Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-13377

    The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alt’ parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.4

    HIGH
    CVE-2024-12476

    CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is i... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: XML External Entity

  • 7.1

    HIGH
    CVE-2024-12399

    CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Misconfiguration

  • 5.3

    MEDIUM
    CVE-2024-12370

    The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to add rooms... Read more

    Affected Products : wp_hotel_booking
    • Published: Jan. 17, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authorization

  • 8.7

    HIGH
    CVE-2024-11425

    CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Denial of Service

  • 4.6

    MEDIUM
    CVE-2024-11139

    CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow local attackers to exploit these issues to potentially execute arbitrary code when opening a malicious project file.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Memory Corruption

  • 6.4

    MEDIUM
    CVE-2024-13386

    The quote-posttype-plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Author field in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticat... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-13367

    The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level acce... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2024-13366

    The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'debug' parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated att... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-12637

    The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Information Disclosure

  • 6.4

    MEDIUM
    CVE-2024-12598

    The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘book’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-12508

    The Glofox Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glofox' and 'glofox_lead_capture ' shortcodes in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2024-12466

    The Proofreading plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti... Read more

    Affected Products : proofreading
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.4

    MEDIUM
    CVE-2024-12203

    The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_color’ parameter in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2024-13333

    The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subsc... Read more

    Affected Products : advanced_file_manager
    • Published: Jan. 17, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Authentication

  • 6.3

    MEDIUM
    CVE-2024-11146

    TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version ... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Feb. 20, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2024-10799

    The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, ... Read more

    Affected Products : eventer eventer
    • Published: Jan. 17, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2024-13434

    The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for un... Read more

    Affected Products : wp_inventory_manager
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13401

    The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_paypal_checkout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on us... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2024-13398

    The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'checkout_for_paypal' shortcode in all versions up to, and including, 1.0.32 due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products : checkout_for_paypal
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 291209 Results