Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2024-54209

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Awesome Shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through 1.7.2.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 7.1

    HIGH
    CVE-2024-54208

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joni Halabi Block Controller allows Reflected XSS.This issue affects Block Controller: from n/a through 1.4.2.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 5.9

    MEDIUM
    CVE-2024-54207

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPress Auction Plugin: from n/a through 3.7.... Read more

    Affected Products : wordpress_auction
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 5.9

    MEDIUM
    CVE-2024-54206

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in URBAN BASE Z-Downloads allows Stored XSS.This issue affects Z-Downloads: from n/a through 1.11.7.... Read more

    Affected Products : z-downloads
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 7.1

    HIGH
    CVE-2024-54205

    Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through 1.14.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 5.3

    MEDIUM
    CVE-2024-53826

    Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 7.2

    HIGH
    CVE-2024-53825

    Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2.... Read more

    Affected Products : filebird
    • Published: Dec. 06, 2024
    • Modified: Apr. 15, 2025

  • 7.5

    HIGH
    CVE-2024-53824

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects All Bootstrap Blocks: from n/a through 1.3.19.... Read more

    Affected Products : all_bootstrap_blocks
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 6.5

    MEDIUM
    CVE-2024-53823

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Dec. 06, 2024
    • Modified: Feb. 11, 2025

  • 7.1

    HIGH
    CVE-2024-53821

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Genetech Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from n/a before 3.8.3.3.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 09, 2024

  • 6.5

    MEDIUM
    CVE-2024-53820

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Captivate Audio Ltd Captivate Sync allows Stored XSS.This issue affects Captivate Sync: from n/a through 2.0.22.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 7.6

    HIGH
    CVE-2024-53817

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Acowebs Product Labels For Woocommerce allows Blind SQL Injection.This issue affects Product Labels For Woocommerce: from n/a through 1.5.8.... Read more

    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 8.5

    HIGH
    CVE-2024-53815

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1.... Read more

    Affected Products : pinpoint_booking_system
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 6.5

    MEDIUM
    CVE-2024-53813

    Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0.... Read more

    Affected Products : wp_travel
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 7.1

    HIGH
    CVE-2024-53812

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange WP GeoNames allows Reflected XSS.This issue affects WP GeoNames: from n/a through 1.8.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 6.6

    MEDIUM
    CVE-2024-53811

    Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40.... Read more

    Affected Products :
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 9.1

    CRITICAL
    CVE-2024-53810

    Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5.... Read more

    Affected Products : simple_user_registration
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 4.3

    MEDIUM
    CVE-2024-53809

    Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through 2.6.4.1.... Read more

    Affected Products : namaste\!_lms
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 8.5

    HIGH
    CVE-2024-53808

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8.... Read more

    Affected Products : nex-forms
    • Published: Dec. 06, 2024
    • Modified: Jan. 22, 2025

  • 9.8

    CRITICAL
    CVE-2024-53807

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0.... Read more

    Affected Products : wp_mailster
    • Published: Dec. 06, 2024
    • Modified: Feb. 07, 2025
Showing 20 of 291902 Results