Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-9703

    The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attribute... Read more

    Affected Products : arconix_shortcodes
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.1

    MEDIUM
    CVE-2024-9206

    The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unau... Read more

    Affected Products : mas_companies_for_wp_job_manager
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 5.4

    MEDIUM
    CVE-2024-47793

    Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser o... Read more

    Affected Products : exment
    • Published: Oct. 18, 2024
    • Modified: Oct. 21, 2024

  • 3.8

    LOW
    CVE-2024-46897

    Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. A logged-in user with the permission of table management may obtain and/or alter the information of the unauthorized table.... Read more

    Affected Products : exment
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 5.3

    MEDIUM
    CVE-2024-38820

    The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.... Read more

    Affected Products : spring_framework
    • Published: Oct. 18, 2024
    • Modified: Nov. 29, 2024

  • 4.8

    MEDIUM
    CVE-2024-9892

    The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more

    Affected Products : add_widget_after_content
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9848

    The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenti... Read more

    Affected Products : product_customizer_light
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9452

    The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w... Read more

    Affected Products : branding
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.1

    MEDIUM
    CVE-2024-9383

    The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat... Read more

    Affected Products : parcel_pro
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.1

    MEDIUM
    CVE-2024-9382

    The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'override_id' parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    Affected Products : gantry
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9373

    The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,... Read more

    Affected Products : elemenda
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 6.4

    MEDIUM
    CVE-2024-9366

    The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authen... Read more

    Affected Products : easy_menu_manager
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 4.3

    MEDIUM
    CVE-2024-9364

    The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4. This makes it possible for authenticated attac... Read more

    Affected Products : sendgrid
    • Published: Oct. 18, 2024
    • Modified: Oct. 22, 2024

  • 4.3

    MEDIUM
    CVE-2024-9361

    The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0... Read more

    Affected Products : bulk_images_optimizer
    • Published: Oct. 18, 2024
    • Modified: Nov. 01, 2024

  • 6.1

    MEDIUM
    CVE-2024-9350

    The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_value' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible f... Read more

    Affected Products : dpd_baltic_shipping
    • Published: Oct. 18, 2024
    • Modified: Oct. 29, 2024

  • 6.4

    MEDIUM
    CVE-2024-8916

    The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... Read more

    Affected Products : suki_sites_import
    • Published: Oct. 18, 2024
    • Modified: Oct. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-8790

    The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthe... Read more

    Affected Products : social_share_with_floating_bar
    • Published: Oct. 18, 2024
    • Modified: Oct. 29, 2024

  • 6.1

    MEDIUM
    CVE-2024-8740

    The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This makes it possible for unauthe... Read more

    Affected Products : getresponse_forms
    • Published: Oct. 18, 2024
    • Modified: Oct. 29, 2024

  • 9.8

    CRITICAL
    CVE-2024-10119

    The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests.... Read more

    Affected Products : wrtm326_firmware wrtm326
    • Published: Oct. 18, 2024
    • Modified: Nov. 01, 2024

  • 6.1

    MEDIUM
    CVE-2024-10049

    The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for... Read more

    • Published: Oct. 18, 2024
    • Modified: Oct. 29, 2024
Showing 20 of 294737 Results