Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to th... Read more

    Affected Products : learnpress
    • Published: Feb. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-49238

    Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup allows Cross Site Request Forgery. This issue affects Everest Backup: from n/a through 2.3.3.... Read more

    Affected Products : everest_backup
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-30629

    Cross-Site Request Forgery (CSRF) vulnerability in Codehaveli Bitly URL Shortener allows Cross Site Request Forgery. This issue affects Bitly URL Shortener: from n/a through 1.3.3.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2023-22348

    Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.... Read more

    Affected Products : checkmk checkmk
    • Published: May. 17, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-8899

    The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated at... Read more

    Affected Products : jeg_elementor_kit
    • Published: Nov. 26, 2024
    • Modified: Jan. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-6243

    The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. ... Read more

    Affected Products : eventon-lite
    • Published: Oct. 19, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2021-39016

    IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed ... Read more

    • Published: Jul. 14, 2022
    • Modified: Mar. 25, 2025

  • 4.3

    MEDIUM
    CVE-2023-31708

    A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.... Read more

    Affected Products : eyoucms
    • Published: May. 23, 2023
    • Modified: Jan. 21, 2025

  • 4.3

    MEDIUM
    CVE-2023-24058

    Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, La... Read more

    Affected Products : booked
    • Published: Jan. 22, 2023
    • Modified: Apr. 02, 2025

  • 4.3

    MEDIUM
    CVE-2025-53293

    Missing Authorization vulnerability in Morten Dalgaard Johansen Dashboard Widget Sidebar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dashboard Widget Sidebar: from n/a through 1.2.3.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-53200

    Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-53327

    Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions allows Cross Site Request Forgery. This issue affects Aioseo Multibyte Descriptions: from n/a through 0.0.6.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-9889

    The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level... Read more

    • Published: Oct. 19, 2024
    • Modified: Nov. 01, 2024
Showing 20 of 294068 Results