Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2024-49272

    Cross-Site Request Forgery (CSRF) vulnerability in WPWeb Social Auto Poster allows Cross Site Request Forgery.This issue affects Social Auto Poster: from n/a through 5.3.15.... Read more

    Affected Products : social_auto_poster
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49250

    Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408.... Read more

    Affected Products : table_of_contents_plus
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 9.8

    CRITICAL
    CVE-2024-47634

    Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a thr... Read more

    Affected Products : cartbounty
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 7.1

    HIGH
    CVE-2024-49629

    Cross-Site Request Forgery (CSRF) vulnerability in Fahad Mahmood Endless Posts Navigation allows Stored XSS.This issue affects Endless Posts Navigation: from n/a through 2.2.7.... Read more

    Affected Products : endless_posts_navigation
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49620

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Naudin Vladimir FERMA.Ru.Net allows Blind SQL Injection.This issue affects FERMA.Ru.Net: from n/a through 1.3.3.... Read more

    Affected Products : ferma.ru.net
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49619

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Acespritech Solutions Pvt. Ltd. Social Link Groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through 1.1.0.... Read more

    Affected Products : social_link_groups
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49618

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordan Lyall MyTweetLinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through 1.1.1.... Read more

    Affected Products : mytweetlinks
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49617

    Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Back Link Tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through 1.0.0.... Read more

    Affected Products : back_link_tracker
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49616

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nyasro Rate Own Post allows Blind SQL Injection.This issue affects Rate Own Post: from n/a through 1.0.... Read more

    Affected Products : rate_own_post
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49615

    Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through 1.0.0.... Read more

    Affected Products : safetyforms
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49614

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dan Alexander SermonAudio Widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through 1.9.3.... Read more

    Affected Products : sermonaudio_widgets
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49613

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lodel Geraldo Simple Code Insert Shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through 1.0.... Read more

    Affected Products : simple_code_insert_shortcode
    • Published: Oct. 20, 2024
    • Modified: Oct. 22, 2024

  • 8.8

    HIGH
    CVE-2024-49612

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infotuts SW Contact Form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through 1.0.... Read more

    Affected Products : sw_contact_form
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 8.8

    HIGH
    CVE-2024-49609

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brandon White Author Discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through 0.2.2.... Read more

    Affected Products : author_discussion
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 7.1

    HIGH
    CVE-2024-49605

    Cross-Site Request Forgery (CSRF) vulnerability in Avchat.Net AVChat Video Chat allows Stored XSS.This issue affects AVChat Video Chat: from n/a through 2.2.... Read more

    Affected Products : avchat_video_chat
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 7.1

    HIGH
    CVE-2024-49335

    Cross-Site Request Forgery (CSRF) vulnerability in Edush Maxim GoogleDrive folder list allows Stored XSS.This issue affects GoogleDrive folder list: from n/a through 2.2.2.... Read more

    Affected Products : googledrive_folder_list
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 8.8

    HIGH
    CVE-2024-47325

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7.... Read more

    Affected Products : multiple_page_generator
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 7.1

    HIGH
    CVE-2024-44061

    : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14.... Read more

    • Published: Oct. 20, 2024
    • Modified: Oct. 25, 2024

  • 9.8

    CRITICAL
    CVE-2024-49625

    Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through 1.0.... Read more

    Affected Products : sitebuilder_dynamic_components
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 9.8

    CRITICAL
    CVE-2024-49624

    Deserialization of Untrusted Data vulnerability in Smartdevth Advanced Advertising System allows Object Injection.This issue affects Advanced Advertising System: from n/a through 1.3.1.... Read more

    Affected Products : advanced_advertising_system
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024
Showing 20 of 294754 Results