Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2023-23887

    Missing Authorization vulnerability in Shaon Easy Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for WordPress: from n/a through 1.6.0.... Read more

    Affected Products : simple_giveaways
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 5.4

    MEDIUM
    CVE-2023-23886

    Missing Authorization vulnerability in mg12 WP-RecentComments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-RecentComments: from n/a through 2.2.7.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 5.4

    MEDIUM
    CVE-2023-23868

    Missing Authorization vulnerability in WPFactory Cost of Goods for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost of Goods for WooCommerce: from n/a through 2.8.6.... Read more

    Affected Products : cost_of_goods_for_woocommerce
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2023-23834

    Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.... Read more

    Affected Products : spectra
    • Published: Dec. 09, 2024
    • Modified: Mar. 01, 2025

  • 8.8

    HIGH
    CVE-2023-23825

    Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.... Read more

    Affected Products : spectra
    • Published: Dec. 09, 2024
    • Modified: Mar. 01, 2025

  • 4.3

    MEDIUM
    CVE-2023-23823

    Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8.... Read more

    Affected Products : enhanced_text_widget
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 3.8

    LOW
    CVE-2023-23814

    Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 5.4

    MEDIUM
    CVE-2023-23726

    Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0.... Read more

    Affected Products : tickera
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2023-23725

    Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2023-23716

    Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: from n/a through 1.8.4.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 8.8

    HIGH
    CVE-2023-23715

    Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through ... Read more

    Affected Products : jobboardwp
    • Published: Dec. 09, 2024
    • Modified: Feb. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-22708

    Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7.... Read more

    Affected Products : kraken.io_image_optimizer
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 9.8

    CRITICAL
    CVE-2023-22701

    Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.... Read more

    Affected Products : ebook_store
    • Published: Dec. 09, 2024
    • Modified: Feb. 27, 2025

  • 4.3

    MEDIUM
    CVE-2024-46901

    Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All ... Read more

    Affected Products : debian_linux subversion
    • Published: Dec. 09, 2024
    • Modified: Jul. 15, 2025

  • 4.3

    MEDIUM
    CVE-2024-12307

    A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in t... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-12306

    Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in l... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-12305

    An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the student_id parameter... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 6.1

    MEDIUM
    CVE-2024-9651

    The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : contact_form
    • Published: Dec. 09, 2024
    • Modified: May. 06, 2025

  • 8.8

    HIGH
    CVE-2024-12360

    A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as critical. This issue affects some unknown processing of the file class_update.php. The manipulation of the argument id leads to sql injection. The... Read more

    • Published: Dec. 09, 2024
    • Modified: Dec. 10, 2024

  • 5.4

    MEDIUM
    CVE-2024-12359

    A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The manipulation of the argument username leads to cross site scripting. The a... Read more

    Affected Products : admin_dashboard
    • Published: Dec. 09, 2024
    • Modified: Dec. 10, 2024
Showing 20 of 291921 Results