Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2021-4382

    The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbi... Read more

    Affected Products : recently
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4381

    The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This make... Read more

    Affected Products : ulisting
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4380

    The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This mak... Read more

    Affected Products : pinterest_automatic_pin
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-4379

    The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, ... Read more

    Affected Products : woocommerce_multi_currency
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-4378

    The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minim... Read more

    Affected Products : wp_quick_frontend_editor
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-4377

    The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmm_export_donations() function which is called via the admin_post_dmm_export hook due to missing capability checks. This ... Read more

    Affected Products : doneren_met_mollie
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4376

    The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.... Read more

    Affected Products : woocommerce_multi_currency
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4374

    The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthent... Read more

    Affected Products : wordpress_automatic_plugin
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-4373

    The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administra... Read more

    Affected Products : better_search
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-4372

    The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. This is due to missing sanitization on the settings imported via the import() function. This makes it ... Read more

    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4371

    The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to chang... Read more

    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4370

    The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. T... Read more

    Affected Products : ulisting
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-4369

    The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security ... Read more

    Affected Products : frontend_file_manager_plugin
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-4368

    The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfm_save_settings AJAX action. This makes it p... Read more

    Affected Products : frontend_file_manager_plugin
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-4367

    The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitiz... Read more

    Affected Products : flo_forms
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 6.3

    MEDIUM
    CVE-2021-4366

    The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attacker... Read more

    Affected Products : pwa_for_wp_\&_amp
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-4365

    The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. This is due to lacking authentication protections and santisation all on the wpfm_edit_file_title_desc AJAX... Read more

    Affected Products : frontend_file_manager_plugin
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4364

    The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authentica... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-4363

    The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on the 'save_content_front' function that uses print_r on th... Read more

    Affected Products : wp_quick_frontend_editor
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-4362

    The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possi... Read more

    Affected Products : kiwi_social_share
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294072 Results