Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2023-6634

    The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible ... Read more

    Affected Products : learnpress
    • EPSS Score: %90.53
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2023-6558

    The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authen... Read more

    Affected Products : import_export_wordpress_users
    • EPSS Score: %3.80
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-6504

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all version... Read more

    Affected Products : profile_builder
    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-6369

    The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible... Read more

    • EPSS Score: %0.32
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-6244

    The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtu... Read more

    Affected Products : eventon eventon-lite
    • EPSS Score: %0.11
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-6242

    The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free). This is due to missing or incorrect nonce validation on the ev... Read more

    Affected Products : eventon eventon-lite
    • EPSS Score: %0.11
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-6220

    The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated a... Read more

    Affected Products : piotnet_forms
    • EPSS Score: %6.26
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2023-6050

    The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege... Read more

    Affected Products : estatik
    • EPSS Score: %0.14
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-6049

    The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog... Read more

    Affected Products : estatik
    • EPSS Score: %1.07
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-6048

    The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are ... Read more

    Affected Products : estatik
    • EPSS Score: %0.10
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 4.8

    MEDIUM
    CVE-2023-5691

    The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administra... Read more

    Affected Products : chatbot
    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2023-51804

    An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file.... Read more

    Affected Products : forest
    • EPSS Score: %0.16
    • Published: Jan. 13, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-51071

    An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link.... Read more

    Affected Products : archive_storage_manager
    • EPSS Score: %0.13
    • Published: Jan. 13, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-51068

    An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.... Read more

    Affected Products : archive_storage_manager
    • EPSS Score: %0.20
    • Published: Jan. 13, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2023-51063

    QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level.... Read more

    Affected Products : archive_storage_manager
    • EPSS Score: %0.15
    • Published: Jan. 13, 2024
    • Modified: Jun. 03, 2025

  • 8.8

    HIGH
    CVE-2023-51059

    An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface.... Read more

    • EPSS Score: %0.40
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-50919

    An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N... Read more

    • EPSS Score: %43.74
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 5.5

    MEDIUM
    CVE-2023-50440

    ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL fo... Read more

    Affected Products : zed\! zedmail zonecentral
    • EPSS Score: %0.12
    • Published: Dec. 13, 2023
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-50072

    A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a docum... Read more

    Affected Products : openkm
    • EPSS Score: %4.11
    • Published: Jan. 13, 2024
    • Modified: Jun. 03, 2025

  • 6.4

    MEDIUM
    CVE-2023-4960

    The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i... Read more

    Affected Products : wcfm_marketplace
    • EPSS Score: %0.16
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 292316 Results