Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-13556

    The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it po... Read more

    Affected Products : affiliate_links
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2024-13438

    The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the 'speedsize_clear_css_cache_action' function.... Read more

    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2024-13315

    The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the save_setting() function.... Read more

    Affected Products : shopwarden
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-0805

    The Mortgage Calculator / Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user... Read more

    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-0796

    The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. This is due to missing or incorrect nonce validation on the 'wprequal_reset_defaults' action. This makes it pos... Read more

    Affected Products : wprequal
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2024-13852

    The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the plugin_page() function. This makes it possible for unauthenticated attackers to update arbitrary options on t... Read more

    Affected Products : option_editor
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.5

    MEDIUM
    CVE-2024-13848

    The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atta... Read more

    Affected Products : reaction_buttons
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2024-13725

    The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allow... Read more

    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2024-13687

    The Team Builder – Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions up to, and including, 1.3. This makes it possible for au... Read more

    Affected Products : team_builder
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2024-13684

    The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the reset_db_page() function. This makes it possible for unauthenticated attacker... Read more

    Affected Products : reset
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2024-13677

    The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. This is due to the plugin not properly validating a user's... Read more

    Affected Products : get_bookings_wp
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2024-13622

    The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive ... Read more

    • Published: Feb. 18, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Information Disclosure

  • 5.9

    MEDIUM
    CVE-2024-13609

    The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1 via the class-ocm-backup.php. This makes it possible for unauthenticated a... Read more

    Affected Products : 1_click_migration
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2024-13595

    The Simple Signup Form plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'ssf' shortcode in all versions up to, and including, 1.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient prepara... Read more

    Affected Products : simple_signup_form
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-13588

    The Simplebooklet PDF Viewer and Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simplebooklet' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping o... Read more

    Affected Products : simplebooklet
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13587

    The Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_fvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization... Read more

    Affected Products : zigaform
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13582

    The Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdo_simple_pricing_table_free' shortcode in all versions up to, and including, 1.0 due to ins... Read more

    Affected Products : pricing_tables
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13581

    The Simple Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simple_chart' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes.... Read more

    Affected Products : simple_charts
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13579

    The WP-Asambleas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'polls_popup' shortcode in all versions up to, and including, 2.85.0 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products : wp-asambleas
    • Published: Feb. 18, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13578

    The WP-BibTeX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'WpBibTeX' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This ... Read more

    Affected Products : wp-bibtex wp-bibtex
    • Published: Feb. 18, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291737 Results