Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-22494

    A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.05
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2024-22492

    A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : jfinalcms
    • EPSS Score: %0.11
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 4.6

    MEDIUM
    CVE-2024-22028

    Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the in... Read more

    • EPSS Score: %0.04
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 2.4

    LOW
    CVE-2024-0230

    A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.... Read more

    • EPSS Score: %5.16
    • Published: Jan. 12, 2024
    • Modified: Jun. 03, 2025

  • 6.4

    MEDIUM
    CVE-2023-7071

    The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization... Read more

    Affected Products : essential_blocks
    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-7048

    The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthentica... Read more

    Affected Products : my_sticky_bar
    • EPSS Score: %0.12
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-7019

    The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. ... Read more

    Affected Products : lightstart
    • EPSS Score: %0.10
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.4

    MEDIUM
    CVE-2023-6988

    The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user... Read more

    Affected Products : colibri_page_builder
    • EPSS Score: %0.16
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.8

    MEDIUM
    CVE-2023-6924

    The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl... Read more

    Affected Products : photo_gallery
    • EPSS Score: %0.19
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.1

    MEDIUM
    CVE-2023-6882

    The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘environment_mode’ parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible ... Read more

    Affected Products : simple_membership
    • EPSS Score: %1.27
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 5.3

    MEDIUM
    CVE-2023-6855

    The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pm... Read more

    Affected Products : paid_memberships_pro
    • EPSS Score: %0.35
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-6843

    The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings.... Read more

    Affected Products : easy.jobs
    • EPSS Score: %0.10
    • Published: Jan. 15, 2024
    • Modified: Jun. 03, 2025

  • 6.4

    MEDIUM
    CVE-2023-6684

    The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' use... Read more

    Affected Products : ibtana
    • EPSS Score: %0.15
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-6638

    The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticat... Read more

    Affected Products : gg_woo_feed
    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 7.5

    HIGH
    CVE-2024-35058

    An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string.... Read more

    Affected Products : ait_core
    • Published: May. 21, 2024
    • Modified: Jun. 03, 2025

  • 6.5

    MEDIUM
    CVE-2023-6637

    The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unaut... Read more

    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 9.8

    CRITICAL
    CVE-2023-6634

    The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible ... Read more

    Affected Products : learnpress
    • EPSS Score: %90.53
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 7.2

    HIGH
    CVE-2023-6558

    The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authen... Read more

    Affected Products : import_export_wordpress_users
    • EPSS Score: %3.80
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-6504

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all version... Read more

    Affected Products : profile_builder
    • EPSS Score: %0.18
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 5.4

    MEDIUM
    CVE-2023-6369

    The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible... Read more

    • EPSS Score: %0.32
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025
Showing 20 of 292735 Results