Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Organici Library noo-organici-library allows Reflected XSS.This issue affects Organici L…
Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through <= 3.7.1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme CitiLights noo-citilights allows Reflected XSS.This issue affects CitiLights: from n/a t…
Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a th…
Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through <= 1.…
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Instant VA instantva allows Path Traversal.This issue affects Instant VA: from n/a throu…
Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through <= 7.1.0.30.
Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Request Forgery.This issue affects Contest Gallery: …
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a thr…
Missing Authorization vulnerability in wproyal News Magazine X news-magazine-x allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Magazine X: from n/a thr…
Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0.
Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPVulnerability: from …
Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: …
Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerc…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through < 2.8…
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a t…
Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects …
Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from …