Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2022-4974

    The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _s... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.4

    MEDIUM
    CVE-2024-8921

    The Zita Elementor Site Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.4

    CRITICAL
    CVE-2023-32188

    A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.... Read more

    Affected Products : neuvector
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    MEDIUM
    CVE-2024-9647

    The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated at... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.3

    MEDIUM
    CVE-2020-36834

    The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-le... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.1

    MEDIUM
    CVE-2024-9937

    The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.7 due to insufficient input sanitization and output escaping. This makes it possible for un... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 7.2

    HIGH
    CVE-2019-25214

    The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perf... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-49247

    : Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6.... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.5

    MEDIUM
    CVE-2023-7286

    The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includ... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-9105

    The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimate_ai_register_or_login_with_google' function. This makes... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-9891

    The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin_form_submission() function in all versions up to, and ... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-9649

    The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wp_ulike_delete_history_a... Read more

    Affected Products : wp_ulike
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.4

    MEDIUM
    CVE-2024-9582

    The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it p... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-9893

    The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible fo... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 5.4

    MEDIUM
    CVE-2024-9888

    The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escap... Read more

    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 6.3

    MEDIUM
    CVE-2020-36833

    The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subs... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2021-4443

    The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be... Read more

    Affected Products :
    • Published: Oct. 16, 2024
    • Modified: Oct. 16, 2024

  • 9.8

    CRITICAL
    CVE-2024-47849

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.... Read more

    Affected Products : cargo
    • Published: Oct. 05, 2024
    • Modified: Oct. 16, 2024

  • 7.5

    HIGH
    CVE-2024-47841

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X b... Read more

    Affected Products : wikimedia-extensions-css
    • Published: Oct. 05, 2024
    • Modified: Oct. 16, 2024

  • 6.5

    MEDIUM
    CVE-2024-47833

    Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in rel... Read more

    Affected Products : taipy
    • Published: Oct. 09, 2024
    • Modified: Oct. 16, 2024
Showing 20 of 294846 Results