Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-10797

    The Full Screen Menu for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.7 via the Full Screen Menu Elementor Widget due to insufficient restrictions on which posts can be included. This make... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 8.8

    HIGH
    CVE-2024-12771

    The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' f... Read more

    Affected Products : ecommerce_product_catalog
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 7.2

    HIGH
    CVE-2024-12721

    The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter. This makes it possible for authentic... Read more

    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.4

    MEDIUM
    CVE-2024-12697

    The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev... Read more

    Affected Products : real.kit
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.5

    MEDIUM
    CVE-2024-12635

    The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dir_id' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin... Read more

    Affected Products : wp_docs
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-12262

    The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat... Read more

    Affected Products : ebook_store
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 8.8

    HIGH
    CVE-2024-12066

    The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2. This makes it possible for authenticated atta... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-11975

    The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.10. This is due to missing or incorrect nonce validation affecting the _wpnonce parameter. This makes i... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.4

    MEDIUM
    CVE-2024-11938

    The One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder plugin for WordPress is vulnerable to Stored Cro... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-11682

    The G Web Pro Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-11287

    The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers... Read more

    Affected Products : ebook_store
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.4

    MEDIUM
    CVE-2024-11196

    The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mctagmap shortcode in all versions up to, and including, 17.0.33 due to insufficient input sanitization and output escaping on user supplied attrib... Read more

    Affected Products : multi-column_tag_map
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 7.3

    HIGH
    CVE-2024-11977

    The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not pr... Read more

    Affected Products : kk_star_ratings
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-11607

    The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more

    Affected Products : gtpayment_donations
    • Published: Dec. 21, 2024
    • Modified: May. 14, 2025

  • 6.9

    MEDIUM
    CVE-2024-12846

    A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. T... Read more

    Affected Products : emlog
    • Published: Dec. 21, 2024
    • Modified: Jan. 10, 2025

  • 9.8

    CRITICAL
    CVE-2024-11349

    The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() f... Read more

    Affected Products : adforest
    • Published: Dec. 21, 2024
    • Modified: Aug. 12, 2025

  • 5.3

    MEDIUM
    CVE-2023-31280

    An AirVantage online Warranty Checker tool vulnerability could allow an attacker to perform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial Number in addition to the w... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 8.1

    HIGH
    CVE-2023-31279

    The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered devices on the AirVantage platform when the owner has not disabled the AirVantage Management Service on the devices or registered the device. This coul... Read more

    Affected Products :
    • Published: Dec. 21, 2024
    • Modified: Dec. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-11811

    The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization ... Read more

    Affected Products : web_push_notifications
    • Published: Dec. 20, 2024
    • Modified: Dec. 20, 2024

  • 6.1

    MEDIUM
    CVE-2024-12845

    A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack... Read more

    Affected Products : emlog
    • Published: Dec. 20, 2024
    • Modified: Jan. 07, 2025
Showing 20 of 293513 Results