Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-10646

    The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient in... Read more

    Affected Products : contact_form
    • Published: Dec. 14, 2024
    • Modified: Feb. 06, 2025

  • 7.2

    HIGH
    CVE-2024-9698

    The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. This makes it possible for authenticated attack... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 5.3

    MEDIUM
    CVE-2024-12578

    The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensi... Read more

    Affected Products : tickera
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.1

    MEDIUM
    CVE-2024-12555

    The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious ... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-12523

    The States Map US plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'states_map' shortcode in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping on user supplied attributes.... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-12517

    The WooCommerce Cart Count Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cart_button' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products : woo_cart_count_shortcode
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-12502

    The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-landing' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-12458

    The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attri... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-12448

    The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'papvfwc_views' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping ... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 4.3

    MEDIUM
    CVE-2024-12447

    The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.1

    MEDIUM
    CVE-2024-12411

    The WP Ad Guru – Banner ad, Responsive popup, Popup maker, Ad rotator & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.5.4 due to insufficient input sanitization and ... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11894

    The The Permalinker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11889

    The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-search' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user suppli... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11888

    The IDer Login for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ider_login_button' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11884

    The Wp photo text slider 50 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-photo-slider' shortcode in all versions up to, and including, 8.1 due to insufficient input sanitization and output escaping on user supplie... Read more

    Affected Products : wp_photo_text_slider_50
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11883

    The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnx_script_code' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11877

    The Cricket Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cricket_score' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11876

    The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeum_opensky' shortcode in all versions up to, and including, 1.6.9 due to insuffici... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11873

    The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomex_integration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied att... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11869

    The Buk for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buk' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024
Showing 20 of 292628 Results