Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2021-24405

    The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can't register, this can be done through CSRF. Further... Read more

    Affected Products : easy_cookies_policy
    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-24404

    The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same functio... Read more

    Affected Products : wp-board
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24403

    The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users... Read more

    Affected Products : wpagecontact
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24402

    The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege u... Read more

    Affected Products : wp_icommerce
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24401

    The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.... Read more

    Affected Products : wp-domain-redirect
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24400

    The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.... Read more

    Affected Products : wp-display-users
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24399

    The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.... Read more

    Affected Products : the_sorter
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24398

    The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in... Read more

    Affected Products : responsive_3d_slider
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24397

    The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.... Read more

    Affected Products : microcopy
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24396

    A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.... Read more

    Affected Products : gseor
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24395

    The editid GET parameter of the Embed Youtube Video WordPress plugin through 1.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.... Read more

    Affected Products : embed_youtube_video
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24394

    An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection... Read more

    Affected Products : easy_testimonial_manager
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24393

    A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.... Read more

    Affected Products : comment_highlighter
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24392

    An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.... Read more

    Affected Products : club-management-software
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-24391

    An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.... Read more

    Affected Products : cashtomer
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-24390

    A proid GET parameter of the WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.... Read more

    Affected Products : alipay
    • Published: Sep. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-24389

    The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Script... Read more

    Affected Products : foodbakery
    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24388

    In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the order. However, the field name is not sanitised or esc... Read more

    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-24387

    The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticat... Read more

    Affected Products : real_estate_7
    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-24386

    The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3... Read more

    Affected Products : wp_svg_images
    • Published: Jul. 06, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292843 Results