Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2024-49693

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.6.... Read more

    Affected Products : mega_elements
    • Published: Oct. 24, 2024
    • Modified: Nov. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-10332

    A Cross-Site Scripting vulnerability has been found in Janto v4.3r11 from Impronta. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the endpoint “/abonados/public/janto/m... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.4

    MEDIUM
    CVE-2024-10180

    The Contact Form 7 – Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's field_group shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.4

    MEDIUM
    CVE-2024-8959

    The WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.1.6 due to insufficient input sanitization and output... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 8.3

    HIGH
    CVE-2024-5608

    Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in the technician reports feature.... Read more

    Affected Products : manageengine_adaudit_plus
    • Published: Oct. 24, 2024
    • Modified: Nov. 26, 2024

  • 6.5

    MEDIUM
    CVE-2024-49703

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Event Manager for WooCommerce allows Stored XSS.This issue affects Event Manager for WooCommerce: from n/a through 4.2.5.... Read more

    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 7.6

    HIGH
    CVE-2024-49691

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Woobewoo Product Filter by WBW allows SQL Injection.This issue affects Product Filter by WBW: from n/a through 2.7.0.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 5.3

    MEDIUM
    CVE-2024-49683

    Missing Authorization vulnerability in Schema & Structured Data for WP & AMP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.3.5.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.1

    MEDIUM
    CVE-2024-49682

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership allows Phishing.This issue affects Simple Membership: from n/a through 4.5.3.... Read more

    Affected Products : simple_membership
    • Published: Oct. 24, 2024
    • Modified: Mar. 31, 2025

  • 9.3

    CRITICAL
    CVE-2024-49681

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.5

    MEDIUM
    CVE-2024-9650

    The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip’ parameter in all versions up to, and including, 9.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    Affected Products : wp_recipe_maker
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 6.1

    MEDIUM
    CVE-2024-9214

    The Extra Product Options Builder for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'RednaoSerializedFields' parameter during the creation of a signature file in all versions up to, and including, 1.2.133 due to ins... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 8.8

    HIGH
    CVE-2024-10331

    A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Record System 1.0. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql inje... Read more

    Affected Products : vehicle_record_system
    • Published: Oct. 24, 2024
    • Modified: Nov. 01, 2024

  • 6.4

    MEDIUM
    CVE-2024-10176

    The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_embed_player shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 8.7

    HIGH
    CVE-2024-8312

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. An attacker could inject HTML into the Global Search field on a diff view leading to XSS.... Read more

    Affected Products : gitlab
    • Published: Oct. 24, 2024
    • Modified: Dec. 13, 2024

  • 6.5

    MEDIUM
    CVE-2024-6826

    An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file.... Read more

    Affected Products : gitlab
    • Published: Oct. 24, 2024
    • Modified: Dec. 13, 2024

  • 6.1

    MEDIUM
    CVE-2024-8717

    The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdf_source' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and out... Read more

    Affected Products :
    • Published: Oct. 24, 2024
    • Modified: Oct. 25, 2024

  • 4.3

    MEDIUM
    CVE-2024-10050

    The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level acce... Read more

    • Published: Oct. 24, 2024
    • Modified: Jan. 29, 2025

  • 6.3

    MEDIUM
    CVE-2024-9943

    The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several func... Read more

    Affected Products : multivendorx
    • Published: Oct. 24, 2024
    • Modified: Jun. 05, 2025

  • 4.3

    MEDIUM
    CVE-2024-9531

    The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, a... Read more

    Affected Products : multivendorx
    • Published: Oct. 24, 2024
    • Modified: Jun. 05, 2025
Showing 20 of 294522 Results