Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-9417

    The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthen... Read more

    Affected Products : hash_form
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.9

    MEDIUM
    CVE-2024-47764

    cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alte... Read more

    Affected Products : cookie
    • Published: Oct. 04, 2024
    • Modified: Oct. 07, 2024

  • 7.5

    HIGH
    CVE-2024-44012

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpdev33 WP Newsletter Subscription allows PHP Local File Inclusion.This issue affects WP Newsletter Subscription: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.8

    MEDIUM
    CVE-2024-8743

    The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed f... Read more

    Affected Products : file_manager
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 7.5

    HIGH
    CVE-2024-44011

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Ticket Ultra WP Ticket Ultra Help Desk & Support Plugin allows PHP Local File Inclusion.This issue affects WP Ticket Ultra Help Desk & Support Plugin: from ... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 8.0

    HIGH
    CVE-2024-47319

    Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form – Contact Form Plugin allows Code Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.10.... Read more

    Affected Products : bit_form
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.9

    MEDIUM
    CVE-2024-47848

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from ... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 7.5

    HIGH
    CVE-2024-44015

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Users Control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through 1.0.16.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 7.5

    HIGH
    CVE-2024-44013

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Innate Images LLC VR Calendar allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through 2.4.0.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.6

    MEDIUM
    CVE-2024-47309

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Condless Cities Shipping Zones for WooCommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a through 1.2.7... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47650

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1.... Read more

    Affected Products : wp-webauthn
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 5.1

    MEDIUM
    CVE-2024-44010

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Catch Themes Full frame allows Stored XSS.This issue affects Full frame: from n/a through 2.7.2.... Read more

    Affected Products :
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 5.9

    MEDIUM
    CVE-2024-44040

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Plainware ShiftController Employee Shift Scheduling allows Stored XSS.This issue affects ShiftController Employee Shift Scheduling: from n/a throu... Read more

    Affected Products : shiftcontroller
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47621

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.10.... Read more

    Affected Products : zotpress
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 5.3

    MEDIUM
    CVE-2024-47344

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5.... Read more

    Affected Products :
    • Published: Oct. 07, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47329

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.0.... Read more

    Affected Products : elementsready
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47626

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.5.0.... Read more

    Affected Products : romethemekit_for_elementor
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 6.5

    MEDIUM
    CVE-2024-47382

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webvitaly Page-list allows Stored XSS.This issue affects Page-list: from n/a through 5.6.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024

  • 7.1

    HIGH
    CVE-2024-47320

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WS Form WS Form LITE allows Stored XSS.This issue affects WS Form LITE: from n/a through 1.9.238.... Read more

    Affected Products : ws_form
    • Published: Oct. 06, 2024
    • Modified: Oct. 07, 2024

  • 5.9

    MEDIUM
    CVE-2024-47371

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Walter Pinem WP MyLinks allows Stored XSS.This issue affects WP MyLinks: from n/a through 1.0.6.... Read more

    Affected Products :
    • Published: Oct. 05, 2024
    • Modified: Oct. 07, 2024
Showing 20 of 291647 Results