Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-43227

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper BetterDocs allows Stored XSS.This issue affects BetterDocs: from n/a through 3.5.8.... Read more

    Affected Products : betterdocs
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43224

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS.This issue affects YaMaps for WordPress: from n/a through 0.6.27.... Read more

    Affected Products : yamaps
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-37924

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.5

    HIGH
    CVE-2024-37935

    Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 4.0

    MEDIUM
    CVE-2024-7388

    The WP Bannerize Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via banner alt data in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att... Read more

    Affected Products : wp_bannerize_pro
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-7094

    The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of saniti... Read more

    Affected Products : js_help_desk
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-38756

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming Soon: from n/a through 1.6.3.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43165

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rashid87 WPSection allows PHP Local File Inclusion.This issue affects WPSection: from n/a through 1.3.8.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43155

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86.... Read more

    Affected Products : comboblocks
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43139

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.9.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.5

    HIGH
    CVE-2024-38747

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway f... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43218

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mediavine Mediavine Control Panel allows Stored XSS.This issue affects Mediavine Control Panel: from n/a through 2.10.4.... Read more

    Affected Products : mediavine_control_panel
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 5.1

    MEDIUM
    CVE-2024-39922

    A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43133

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1.... Read more

    Affected Products : shortcodes themify_shortcodes
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.5

    HIGH
    CVE-2024-38699

    Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13.... Read more

    Affected Products : wallet_system_for_woocommerce
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-43164

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.0.... Read more

    Affected Products :
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 5.9

    MEDIUM
    CVE-2024-43161

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2.... Read more

    Affected Products : depicter
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 7.8

    HIGH
    CVE-2024-41908

    A vulnerability has been identified in NX (All versions < V2406.3000). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code ... Read more

    Affected Products : nx
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024

  • 7.1

    HIGH
    CVE-2024-43217

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0.... Read more

    Affected Products : kodex_posts_likes
    • Published: Aug. 12, 2024
    • Modified: Aug. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-38760

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Aug. 13, 2024
Showing 20 of 293608 Results