Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2024-56175

    In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names.... Read more

    Affected Products : configured_commerce
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 8.1

    HIGH
    CVE-2024-56174

    In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history.... Read more

    Affected Products : configured_commerce
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 4.7

    MEDIUM
    CVE-2024-56173

    In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document.... Read more

    Affected Products : configured_commerce
    • Published: Dec. 18, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-1679

    The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template and javascript label fields in all versions up to, and including, 3.4.6 due ... Read more

    Affected Products : print_labels_with_barcodes
    • Published: May. 02, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-1677

    The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJ... Read more

    Affected Products : print_labels_with_barcodes
    • Published: May. 02, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-1584

    The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, ... Read more

    • Published: May. 02, 2024
    • Modified: Jun. 05, 2025

  • 7.5

    HIGH
    CVE-2024-1895

    The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value. Thi... Read more

    Affected Products : event_monster
    • Published: Apr. 30, 2024
    • Modified: Jun. 05, 2025

  • 5.3

    MEDIUM
    CVE-2024-3678

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from pas... Read more

    Affected Products : blog2social
    • Published: Apr. 26, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-2477

    The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it pos... Read more

    Affected Products : wpdiscuz
    • Published: Apr. 23, 2024
    • Modified: Jun. 05, 2025

  • 9.9

    CRITICAL
    CVE-2024-3549

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of... Read more

    Affected Products : blog2social
    • Published: Jun. 11, 2024
    • Modified: Jun. 05, 2025

  • 7.2

    HIGH
    CVE-2024-5207

    The POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insuff... Read more

    Affected Products : post_smtp
    • Published: May. 30, 2024
    • Modified: Jun. 05, 2025

  • 8.1

    HIGH
    CVE-2024-4611

    The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attacker... Read more

    Affected Products : apppresser
    • Published: May. 29, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-55660

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allo... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-2861

    The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions up to, and including, 4.15.8 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products : profilepress
    • Published: May. 23, 2024
    • Modified: Jun. 05, 2025

  • 8.7

    HIGH
    CVE-2024-55659

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a pa... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 8.7

    HIGH
    CVE-2024-55658

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitr... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 8.7

    HIGH
    CVE-2024-55657

    SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive... Read more

    Affected Products : siyuan
    • Published: Dec. 12, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-5177

    The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter within multiple widgets in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products : hash_elements
    • Published: May. 23, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-4700

    The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it p... Read more

    Affected Products : wp_table_builder wp_table_builder
    • Published: May. 21, 2024
    • Modified: Jun. 05, 2025

  • 6.4

    MEDIUM
    CVE-2024-3974

    The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_name’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at... Read more

    Affected Products : buddypress
    • Published: May. 14, 2024
    • Modified: Jun. 05, 2025
Showing 20 of 292803 Results