Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2022-3237

    The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.... Read more

    Affected Products : wp_contact_slider
    • EPSS Score: %0.16
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 5.4

    MEDIUM
    CVE-2022-3096

    The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators... Read more

    Affected Products : wp_total_hacks
    • EPSS Score: %0.15
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-37623

    Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js.... Read more

    Affected Products : browserify-shim
    • EPSS Score: %0.14
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2022-31692

    Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application ... Read more

    • EPSS Score: %6.71
    • Published: Oct. 31, 2022
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2018-6347

    An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior to v2018.12.31.00.... Read more

    Affected Products : proxygen proxygen
    • EPSS Score: %0.43
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2018-6346

    A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This affects Proxygen prior to v2018.12.31.00.... Read more

    Affected Products : proxygen proxygen
    • EPSS Score: %0.33
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2018-6344

    A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93,... Read more

    Affected Products : whatsapp
    • EPSS Score: %0.57
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2018-6343

    Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releas... Read more

    Affected Products : proxygen
    • EPSS Score: %0.27
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 9.8

    CRITICAL
    CVE-2018-6331

    Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.... Read more

    Affected Products : buck
    • EPSS Score: %0.44
    • Published: Dec. 31, 2018
    • Modified: May. 06, 2025

  • 7.1

    HIGH
    CVE-2024-13574

    The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : xv_random_quotes
    • Published: Mar. 11, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-13580

    The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack... Read more

    Affected Products : xv_random_quotes
    • Published: Mar. 11, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.5

    LOW
    CVE-2024-13615

    The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cr... Read more

    Affected Products : social_snap
    • Published: Mar. 11, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2024-13836

    The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wp_login_control
    • Published: Mar. 11, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-2018

    The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th... Read more

    Affected Products : wp_activity_log wp_activity_log
    • Published: Apr. 09, 2024
    • Modified: May. 06, 2025

  • 7.2

    HIGH
    CVE-2024-1812

    The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7 via the 'font_url' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations ... Read more

    Affected Products : everest_forms
    • Published: Apr. 09, 2024
    • Modified: May. 06, 2025

  • 6.5

    MEDIUM
    CVE-2023-6695

    The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract ... Read more

    Affected Products : beaver_themer
    • Published: Apr. 09, 2024
    • Modified: May. 06, 2025

  • 7.1

    HIGH
    CVE-2024-1385

    The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismiss_notices() function in all versions up to, and including, 3.4.0. This makes it possible for authenticat... Read more

    Affected Products : wp-stateless
    • Published: Apr. 06, 2024
    • Modified: May. 06, 2025

  • 7.5

    HIGH
    CVE-2024-13344

    The Advance Seat Reservation Management for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'profileId' parameter in all versions up to, and including, 3.3 due to insufficient escaping on the user supplied parameter and lack of suf... Read more

    • Published: May. 02, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-13322

    The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'a_id' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack o... Read more

    Affected Products : ads_pro
    • Published: May. 02, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-4179

    The Flynax Bridge plugin for WordPress is vulnerable to limited Privilege Escalation due to a missing capability check on the registerUser() function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to regi... Read more

    Affected Products : flynax_bridge
    • Published: May. 02, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Authorization
Showing 20 of 291419 Results