Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-12885

    The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possibl... Read more

    Affected Products :
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 4.3

    MEDIUM
    CVE-2024-12826

    The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This make... Read more

    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 6.4

    MEDIUM
    CVE-2024-12817

    The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_link' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attribute... Read more

    Affected Products :
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 6.4

    MEDIUM
    CVE-2024-12816

    The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'notice-board' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied at... Read more

    Affected Products :
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 6.4

    MEDIUM
    CVE-2024-12529

    The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user s... Read more

    Affected Products :
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 6.4

    MEDIUM
    CVE-2024-12512

    The Ask Me Anything (Anonymously) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'askmeanythingpeople' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on us... Read more

    Affected Products :
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 4.3

    MEDIUM
    CVE-2024-12113

    The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions ... Read more

    Affected Products : youzify
    • Published: Jan. 25, 2025
    • Modified: May. 28, 2025

  • 6.1

    MEDIUM
    CVE-2024-12076

    The Target Video Easy Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the resync_carousel(), seek_snapshot(), uploaded_cc(), and ... Read more

    Affected Products :
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 6.4

    MEDIUM
    CVE-2024-11825

    The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘zone’ parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at... Read more

    Affected Products : broadstreet
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 7.2

    HIGH
    CVE-2024-12600

    The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frs_woo_product_tabs' parameter. This makes it possible fo... Read more

    Affected Products :
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 6.4

    MEDIUM
    CVE-2024-10552

    The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it... Read more

    Affected Products :
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 8.8

    HIGH
    CVE-2025-0682

    The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and... Read more

    Affected Products : addons
    • Published: Jan. 25, 2025
    • Modified: Aug. 08, 2025

  • 6.4

    MEDIUM
    CVE-2024-13721

    The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possibl... Read more

    Affected Products :
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 7.0

    HIGH
    CVE-2025-0411

    7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target mus... Read more

    Affected Products : 7-zip
    • Actively Exploited
    • Published: Jan. 25, 2025
    • Modified: Feb. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-13709

    The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. This makes it possible for unauthenticated attackers to re... Read more

    Affected Products : linear
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 9.8

    CRITICAL
    CVE-2025-0357

    The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenti... Read more

    Affected Products : wpbookit wpbookit
    • Published: Jan. 25, 2025
    • Modified: Jun. 27, 2025

  • 5.3

    MEDIUM
    CVE-2025-24361

    Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site... Read more

    Affected Products : nuxt
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 5.3

    MEDIUM
    CVE-2025-24360

    Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the ... Read more

    Affected Products : nuxt
    • Published: Jan. 25, 2025
    • Modified: Jan. 25, 2025

  • 9.8

    CRITICAL
    CVE-2024-50698

    SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025

  • 8.1

    HIGH
    CVE-2024-50697

    In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow.... Read more

    Affected Products : winet-s_firmware winet-s
    • Published: Jan. 24, 2025
    • Modified: May. 29, 2025
Showing 20 of 291132 Results