Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2024-8282

    The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient i... Read more

    Affected Products : ibtana
    • Published: Oct. 02, 2024
    • Modified: Oct. 07, 2024

  • 7.2

    HIGH
    CVE-2024-44030

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP allows PHP Local File Inclusion.This issue affects Checkout Mestres WP: from n/a through 8.6.... Read more

    Affected Products : checkout_mestres_wp
    • Published: Oct. 02, 2024
    • Modified: Oct. 05, 2024

  • 7.5

    HIGH
    CVE-2024-44017

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MinHyeong Lim MH Board allows PHP Local File Inclusion.This issue affects MH Board: from n/a through 1.3.2.1.... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 9.1

    CRITICAL
    CVE-2024-35293

    An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 6.1

    MEDIUM
    CVE-2024-9378

    The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unau... Read more

    Affected Products : yml_for_yandex_market
    • Published: Oct. 02, 2024
    • Modified: Oct. 07, 2024

  • 6.1

    MEDIUM
    CVE-2024-9344

    The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including,... Read more

    Affected Products : berqwp
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9218

    The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the U... Read more

    Affected Products : blockart_blocks magazine_blocks
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9225

    The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. This makes it possible ... Read more

    Affected Products : seopress
    • Published: Oct. 02, 2024
    • Modified: Oct. 07, 2024

  • 6.1

    MEDIUM
    CVE-2024-9222

    The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versio... Read more

    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-9210

    The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticat... Read more

    Affected Products : mailchimp_top_bar
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-9172

    The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... Read more

    Affected Products : demo_importer_plus
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.4

    MEDIUM
    CVE-2024-8967

    The PWA — easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible... Read more

    Affected Products : pwa
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.1

    MEDIUM
    CVE-2024-8800

    The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping o... Read more

    Affected Products : rabbitloader
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 6.3

    MEDIUM
    CVE-2024-8254

    The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software a... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Oct. 02, 2024
    • Modified: Oct. 08, 2024

  • 5.3

    MEDIUM
    CVE-2024-9333

    Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 6.9

    MEDIUM
    CVE-2024-9174

    Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI... Read more

    Affected Products : hubshare
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-7315

    The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.... Read more

    Affected Products : migration\,_backup\,_staging
    • Published: Oct. 02, 2024
    • Modified: May. 16, 2025

  • 8.8

    HIGH
    CVE-2024-7855

    The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with sub... Read more

    Affected Products : wp_hotel_booking
    • Published: Oct. 02, 2024
    • Modified: Feb. 11, 2025

  • 9.8

    CRITICAL
    CVE-2024-45186

    FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.... Read more

    Affected Products :
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 7.5

    HIGH
    CVE-2024-33662

    Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.... Read more

    Affected Products : portainer
    • Published: Oct. 02, 2024
    • Modified: May. 21, 2025
Showing 20 of 294863 Results