Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2022-21125

    Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    • EPSS Score: %0.52
    • Published: Jun. 15, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-21123

    Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.... Read more

    • EPSS Score: %0.32
    • Published: Jun. 15, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-1969

    The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for ... Read more

    Affected Products : mobile_browser_color_select
    • EPSS Score: %0.17
    • Published: Jun. 13, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-1961

    The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with ad... Read more

    Affected Products : google_tag_manager
    • EPSS Score: %0.84
    • Published: Jun. 13, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-1912

    The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated ... Read more

    Affected Products : button_widget_smartsoft
    • EPSS Score: %0.19
    • Published: Jul. 18, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-1900

    The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plu... Read more

    Affected Products : copify
    • EPSS Score: %0.14
    • Published: Jun. 13, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-1822

    The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for una... Read more

    • EPSS Score: %2.98
    • Published: Jun. 13, 2022
    • Modified: May. 05, 2025

  • 5.5

    MEDIUM
    CVE-2022-1750

    The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products : sticky_popup
    • EPSS Score: %0.30
    • Published: Jun. 13, 2022
    • Modified: May. 05, 2025

  • 8.8

    HIGH
    CVE-2022-1749

    The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject ... Read more

    Affected Products : wpmk_ajax_finder
    • EPSS Score: %0.20
    • Published: Jun. 13, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-1707

    The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15... Read more

    Affected Products : google_tag_manager
    • EPSS Score: %58.57
    • Published: Jun. 13, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-1567

    The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.... Read more

    Affected Products : wp-js
    • EPSS Score: %0.25
    • Published: May. 10, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-1505

    The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthentica... Read more

    Affected Products : rsvpmaker
    • EPSS Score: %3.43
    • Published: May. 10, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-1473

    The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes... Read more

    • EPSS Score: %0.23
    • Published: May. 03, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-1453

    The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attac... Read more

    Affected Products : rsvpmaker
    • EPSS Score: %6.42
    • Published: May. 10, 2022
    • Modified: May. 05, 2025

  • 7.5

    HIGH
    CVE-2022-1442

    The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-pa... Read more

    • EPSS Score: %85.20
    • Published: May. 10, 2022
    • Modified: May. 05, 2025

  • 5.3

    MEDIUM
    CVE-2022-1343

    The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response... Read more

    • EPSS Score: %0.12
    • Published: May. 03, 2022
    • Modified: May. 05, 2025

  • 6.1

    MEDIUM
    CVE-2022-1187

    The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross-Site Scripting via POST data found in the ~/inc/admin.php file which allows unauthenticated attackers to inject arbitrary web scripts in versions up to, and including, 1.7.21.... Read more

    Affected Products : wp_youtube_live
    • EPSS Score: %3.23
    • Published: Apr. 19, 2022
    • Modified: May. 05, 2025

  • 4.8

    MEDIUM
    CVE-2022-1094

    The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : amr_users
    • EPSS Score: %0.19
    • Published: Apr. 25, 2022
    • Modified: May. 05, 2025

  • 9.8

    CRITICAL
    CVE-2022-0992

    The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized... Read more

    • EPSS Score: %4.37
    • Published: Apr. 19, 2022
    • Modified: May. 05, 2025

  • 6.4

    MEDIUM
    CVE-2022-0750

    The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-mason... Read more

    Affected Products : photoswipe_masonry_gallery
    • EPSS Score: %0.19
    • Published: Mar. 23, 2022
    • Modified: May. 05, 2025
Showing 20 of 291219 Results