Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2024-13483

    The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack... Read more

    Affected Products : ltl_freight_quotes
    • Published: Feb. 19, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-13481

    The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the user supplied parameter a... Read more

    Affected Products : ltl_freight_quotes
    • Published: Feb. 19, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-13479

    The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack ... Read more

    Affected Products : ltl_freight_quotes
    • Published: Feb. 19, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-13478

    The LTL Freight Quotes – TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lac... Read more

    Affected Products : ltl_freight_quotes
    • Published: Feb. 19, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2025-1075

    Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p27, <2.2.0p40, and 2.1.0p51 (EOL) causes LDAP credentials to be written to Apache error log file accessible to administrators.... Read more

    Affected Products : checkmk checkmk
    • Published: Feb. 19, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Information Disclosure

  • 7.5

    HIGH
    CVE-2024-13489

    The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter ... Read more

    Affected Products : ltl_freight_quotes
    • Published: Feb. 19, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-1135

    A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser para... Read more

    Affected Products : churchcrm
    • Published: Feb. 19, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-1134

    A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality. The CurrentFundraiser para... Read more

    Affected Products : churchcrm
    • Published: Feb. 19, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-1133

    A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. The EID parameter is directly concatenat... Read more

    Affected Products : churchcrm
    • Published: Feb. 19, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-1132

    A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. The parameter is directly inserted into an SQL query without proper sanitization, allowing attackers to inject mal... Read more

    Affected Products : churchcrm
    • Published: Feb. 19, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Injection

  • 8.4

    HIGH
    CVE-2025-1024

    A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. This requires Administration privileges and affects the E... Read more

    Affected Products : churchcrm
    • Published: Feb. 19, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2025-1007

    In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the user is not a namespace Owner or Contributor. The details include: name, description, website, support link and ... Read more

    Affected Products : open_vsx
    • Published: Feb. 19, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-13364

    The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it possible for unauthenticate... Read more

    Affected Products : raptive_ads
    • Published: Feb. 19, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-13363

    The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated... Read more

    Affected Products : raptive_ads
    • Published: Feb. 19, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-13339

    The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.6. This is due to missing or incorrect nonce validation on the 'debounce_email_validator' page. This makes it possible ... Read more

    Affected Products : email_validator
    • Published: Feb. 19, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-13336

    The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disable-auto-updates' page. This makes it possible for unauth... Read more

    Affected Products : disable_auto_updates
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2024-13231

    The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including, 1.1.7. This makes it possible f... Read more

    Affected Products : portfoliohub uber-grid
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-0865

    The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wp_mcm_handle_action_settings() function. This makes it possible for un... Read more

    Affected Products : wp_media_category_management
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2024-13854

    The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naedu_elementor_template shortcode due to missing validation on a user controlled key. This makes ... Read more

    Affected Products : education_addon
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-13736

    The Pure Chat – Live Chat & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘purechatWidgetName’ parameter in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping. This makes it... Read more

    Affected Products : pure_chat
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291756 Results