Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-12501

    The Simple Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-12474

    The GeoDataSource Country Region DropDown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gds-country-dropdown' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output esc... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-12459

    The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attr... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.1

    MEDIUM
    CVE-2024-12422

    The Import Eventbrite Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for u... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11752

    The Eveeno plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eveeno' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 4.3

    MEDIUM
    CVE-2024-10690

    The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODE_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it poss... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 7.2

    HIGH
    CVE-2024-10646

    The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient in... Read more

    Affected Products : contact_form
    • Published: Dec. 14, 2024
    • Modified: Feb. 06, 2025

  • 7.2

    HIGH
    CVE-2024-9698

    The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. This makes it possible for authenticated attack... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 5.3

    MEDIUM
    CVE-2024-12578

    The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensi... Read more

    Affected Products : tickera
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.1

    MEDIUM
    CVE-2024-12555

    The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious ... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-12523

    The States Map US plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'states_map' shortcode in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping on user supplied attributes.... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-12517

    The WooCommerce Cart Count Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cart_button' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products : woo_cart_count_shortcode
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-12502

    The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-landing' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user suppl... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-12458

    The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attri... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-12448

    The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'papvfwc_views' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping ... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 4.3

    MEDIUM
    CVE-2024-12447

    The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.1

    MEDIUM
    CVE-2024-12411

    The WP Ad Guru – Banner ad, Responsive popup, Popup maker, Ad rotator & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.5.4 due to insufficient input sanitization and ... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11894

    The The Permalinker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11889

    The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-search' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user suppli... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024

  • 6.4

    MEDIUM
    CVE-2024-11888

    The IDer Login for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ider_login_button' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products :
    • Published: Dec. 14, 2024
    • Modified: Dec. 14, 2024
Showing 20 of 292714 Results