Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-8484

    The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on t... Read more

    Affected Products : rest_api_to_miniprogram
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 4.8

    MEDIUM
    CVE-2024-7878

    The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 4.3

    MEDIUM
    CVE-2024-8476

    The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeevent_plugin_buttons() function. This makes it possible for... Read more

    Affected Products : easy_paypal_events
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 8.8

    HIGH
    CVE-2024-47330

    Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.... Read more

    Affected Products : social_share_buttons slider
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 7.8

    HIGH
    CVE-2024-6510

    Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.... Read more

    Affected Products : internet_security
    • Published: Sep. 12, 2024
    • Modified: Oct. 02, 2024

  • 6.1

    MEDIUM
    CVE-2024-8803

    The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unau... Read more

    Affected Products : bulk_noindex_\&_nofollow_toolkit
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 2.7

    LOW
    CVE-2024-8350

    The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible fo... Read more

    Affected Products : uncanny_groups_for_learndash
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 4.3

    MEDIUM
    CVE-2024-8552

    The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, w... Read more

    Affected Products : download_monitor
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 6.4

    MEDIUM
    CVE-2024-8723

    The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticat... Read more

    Affected Products : 012_ps_multi_languages
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 5.4

    MEDIUM
    CVE-2023-51157

    Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.... Read more

    Affected Products : wdms
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 7.2

    HIGH
    CVE-2024-8349

    The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for au... Read more

    Affected Products : uncanny_groups_for_learndash
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.5

    MEDIUM
    CVE-2024-8483

    The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticated attackers, with contributor-level access and above, t... Read more

    Affected Products : mas_static_content
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.1

    MEDIUM
    CVE-2024-8741

    The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.21. This makes it possible fo... Read more

    Affected Products : beam_me_up_scotty
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 8.8

    HIGH
    CVE-2024-47305

    Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08.... Read more

    Affected Products : use_any_font
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 8.8

    HIGH
    CVE-2024-46489

    A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL.... Read more

    Affected Products : promptr
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 6.1

    MEDIUM
    CVE-2024-8713

    The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated atta... Read more

    Affected Products : kodex_posts_likes
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 9.1

    CRITICAL
    CVE-2024-46488

    sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.... Read more

    Affected Products : sqlite-vec
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-7781

    The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in ... Read more

    Affected Products : jupiter_x_core jupiterx
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-8485

    The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines w... Read more

    Affected Products : rest_api_to_miniprogram
    • Published: Sep. 25, 2024
    • Modified: Oct. 02, 2024

  • 9.8

    CRITICAL
    CVE-2024-7772

    The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload... Read more

    Affected Products : jupiter_x_core jupiterx
    • Published: Sep. 26, 2024
    • Modified: Oct. 02, 2024
Showing 20 of 291153 Results