Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-54315

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.2.... Read more

    Affected Products : events_addon_for_elementor
    • Published: Dec. 13, 2024
    • Modified: Apr. 11, 2025

  • 6.5

    MEDIUM
    CVE-2024-54314

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.6.0.... Read more

    Affected Products : primary_addon_for_elementor
    • Published: Dec. 13, 2024
    • Modified: Apr. 11, 2025

  • 6.5

    MEDIUM
    CVE-2024-54313

    Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25.... Read more

    Affected Products : full_-_customer
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54312

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ووکامرس فارسی Persian Woocommerce SMS allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through 7.0.5.... Read more

    Affected Products : persian_woocommerce_sms
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2024-54311

    Missing Authorization vulnerability in i.lychkov Mark New Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through 7.5.1.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.3

    MEDIUM
    CVE-2024-54310

    Missing Authorization vulnerability in Aslam Khan Gouran Gou Manage My Account Menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Gou Manage My Account Menu: from n/a through 1.0.1.8.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-54309

    Insertion of Sensitive Information Into Sent Data vulnerability in wpdebuglog PostBox allows Retrieve Embedded Sensitive Data.This issue affects PostBox: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 5.9

    MEDIUM
    CVE-2024-54308

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.today Cryptocurrency Price Widget allows Stored XSS.This issue affects Cryptocurrency Price Widget: from n/a through 1.2.3.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2024-54307

    Cross-Site Request Forgery (CSRF) vulnerability in AIpost AIcomments allows Cross Site Request Forgery.This issue affects AIcomments: from n/a through 1.4.1.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2024-54306

    Cross-Site Request Forgery (CSRF) vulnerability in KCT AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot allows Cross Site Request Forgery.This issue affects AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot: from n/a through 1.6.2... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54305

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woocs J&T Express Malaysia allows Reflected XSS.This issue affects J&T Express Malaysia: from n/a through 2.0.13.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 8.5

    HIGH
    CVE-2024-54304

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support – WordPress Help Desk allows SQL Injection.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54303

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky / yalla ya! Simple Payment allows Reflected XSS.This issue affects Simple Payment: from n/a through 2.3.7.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54302

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VForm allows Reflected XSS.This issue affects VForm: from n/a through 3.0.0.... Read more

    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54301

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormFacade FormFacade allows Reflected XSS.This issue affects FormFacade: from n/a through 1.3.6.... Read more

    Affected Products : formfacade
    • Published: Dec. 13, 2024
    • Modified: Jun. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-54300

    Cross-Site Request Forgery (CSRF) vulnerability in Neuralabz LTD. AutoWP allows Cross Site Request Forgery.This issue affects AutoWP: from n/a through 2.0.8.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 7.1

    HIGH
    CVE-2024-54299

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Revi Revi.io allows Reflected XSS.This issue affects Revi.io: from n/a through 5.7.3.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2024-54298

    Missing Authorization vulnerability in Bill Minozzi Car Dealer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Dealer: from n/a through 4.46.... Read more

    Affected Products : car_dealer
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-54297

    Authentication Bypass Using an Alternate Path or Channel vulnerability in www.vbsso.com vBSSO-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through 1.4.3.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.8

    CRITICAL
    CVE-2024-54296

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024
Showing 20 of 292714 Results