Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-13619

    The LifterLMS WordPress plugin before 8.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : lifterlms
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-13621

    The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is ... Read more

    Affected Products : gdpr_framework
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13727

    The MemberSpace WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.... Read more

    Affected Products : memberspace
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13823

    The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.... Read more

    Affected Products : 360_product_rotation
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13828

    The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : badgearoo
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-12770

    The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : wp_ulike
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-12800

    The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for examp... Read more

    Affected Products : ip_based_login
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-5859

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escapi... Read more

    • Published: Jun. 21, 2024
    • Modified: Jun. 10, 2025

  • 7.2

    HIGH
    CVE-2023-2298

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output es... Read more

    • Published: Jun. 03, 2023
    • Modified: Jun. 10, 2025

  • 7.1

    HIGH
    CVE-2023-39992

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.3.2 versions.... Read more

    • Published: Sep. 04, 2023
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2023-2415

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This ... Read more

    • Published: Jun. 03, 2023
    • Modified: Jun. 10, 2025

  • 7.2

    HIGH
    CVE-2024-5791

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction fu... Read more

    • Published: Jun. 22, 2024
    • Modified: Jun. 10, 2025

  • 7.1

    HIGH
    CVE-2024-37262

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar... Read more

    • Published: Jul. 22, 2024
    • Modified: Jun. 10, 2025

  • 6.5

    MEDIUM
    CVE-2023-2416

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it pos... Read more

    • Published: Jun. 03, 2023
    • Modified: Jun. 10, 2025

  • 5.3

    MEDIUM
    CVE-2023-2299

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a miss... Read more

    • Published: Jun. 03, 2023
    • Modified: Jun. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-12808

    The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross... Read more

    Affected Products : wp_erp
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-22123

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid accessing uninitialized curseg syzbot reports a f2fs bug as below: F2FS-fs (loop3): Stopped filesystem due to reason: 7 kworker/u8:7: attempt to access beyond end of... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-22122

    In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio >4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' of folio can't be held in 'unsigned int', cause warning i... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2024-13313

    The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : aweber
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2023-3345

    The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students... Read more

    Affected Products : masteriyo masteriyo
    • Published: Jul. 31, 2023
    • Modified: Jun. 10, 2025
Showing 20 of 293280 Results