Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2023-6924

    The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl... Read more

    Affected Products : photo_gallery
    • EPSS Score: %0.19
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2023-6882

    The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible ... Read more

    Affected Products : simple_membership
    • EPSS Score: %1.27
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 5.3

    MEDIUM
    CVE-2023-6855

    The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pm... Read more

    Affected Products : paid_memberships_pro
    • EPSS Score: %0.35
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-6843

    The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings.... Read more

    Affected Products : easy.jobs
    • EPSS Score: %0.10
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 6.4

    MEDIUM
    CVE-2023-6684

    The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' use... Read more

    Affected Products : ibtana
    • EPSS Score: %0.15
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-6638

    The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticat... Read more

    Affected Products : gg_woo_feed
    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-35058

    An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string.... Read more

    Affected Products : ait_core
    • Published: May. 21, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-6637

    The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unaut... Read more

    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-6634

    The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible ... Read more

    Affected Products : learnpress
    • EPSS Score: %90.53
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2023-6558

    The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authen... Read more

    Affected Products : import_export_wordpress_users
    • EPSS Score: %3.80
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-6504

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all version... Read more

    Affected Products : profile_builder
    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-6369

    The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible... Read more

    • EPSS Score: %0.32
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-6244

    The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtu... Read more

    Affected Products : eventon eventon-lite
    • EPSS Score: %0.11
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-6242

    The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free). This is due to missing or incorrect nonce validation on the ev... Read more

    Affected Products : eventon eventon-lite
    • EPSS Score: %0.11
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-6220

    The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated a... Read more

    Affected Products : piotnet_forms
    • EPSS Score: %6.26
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2023-6050

    The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege... Read more

    Affected Products : estatik
    • EPSS Score: %0.14
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-6049

    The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog... Read more

    Affected Products : estatik
    • EPSS Score: %1.07
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-6048

    The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are ... Read more

    Affected Products : estatik
    • EPSS Score: %0.10
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 4.8

    MEDIUM
    CVE-2023-5691

    The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administra... Read more

    Affected Products : chatbot
    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2023-51804

    An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file.... Read more

    Affected Products : forest
    • EPSS Score: %0.16
    • Published: Jan. 13, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 292247 Results