Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-12415

    The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before ru... Read more

    Affected Products : infographic_maker
    • Published: Jan. 31, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authentication

  • 9.1

    CRITICAL
    CVE-2024-12267

    The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.... Read more

    • Published: Jan. 31, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Path Traversal

  • 6.4

    MEDIUM
    CVE-2024-12037

    The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bf_new_submission_link' shortcode in all versions up... Read more

    Affected Products : buddyforms
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025

  • 7.3

    HIGH
    CVE-2024-13472

    The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value... Read more

    Affected Products : woocommerce_product_table
    • Published: Jan. 31, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-24749

    Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through 1.2.5.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-24718

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows Reflected XSS. This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.1... Read more

    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24710

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Gwolle Guestbook allows Reflected XSS. This issue affects Gwolle Guestbook: from n/a through 4.7.1.... Read more

    Affected Products : gwolle_guestbook
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24686

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss User Registration Forms RegistrationMagic allows Reflected XSS. This issue affects RegistrationMagic: from n/a through 6.0.3.3.... Read more

    Affected Products : registrationmagic
    • Published: Jan. 31, 2025
    • Modified: Feb. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24635

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paytm Paytm Payment Donation allows Reflected XSS. This issue affects Paytm Payment Donation: from n/a through 2.3.1.... Read more

    Affected Products : paytm_payment_donation
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24632

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce allows Reflected XSS. This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.... Read more

    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24609

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PortOne PORTONE 우커머스 결제 allows Reflected XSS. This issue affects PORTONE 우커머스 결제: from n/a through 3.2.4.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24608

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Mail Queue allows Reflected XSS. This issue affects GD Mail Queue: from n/a through 4.3.... Read more

    Affected Products : gd_mail_queue
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-24597

    Insertion of Sensitive Information Into Sent Data vulnerability in UkrSolution Barcode Generator for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.2.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-24563

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGlow Cleanup – Directory Listing & Classifieds WordPress Plugin allows Reflected XSS. This issue affects Cleanup – Directory Listing & Classifieds W... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24560

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Awesome TOGI Awesome Event Booking allows Reflected XSS. This issue affects Awesome Event Booking: from n/a through 2.7.1.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24551

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OneTeamSoftware Radio Buttons and Swatches for WooCommerce allows Reflected XSS. This issue affects Radio Buttons and Swatches for WooCommerce: from n/a ... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24549

    Cross-Site Request Forgery (CSRF) vulnerability in Mahbubur Rahman Post Meta allows Reflected XSS. This issue affects Post Meta: from n/a through 1.0.9.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-24535

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Donation allows Reflected XSS. This issue affects SKT Donation: from n/a through 1.9.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-24534

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emili Castells DPortfolio allows Reflected XSS. This issue affects DPortfolio: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-23990

    Cross-Site Request Forgery (CSRF) vulnerability in jablonczay Scroll Styler. This issue affects Scroll Styler: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jan. 31, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291222 Results