Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-2257

    The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the ... Read more

    Affected Products : total_upkeep
    • Published: Mar. 26, 2025
    • Modified: May. 22, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2025-2167

    The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events_list' shortcodes in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. ... Read more

    Affected Products : event_post
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.2

    HIGH
    CVE-2025-2009

    The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logging functionality in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti... Read more

    Affected Products : newsletters
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.3

    HIGH
    CVE-2025-1514

    The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() function in all versions up to, and including, 1.0.6.7. This ... Read more

    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2024-13801

    The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-13702

    The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' and 'vCitaSchedulingCalendar' shortcodes in all versions up to, and including, 2.7.4 due to insufficient input ... Read more

    Affected Products : crm_and_lead_management_by_vcita
    • Published: Mar. 26, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.5

    MEDIUM
    CVE-2024-30155

    HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).... Read more

    Affected Products : hcl_sx
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2023-52972

    Huawei PCs have a vulnerability that allows low-privilege users to bypass SDDL permission checks . Successful exploitation this vulnerability could lead to termination of some system processes.... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-1784

    The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uagb block in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible f... Read more

    Affected Products : spectra
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-13146

    The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack... Read more

    Affected Products : booknetic
    • Published: Mar. 26, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.5

    LOW
    CVE-2024-12683

    The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : smart_maintenance_mode
    • Published: Mar. 26, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.8

    MEDIUM
    CVE-2024-11847

    The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.... Read more

    Affected Products : _wp_svg_upload
    • Published: Mar. 26, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-30742

    httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-of-bounds read because a certain 1024-character req string would not have a final '\0' character.... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2025-2576

    The Ayyash Studio — The kick-start kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-2573

    The Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.0 due to insufficient input sanitization a... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-2165

    The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1490

    The Smart Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘setstatus’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more

    Affected Products : smart_maintenance_mode
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-2302

    The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aws_search_terms shortcode in all versions up to, and including, 3.28 due to insufficient input sanitization and output escaping on user supplied at... Read more

    Affected Products : advanced_woo_search
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-2276

    The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7. This makes it ... Read more

    Affected Products : ultimate_dashboard
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-47516

    A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.... Read more

    Affected Products : pagure
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Injection
Showing 20 of 291756 Results