Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-9669

    The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level a... Read more

    Affected Products : filester
    • Published: Nov. 28, 2024
    • Modified: Feb. 26, 2025

  • 8.8

    HIGH
    CVE-2024-8066

    The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subs... Read more

    Affected Products : filester
    • Published: Nov. 28, 2024
    • Modified: Feb. 26, 2025

  • 6.4

    MEDIUM
    CVE-2024-11788

    The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sw-youtube-embed' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 6.4

    MEDIUM
    CVE-2024-11786

    The Login with Vipps and MobilePay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'continue-with-vipps' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 6.4

    MEDIUM
    CVE-2024-11761

    The LegalWeb Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'legalweb-popup' shortcode in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attrib... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 6.1

    MEDIUM
    CVE-2024-11685

    The `Kudos Donations – Easy donations and payments with Mollie` plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of `add_query_arg` without appropriate escaping on the URL in all versions up to, and including, 3.2.9. Thi... Read more

    Affected Products : kudos_donations
    • Published: Nov. 28, 2024
    • Modified: Jul. 16, 2025

  • 6.1

    MEDIUM
    CVE-2024-11684

    The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping... Read more

    Affected Products : kudos_donations
    • Published: Nov. 28, 2024
    • Modified: Jul. 14, 2025

  • 6.1

    MEDIUM
    CVE-2024-11458

    The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ays_faq_tab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for una... Read more

    Affected Products : faq_builder
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 6.4

    MEDIUM
    CVE-2024-11431

    The Ragic Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ragic' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 6.1

    MEDIUM
    CVE-2024-11366

    The SEO Landing Page Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.66.2. This makes it possible for unauthenti... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 6.4

    MEDIUM
    CVE-2024-11333

    The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hls_player' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. T... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 6.4

    MEDIUM
    CVE-2024-11203

    The EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘provider_name parameter in all... Read more

    Affected Products : embedpress
    • Published: Nov. 28, 2024
    • Modified: Apr. 11, 2025

  • 8.8

    HIGH
    CVE-2024-36466

    A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.... Read more

    Affected Products : zabbix
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 9.8

    CRITICAL
    CVE-2024-11925

    The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_a... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 4.3

    MEDIUM
    CVE-2024-11918

    The Image Alt Text plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the iat_add_alt_txt_action and iat_update_alt_txt_action AJAX actions in all versions up to, and including, 2.0.0. This makes ... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024

  • 5.4

    MEDIUM
    CVE-2024-10896

    The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting... Read more

    Affected Products : gs_logo_slider logo_slider logo_slider
    • Published: Nov. 28, 2024
    • Modified: May. 15, 2025

  • 4.8

    MEDIUM
    CVE-2024-10510

    The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilte... Read more

    Affected Products : adbuddy\+_\(adblocker_detection\)
    • Published: Nov. 28, 2024
    • Modified: Jun. 09, 2025

  • 5.4

    MEDIUM
    CVE-2024-10493

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is... Read more

    Affected Products : element_pack
    • Published: Nov. 28, 2024
    • Modified: May. 15, 2025

  • 5.4

    MEDIUM
    CVE-2024-10473

    The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripti... Read more

    Affected Products : gs_logo_slider logo_slider logo_slider
    • Published: Nov. 28, 2024
    • Modified: May. 15, 2025

  • 2.4

    LOW
    CVE-2024-46939

    The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files... Read more

    Affected Products :
    • Published: Nov. 28, 2024
    • Modified: Nov. 28, 2024
Showing 20 of 291401 Results