Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-10837

    The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This m... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51760

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RistrettoApps Dashing Memberships allows Reflected XSS.This issue affects Dashing Memberships: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51719

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevin Walker, Roman Peterhans Simplistic SEO allows Reflected XSS.This issue affects Simplistic SEO: from n/a through 2.3.0.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51714

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Syed Umair Hussain Shah User Password Reset allows Reflected XSS.This issue affects User Password Reset: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51708

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narnoo Wordpress developer Narnoo Commerce Manager allows Reflected XSS.This issue affects Narnoo Commerce Manager: from n/a through 1.6.0.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.3

    HIGH
    CVE-2024-10640

    The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2. This is due to the software allowing users to execute an action that does not p... Read more

    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51763

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Team Showcase and Slider – Team Members Builder allows Reflected XSS.This issue affects Team Showcase and Slider – Team Members Bu... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51762

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nightshift Creative PropertyShift allows Reflected XSS.This issue affects PropertyShift: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 8.8

    HIGH
    CVE-2024-10674

    The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it po... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-51786

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BestWebSoft Realty by BestWebSoft allows Stored XSS.This issue affects Realty by BestWebSoft: from n/a through 1.1.5.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51783

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in zaus Forms: 3rd-Party Post Again allows Reflected XSS.This issue affects Forms: 3rd-Party Post Again: from n/a through 0.3.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 8.5

    HIGH
    CVE-2024-51602

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oleksandr Ustymenko Simple Job Manager allows SQL Injection.This issue affects Simple Job Manager: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 8.5

    HIGH
    CVE-2024-51579

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder.Biz 5 Stars Rating Funnel allows SQL Injection.This issue affects 5 Stars Rating Funnel: from n/a through 1.4.01.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-10669

    The Countdown Timer block – Display the event's date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode due to insufficient restrictions on which posts can be i... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-51618

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DuoGeek Custom Admin Menu allows Stored XSS.This issue affects Custom Admin Menu: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-10588

    The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level ... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51630

    Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through 1.3.1.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-51627

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kaedinger Audio Comparison Lite audio-comparison-lite allows Stored XSS.This issue affects Audio Comparison Lite: from n/a through 3.4.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 7.1

    HIGH
    CVE-2024-51704

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hanusek imPress allows Reflected XSS.This issue affects imPress: from n/a through 0.1.4.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024

  • 6.5

    MEDIUM
    CVE-2024-51614

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aajoda Aajoda Testimonials allows Stored XSS.This issue affects Aajoda Testimonials: from n/a through 2.2.2.... Read more

    Affected Products :
    • Published: Nov. 09, 2024
    • Modified: Nov. 12, 2024
Showing 20 of 291254 Results