Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2024-9519

    The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with ed... Read more

    Affected Products : userplus
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 9.8

    CRITICAL
    CVE-2024-9518

    The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated at... Read more

    Affected Products : userplus
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-9457

    The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker... Read more

    Affected Products : wp_builder
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-9377

    The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.... Read more

    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-9205

    The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible ... Read more

    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-9072

    The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : consent_manager
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-9066

    The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authen... Read more

    Affected Products : marketing_and_seo_booster
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 5.3

    MEDIUM
    CVE-2024-9065

    The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticat... Read more

    Affected Products : wp_helper_premium
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-9064

    The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticate... Read more

    Affected Products : elementor_inline_svg
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-9057

    The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘feed_id’ attribute in all versions up to, and including, 1.9 due to insufficient input sanitization and output... Read more

    Affected Products : curator.io
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.4

    MEDIUM
    CVE-2024-8987

    The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and including, 1.3.0 due t... Read more

    Affected Products : youzify
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-8729

    The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthentica... Read more

    Affected Products : easy_social_share_buttons
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 5.3

    MEDIUM
    CVE-2024-8513

    The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to... Read more

    Affected Products : qa_analytics
    • Published: Oct. 10, 2024
    • Modified: Oct. 15, 2024

  • 6.3

    MEDIUM
    CVE-2024-7048

    In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a highe... Read more

    Affected Products : open_webui
    • Published: Oct. 10, 2024
    • Modified: Jul. 29, 2025

  • 7.8

    HIGH
    CVE-2024-48958

    execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.... Read more

    Affected Products : libarchive
    • Published: Oct. 10, 2024
    • Modified: Aug. 29, 2025

  • 7.8

    HIGH
    CVE-2024-48957

    execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.... Read more

    Affected Products : libarchive
    • Published: Oct. 10, 2024
    • Modified: Aug. 29, 2025

  • 9.1

    CRITICAL
    CVE-2024-48949

    The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.... Read more

    Affected Products : elliptic elliptic
    • Published: Oct. 10, 2024
    • Modified: Mar. 25, 2025

  • 9.1

    CRITICAL
    CVE-2024-48942

    The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are val... Read more

    Affected Products : secure_login
    • Published: Oct. 10, 2024
    • Modified: Oct. 11, 2024

  • 9.1

    CRITICAL
    CVE-2024-48941

    The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted.... Read more

    Affected Products : secure_login
    • Published: Oct. 10, 2024
    • Modified: Oct. 11, 2024

  • 5.5

    MEDIUM
    CVE-2024-8264

    Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.... Read more

    Affected Products : robot_schedule
    • Published: Oct. 09, 2024
    • Modified: Oct. 17, 2024
Showing 20 of 294853 Results