Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2021-24731

    The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endp... Read more

    Affected Products : pie_register
    • EPSS Score: %53.13
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-24730

    The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and ... Read more

    Affected Products : logo_showcase_with_slick_slider
    • EPSS Score: %0.08
    • Published: Feb. 28, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24729

    The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.... Read more

    Affected Products : logo_showcase_with_slick_slider
    • EPSS Score: %0.18
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-24728

    The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members... Read more

    • EPSS Score: %1.53
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-24727

    The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections... Read more

    Affected Products : block_and_stop_bad_bots
    • EPSS Score: %0.86
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-24726

    The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue... Read more

    Affected Products : wp_simple_booking_calendar
    • EPSS Score: %0.70
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-24725

    The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments... Read more

    • EPSS Score: %0.10
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24724

    The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related ... Read more

    Affected Products : timetable_and_event_schedule
    • EPSS Score: %0.25
    • Published: Sep. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24723

    The WP Reactions Lite WordPress plugin before 1.3.6 does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages.... Read more

    Affected Products : wp_reactions_lite
    • EPSS Score: %0.20
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24722

    The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capabilit... Read more

    Affected Products : restaurant_menu
    • EPSS Score: %0.21
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-24721

    The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php... Read more

    Affected Products : loco_translate
    • EPSS Score: %0.28
    • Published: Nov. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24720

    The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS).... Read more

    Affected Products : geodirectory
    • EPSS Score: %0.40
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-24719

    The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder.... Read more

    Affected Products : enfold
    • EPSS Score: %0.72
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24718

    The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    • EPSS Score: %0.21
    • Published: Dec. 06, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-24717

    The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax ac... Read more

    Affected Products : automatorwp
    • EPSS Score: %0.24
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24716

    The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin.... Read more

    Affected Products : modern_events_calendar_lite
    • EPSS Score: %0.18
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24715

    The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : wp_sitemap_page
    • EPSS Score: %0.22
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24714

    The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfil... Read more

    • EPSS Score: %0.21
    • Published: Dec. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2021-24713

    The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scrip... Read more

    • EPSS Score: %0.21
    • Published: Nov. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24712

    The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.... Read more

    Affected Products : appointment_hour_booking
    • EPSS Score: %0.26
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 290997 Results