Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2024-57970

    libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.... Read more

    Affected Products : libarchive
    • Published: Feb. 16, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Memory Corruption

  • 4.8

    MEDIUM
    CVE-2025-1332

    A vulnerability has been found in FastCMS up to 0.1.5 and classified as problematic. This vulnerability affects unknown code of the file /fastcms.html#/template/menu of the component Template Menu. The manipulation leads to cross site scripting. The attac... Read more

    Affected Products : fastcms fastcms
    • Published: Feb. 16, 2025
    • Modified: Feb. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 10.0

    CRITICAL
    CVE-2025-26793

    The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configura... Read more

    Affected Products :
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authentication

  • 5.4

    MEDIUM
    CVE-2024-13834

    The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. This m... Read more

    Affected Products : responsive_addons
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-0822

    Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbit... Read more

    Affected Products : bit_assist
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2024-13500

    The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.6.17 due to insuf... Read more

    Affected Products : wp_project_manager
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 7.5

    HIGH
    CVE-2024-13488

    The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack... Read more

    Affected Products : ltl_freight_quotes
    • Published: Feb. 15, 2025
    • Modified: Feb. 28, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2024-13439

    The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated attackers,... Read more

    Affected Products : team
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-10581

    The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it possib... Read more

    Affected Products : directorypress
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.4

    MEDIUM
    CVE-2025-1005

    The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products : elementskit_elementor_addons
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-13752

    The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versi... Read more

    Affected Products : wp_project_manager
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Denial of Service

  • 9.8

    CRITICAL
    CVE-2024-12562

    The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for unauthentica... Read more

    Affected Products : s2member
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2025-22209

    A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.... Read more

    Affected Products : js_jobs
    • Published: Feb. 15, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2025-22208

    A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature.... Read more

    Affected Products : js_jobs
    • Published: Feb. 15, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-0935

    The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. This makes it possible for authenticated attackers, ... Read more

    Affected Products : media_library_folders
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-13563

    The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attri... Read more

    Affected Products : front_end_users
    • Published: Feb. 15, 2025
    • Modified: Feb. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-13525

    The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level acce... Read more

    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Information Disclosure

  • 9.8

    CRITICAL
    CVE-2024-13513

    The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to ex... Read more

    Affected Products : oliver_pos
    • Published: Feb. 15, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2024-13306

    The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_... Read more

    Affected Products : wp_google_map
    • Published: Feb. 15, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2024-13208

    The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_... Read more

    Affected Products : wp_google_map
    • Published: Feb. 15, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292850 Results