Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS wp-sms allows DOM-Based XSS.This issue affects WP SMS: from n/a through <= 7.1.
Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This …
Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through <= 1.1.5.
Missing Authorization vulnerability in wpcoachify Coachify coachify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coachify: from n/a through <= 1.1.5.
Missing Authorization vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Exploiting Incorrectly Configured Access Control Security Level…
Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through <= 1.0.1…
Missing Authorization vulnerability in Fahad Mahmood Endless Posts Navigation endless-posts-navigation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Endle…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activi…
Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress A…
Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And …
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP …
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Da…
Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.T…
Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through <= 6.1.12.
Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through <= 3.7…
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through …
Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects E…
Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site-library allows Cross Site Request Forgery.This issue affects Zita Elementor Site Library: from n/a thro…
Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff…
Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19.