Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    CVSS31
    CVE-2024-11196

    The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mctagmap shortcode in all versions up to, and including, 17.0.33 due to insufficient input sanitization and output escaping on user supplied attrib... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.4

    CVSS31
    CVE-2024-11776

    The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping on user supplied ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-12509

    The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed_twine' shortcode in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-11774

    The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-11893

    The Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spoki_button' shortcode in all versions up to, and including, 2.15.14 due to insufficient input sanitization and out... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-9619

    The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-11775

    The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied a... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-11783

    The Financial Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'finance_calculator' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-12591

    The MagicPost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wb_share_social shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.4

    CVSS31
    CVE-2024-9545

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to, and including, 2.16.4 due to insufficient input sanitizati... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.4

    CVSS31
    CVE-2024-12588

    The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on us... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.4

    CVSS31
    CVE-2024-11878

    The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-11411

    The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.4

    CVSS31
    CVE-2024-10453

    The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and ou... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.4

    CVSS31
    CVE-2024-12697

    The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.4

    CVSS31
    CVE-2024-11784

    The Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode in all versions up to, and including, 3.0.2 due to insufficient input sanitization a... Read more

    Affected Products :
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.3

    CVSS31
    CVE-2024-12789

    A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initi... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 6.3

    CVSS31
    CVE-2024-56351

    In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles... Read more

    Affected Products : teamcity
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.3

    CVSS31
    CVE-2024-12794

    A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to ... Read more

    Affected Products : e-commerce_site
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 6.2

    CVSS31
    CVE-2024-52897

    IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024
Showing 20 of 162 Results
© cvefeed.io
Latest DB Update: Dec. 21, 2024 17:01