Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-4423

    The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the rsgd_insert_update() function. This makes it possible for unauthenticated a... Read more

    Affected Products : rays_grid
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4421

    The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metabox_popup_save() function. This makes it possible for unauthentic... Read more

    Affected Products : advanced_popups
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4420

    The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated ... Read more

    Affected Products : sell_media
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4419

    The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the ino_save_data() function. This makes it possible for unauthenticate... Read more

    Affected Products : wp-backgrounds-lite
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4418

    The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated atta... Read more

    Affected Products : custom_css\,_js_\&_php
    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-4417

    The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_expo... Read more

    Affected Products : forminator
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4416

    The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdf_admin_savepost() function. This makes it possible for unauthenticated at... Read more

    Affected Products : wp-mpdf
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4415

    The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshine_products_quicksave_post() function. This makes it possib... Read more

    Affected Products : sunshine_photo_cart
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4414

    The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. This is due to missing or incorrect nonce validation on the wcal_preview_emails() function. This makes it pos... Read more

    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4413

    The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthent... Read more

    Affected Products : process_steps_template_designer
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4412

    The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save() and export() functions. This makes it possible for unauthenticated a... Read more

    Affected Products : wp_prayer
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4411

    The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpep_download_transaction_in_excel() function. This... Read more

    Affected Products : wp_easypay
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4410

    The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.18. This is due to missing or incorrect nonce validation on the save_postdata() function. This makes it possible for unauthenticated... Read more

    Affected Products : qtranslate_slug
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4409

    The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the etcpf_delete_feed() function. This makes it possible for... Read more

    Affected Products : woocommerce_etsy_integration
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4408

    The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing or incorrect nonce validation on the update_answer() function. This makes it possible for unauthentic... Read more

    Affected Products : dw_question_\&_answer
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4407

    The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated... Read more

    Affected Products : custom_banners
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2021-4406

    An administrator is able to execute commands as root via the alerts management dialog... Read more

    Affected Products : quantastor
    • Published: Jul. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4405

    The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for una... Read more

    Affected Products : elasticpress
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4404

    The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler() function. This makes it possible for unauthent... Read more

    Affected Products : event_espresso_4_decaf
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-4403

    The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the validate() function. This makes it possible for unauthenticated attackers... Read more

    Affected Products : remove_schema
    • Published: Jul. 01, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294289 Results