Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2024-12770

    The WP ULike WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : wp_ulike
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-12800

    The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for examp... Read more

    Affected Products : ip_based_login
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-5859

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escapi... Read more

    • Published: Jun. 21, 2024
    • Modified: Jun. 10, 2025

  • 7.2

    HIGH
    CVE-2023-2298

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output es... Read more

    • Published: Jun. 03, 2023
    • Modified: Jun. 10, 2025

  • 7.1

    HIGH
    CVE-2023-39992

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.3.2 versions.... Read more

    • Published: Sep. 04, 2023
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2023-2415

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This ... Read more

    • Published: Jun. 03, 2023
    • Modified: Jun. 10, 2025

  • 7.2

    HIGH
    CVE-2024-5791

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction fu... Read more

    • Published: Jun. 22, 2024
    • Modified: Jun. 10, 2025

  • 7.1

    HIGH
    CVE-2024-37262

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar... Read more

    • Published: Jul. 22, 2024
    • Modified: Jun. 10, 2025

  • 6.5

    MEDIUM
    CVE-2023-2416

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it pos... Read more

    • Published: Jun. 03, 2023
    • Modified: Jun. 10, 2025

  • 5.3

    MEDIUM
    CVE-2023-2299

    The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a miss... Read more

    • Published: Jun. 03, 2023
    • Modified: Jun. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-12808

    The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross... Read more

    Affected Products : wp_erp
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2025-22123

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid accessing uninitialized curseg syzbot reports a f2fs bug as below: F2FS-fs (loop3): Stopped filesystem due to reason: 7 kworker/u8:7: attempt to access beyond end of... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Misconfiguration

  • 0.0

    NA
    CVE-2025-22122

    In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio >4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' of folio can't be held in 'unsigned int', cause warning i... Read more

    Affected Products : linux_kernel
    • Published: Apr. 16, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Misconfiguration

  • 4.8

    MEDIUM
    CVE-2024-13313

    The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : aweber
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2023-3345

    The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students... Read more

    Affected Products : masteriyo masteriyo
    • Published: Jul. 31, 2023
    • Modified: Jun. 10, 2025

  • 4.8

    MEDIUM
    CVE-2024-12743

    The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : mailpoet
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-12767

    The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts... Read more

    Affected Products : buddyboss_platform
    • Published: May. 15, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Authorization

  • 7.2

    HIGH
    CVE-2023-6636

    The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authe... Read more

    • Published: Jan. 11, 2024
    • Modified: Jun. 10, 2025

  • 5.4

    MEDIUM
    CVE-2022-4653

    The Greenshift WordPress plugin before 4.8.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.... Read more

    • Published: Jan. 16, 2023
    • Modified: Jun. 10, 2025

  • 6.5

    MEDIUM
    CVE-2024-44005

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/... Read more

    • Published: Sep. 18, 2024
    • Modified: Jun. 10, 2025
Showing 20 of 293350 Results