Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-0405

    The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'd... Read more

    Affected Products : burst_statistics
    • EPSS Score: %0.17
    • Published: Jan. 17, 2024
    • Modified: Jun. 02, 2025

  • 6.4

    MEDIUM
    CVE-2024-0381

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes ... Read more

    Affected Products : wp_recipe_maker
    • EPSS Score: %0.98
    • Published: Jan. 18, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2024-0238

    The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary ... Read more

    Affected Products : eventon
    • EPSS Score: %0.73
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 5.3

    MEDIUM
    CVE-2024-0237

    The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc... Read more

    Affected Products : eventon
    • EPSS Score: %0.29
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-7151

    The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as... Read more

    • EPSS Score: %0.26
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2023-7083

    The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack... Read more

    Affected Products : voting_record
    • EPSS Score: %0.16
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 4.8

    MEDIUM
    CVE-2023-6732

    The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : ultimate_maps
    • EPSS Score: %0.08
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 4.3

    MEDIUM
    CVE-2023-6292

    The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.... Read more

    Affected Products : ecwid_ecommerce_shopping_cart
    • EPSS Score: %0.12
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2023-5922

    The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access a... Read more

    Affected Products : royal_elementor_addons
    • EPSS Score: %1.02
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2023-52069

    kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter.... Read more

    Affected Products : kodbox
    • EPSS Score: %0.08
    • Published: Jan. 17, 2024
    • Modified: Jun. 02, 2025

  • 8.8

    HIGH
    CVE-2023-51217

    An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component.... Read more

    Affected Products : tws-200_firmware tws-200
    • EPSS Score: %1.46
    • Published: Jan. 18, 2024
    • Modified: Jun. 02, 2025

  • 7.5

    HIGH
    CVE-2023-50614

    An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci.... Read more

    Affected Products : e880-ir01_firmware e880-ir01
    • EPSS Score: %0.06
    • Published: Jan. 18, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-50028

    In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection.... Read more

    Affected Products : sliding_cart_block
    • EPSS Score: %0.14
    • Published: Jan. 19, 2024
    • Modified: Jun. 02, 2025

  • 5.4

    MEDIUM
    CVE-2023-49943

    Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.... Read more

    Affected Products : manageengine_servicedesk_plus_msp
    • EPSS Score: %0.84
    • Published: Jan. 18, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-48858

    A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part.... Read more

    Affected Products : abo.cms
    • EPSS Score: %0.18
    • Published: Jan. 17, 2024
    • Modified: Jun. 02, 2025

  • 5.5

    MEDIUM
    CVE-2023-48345

    In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • EPSS Score: %0.01
    • Published: Jan. 18, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-46952

    Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header.... Read more

    Affected Products : abo.cms
    • EPSS Score: %0.14
    • Published: Jan. 17, 2024
    • Modified: Jun. 02, 2025

  • 2.7

    LOW
    CVE-2023-2252

    The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.... Read more

    Affected Products : directorist
    • EPSS Score: %11.53
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025

  • 9.8

    CRITICAL
    CVE-2023-27168

    An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.... Read more

    Affected Products : write-back_manager
    • EPSS Score: %0.24
    • Published: Jan. 19, 2024
    • Modified: Jun. 02, 2025

  • 6.1

    MEDIUM
    CVE-2023-0769

    The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.... Read more

    Affected Products : migration_simple
    • EPSS Score: %0.28
    • Published: Jan. 16, 2024
    • Modified: Jun. 02, 2025
Showing 20 of 292759 Results