Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-0757

    The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files... Read more

    • Published: Jun. 04, 2024
    • Modified: May. 21, 2025

  • 7.5

    HIGH
    CVE-2024-4469

    The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.... Read more

    Affected Products : wp_staging
    • Published: May. 31, 2024
    • Modified: May. 21, 2025

  • 4.8

    MEDIUM
    CVE-2024-3937

    The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal... Read more

    Affected Products : playlist_for_youtube
    • Published: May. 29, 2024
    • Modified: May. 21, 2025

  • 4.8

    MEDIUM
    CVE-2024-3921

    The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e... Read more

    Affected Products : gianism
    • Published: May. 29, 2024
    • Modified: May. 21, 2025

  • 9.1

    CRITICAL
    CVE-2024-3050

    The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking... Read more

    Affected Products : site_reviews
    • Published: May. 29, 2024
    • Modified: May. 21, 2025

  • 5.4

    MEDIUM
    CVE-2024-3939

    The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more

    Affected Products : ditty
    • Published: May. 27, 2024
    • Modified: May. 21, 2025

  • 3.5

    LOW
    CVE-2024-3920

    The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more

    Affected Products : flattr
    • Published: May. 23, 2024
    • Modified: May. 21, 2025

  • 4.8

    MEDIUM
    CVE-2024-3918

    The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks.... Read more

    Affected Products : pet_manager
    • Published: May. 23, 2024
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-3917

    The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more

    Affected Products : pet_manager
    • Published: May. 23, 2024
    • Modified: May. 21, 2025

  • 8.7

    HIGH
    CVE-2024-3594

    The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : idonate
    • Published: May. 23, 2024
    • Modified: May. 21, 2025

  • 7.1

    HIGH
    CVE-2024-4290

    The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    Affected Products : sailthru_triggermail
    • Published: May. 21, 2024
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-4289

    The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as... Read more

    Affected Products : sailthru_triggermail
    • Published: May. 21, 2024
    • Modified: May. 21, 2025

  • 4.8

    MEDIUM
    CVE-2024-13119

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform ... Read more

    Affected Products : profilepress
    • Published: Feb. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-2189

    The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered... Read more

    Affected Products : social_icons_widget
    • Published: May. 21, 2024
    • Modified: May. 21, 2025

  • 6.1

    MEDIUM
    CVE-2024-3368

    The All in One SEO WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : all_in_one_seo
    • Published: May. 20, 2024
    • Modified: May. 21, 2025

  • 4.3

    MEDIUM
    CVE-2024-2744

    The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed... Read more

    Affected Products : nextgen_gallery
    • Published: May. 17, 2024
    • Modified: May. 21, 2025

  • 4.8

    MEDIUM
    CVE-2024-13120

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform ... Read more

    Affected Products : profilepress
    • Published: Feb. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-13121

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform ... Read more

    Affected Products : profilepress
    • Published: Feb. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-13125

    The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : everest_forms
    • Published: Feb. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-2054

    A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_state.php. The manipulation of the argument state_id leads to... Read more

    • Published: Mar. 07, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection
Showing 20 of 292522 Results