Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2025-0939

    The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscr... Read more

    Affected Products : magicform
    • Published: Feb. 01, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-13341

    The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to insufficient escaping on the user supplied parameter and l... Read more

    Affected Products : multiloca
    • Published: Feb. 01, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2024-11829

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchable_label parameter in all versions up to, and including,... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Feb. 01, 2025
    • Modified: Feb. 04, 2025

  • 8.8

    HIGH
    CVE-2025-0366

    The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible for authenticated attackers, with Contributor-level acces... Read more

    Affected Products : jupiter_x_core
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-0365

    The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the c... Read more

    Affected Products : jupiter_x_core
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2024-13099

    The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : widget4call
    • Published: Feb. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13098

    The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wordpress_email_newsletter
    • Published: Feb. 01, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-13097

    The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.... Read more

    Affected Products : wp_finance
    • Published: Feb. 01, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.6

    MEDIUM
    CVE-2024-13096

    The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : wp_finance
    • Published: Feb. 01, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-12768

    The Responsive iframe WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored ... Read more

    Affected Products : responsive_iframe
    • Published: Feb. 01, 2025
    • Modified: May. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-12041

    The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the /wp-json/directorist/v1/users/ endpoint. This make... Read more

    Affected Products : directorist
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Information Disclosure

  • 7.8

    HIGH
    CVE-2024-53295

    Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local malicious user with low privileges could potentially exploit this vulnerability leading to escalation of privilege.... Read more

    Affected Products : data_domain_operating_system
    • Published: Feb. 01, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2024-53296

    Dell PowerProtect DD versions prior to 7.10.1.50 and 7.13.1.20 contain a Stack-based Buffer Overflow vulnerability in the RestAPI. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.... Read more

    Affected Products : data_domain_operating_system
    • Published: Feb. 01, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Denial of Service

  • 7.1

    HIGH
    CVE-2024-51534

    Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server files... Read more

    Affected Products : data_domain_operating_system
    • Published: Feb. 01, 2025
    • Modified: Feb. 07, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2024-13651

    The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possib... Read more

    • Published: Feb. 01, 2025
    • Modified: Feb. 21, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2024-13547

    The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possib... Read more

    Affected Products : athemes_addons_for_elementor
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-13343

    The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated att... Read more

    Affected Products : woocommerce_customers_manager
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-12620

    The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, ... Read more

    Affected Products : animategl_animations
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-12184

    The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4. This makes it pos... Read more

    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-12171

    The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. This makes it poss... Read more

    Affected Products : wsdesk
    • Published: Feb. 01, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization
Showing 20 of 291385 Results