Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-1570

    The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directorist_generate_password_... Read more

    Affected Products : directorist
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-1560

    The WOW Entrance Effects (WEE!) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wee' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attrib... Read more

    Affected Products : wow_entrance_effects_\(wee\!\)
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2025-1413

    DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijac... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Mar. 26, 2025
    • Vuln Type: Misconfiguration

  • 8.8

    HIGH
    CVE-2024-9195

    The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the update_settings case in the /admin/ajax.php file in all versions up to,... Read more

    Affected Products : whmcs_client_area
    • Published: Feb. 28, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-9193

    The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpress_domain_search_ajax_extended_results() function. This makes it possible for u... Read more

    Affected Products : whmcs
    • Published: Feb. 28, 2025
    • Modified: Mar. 25, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2024-9019

    The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupress_check_ban_ips_form shortcode in all versions up to, and including, 2.2.5.3 due to insufficient input sanitization and outp... Read more

    Affected Products : secupress
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-8425

    The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and includ... Read more

    Affected Products : woocommerce_ultimate_gift_card
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2024-8420

    The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attacke... Read more

    Affected Products : dhvc_form
    • Published: Feb. 28, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Authentication

  • 5.5

    MEDIUM
    CVE-2024-13851

    The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Admini... Read more

    Affected Products : modal_portfolio
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-13832

    The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. This makes it poss... Read more

    Affected Products : ultra_addons_lite_for_elementor
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Information Disclosure

  • 7.2

    HIGH
    CVE-2024-13831

    The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the 'product_has_custom_tabs' function. This makes it possible for authenticated atta... Read more

    Affected Products : tabs_for_woocommerce
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-13716

    The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.5. This makes it possible for authenticated ... Read more

    Affected Products : forex_calculators
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-13638

    The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive d... Read more

    Affected Products : order_attachments_for_woocommerce
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2024-13469

    The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping. This makes it possible for aut... Read more

    Affected Products : pricing_table
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-1572

    The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘u_id’ parameter in all versions up to, and including, 3.6.7 due to insufficient escaping on the user supplied parameter and lack of suffic... Read more

    Affected Products : kivicare
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-1571

    The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Image Comparison Widgets in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output ... Read more

    Affected Products : exclusive_addons_for_elementor
    • Published: Feb. 28, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-1405

    The Product Catalog Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_products shortcode in all versions up to, and including, 1.7.11 due to insufficient input sanitization and output escaping on user supplied ... Read more

    Affected Products : product_catalog_simple
    • Published: Feb. 28, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-0764

    The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, ... Read more

    Affected Products : wpforo_forum
    • Published: Feb. 28, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Path Traversal

  • 7.2

    HIGH
    CVE-2025-1513

    The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Name and Comment field when comment... Read more

    Affected Products : contest_gallery
    • Published: Feb. 28, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-1511

    The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 4.0.4 due to insufficient input sa... Read more

    • Published: Feb. 28, 2025
    • Modified: Mar. 06, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292786 Results