Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-11428

    The Lazy load videos and sticky control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lazy-load-videos-and-sticky-control' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization a... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2024-11424

    The Slick Sitemap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slick-sitemap' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attribut... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-11416

    The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the save_option() function. This makes it possible for unauthentica... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2024-11414

    The RecipePress Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Ingredients in all versions up to, and including, 2.12.0 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2024-11412

    The Shine PDF Embeder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shinepdf' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes.... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2024-11409

    The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from cs_all_photos_details parameter. This makes it possible for authenticated attackers, wit... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2024-11388

    The Dino Game – Embed Google Chrome Dinosaur Game in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dino-game' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and ... Read more

    Affected Products : dino_game
    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 6.4

    MEDIUM
    CVE-2024-11385

    The Pure CSS Circle Progress bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'circle_progress' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user su... Read more

    Affected Products : pure_css_circle_progress_bar
    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-11371

    The Theater for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.18.6.2. This makes it possible for unauthenticat... Read more

    Affected Products : theater_for_wordpress theater
    • Published: Nov. 21, 2024
    • Modified: Dec. 16, 2024

  • 6.1

    MEDIUM
    CVE-2024-11370

    The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenti... Read more

    Affected Products : subaccounts_for_woocommerce
    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-11365

    The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This mak... Read more

    Affected Products : crypto_and_defi_widgets
    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-11360

    The Page Parts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attacker... Read more

    Affected Products : page_parts
    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 4.3

    MEDIUM
    CVE-2024-11354

    The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the del_ytsingvid() function in all versions up to, and including, 3.3. This makes it possib... Read more

    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 5.3

    MEDIUM
    CVE-2024-11334

    The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportar_registros() function in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers t... Read more

    Affected Products : my_contador_lesr
    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 9.8

    CRITICAL
    CVE-2024-11320

    Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4... Read more

    Affected Products : pandora_fms
    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 4.2

    MEDIUM
    CVE-2024-11197

    The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attacke... Read more

    Affected Products : lock_user_account
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2024-10898

    The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7_email_add_on_add_admin_template() function. This makes it possible for authenticated attackers, with Contribut... Read more

    Affected Products : contact_form_7_email_add_on
    • Published: Nov. 21, 2024
    • Modified: Nov. 26, 2024

  • 6.1

    MEDIUM
    CVE-2024-10890

    The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.7. This makes it p... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-10796

    The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.2.1 via the 'ifso-show-post' shortcode due to insufficient restrictions on which posts can be included. This mak... Read more

    Affected Products : dynamic_content_personalization
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2024-10792

    The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and out... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291269 Results