Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2024-8680

    The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for aut... Read more

    Affected Products : mailchimp
    • Published: Sep. 21, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-8770

    A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub... Read more

    Affected Products : enterprise_server
    • Published: Sep. 23, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-8664

    The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attacker... Read more

    Affected Products : wp_test_email
    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024

  • 6.3

    MEDIUM
    CVE-2024-7888

    The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in... Read more

    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024

  • 9.9

    CRITICAL
    CVE-2024-6386

    The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it p... Read more

    Affected Products : wpml
    • Published: Aug. 21, 2024
    • Modified: Sep. 27, 2024

  • 8.8

    HIGH
    CVE-2024-7384

    The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and ... Read more

    Affected Products : acymailing
    • Published: Aug. 22, 2024
    • Modified: Sep. 27, 2024

  • 8.8

    HIGH
    CVE-2024-7258

    The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authentica... Read more

    Affected Products : woocommerce_google_feed_manager
    • Published: Aug. 23, 2024
    • Modified: Sep. 27, 2024

  • 4.3

    MEDIUM
    CVE-2024-8432

    The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() function in all versions up to, and including, 5.0.48. This ... Read more

    Affected Products : webba_booking
    • Published: Sep. 24, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-8544

    The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.0.5. This makes it possible for u... Read more

    Affected Products : pixel_cat
    • Published: Sep. 24, 2024
    • Modified: Sep. 27, 2024

  • 6.4

    MEDIUM
    CVE-2024-8657

    The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes.... Read more

    Affected Products : garden_gnome_package
    • Published: Sep. 24, 2024
    • Modified: Sep. 27, 2024

  • 6.1

    MEDIUM
    CVE-2024-8662

    The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attack... Read more

    Affected Products : koko_analytics
    • Published: Sep. 24, 2024
    • Modified: Sep. 27, 2024

  • 7.2

    HIGH
    CVE-2024-7351

    The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Edi... Read more

    Affected Products : simple_job_board
    • Published: Aug. 24, 2024
    • Modified: Sep. 27, 2024

  • 7.2

    HIGH
    CVE-2022-2446

    The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call... Read more

    Affected Products : wp_editor
    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024

  • 6.4

    MEDIUM
    CVE-2024-5869

    The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it... Read more

    Affected Products : neighborly
    • Published: Sep. 13, 2024
    • Modified: Sep. 27, 2024

  • 5.4

    MEDIUM
    CVE-2023-0926

    The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. This allows authenticated users, with editor-level per... Read more

    Affected Products : custom_permalinks
    • Published: Aug. 24, 2024
    • Modified: Sep. 27, 2024

  • 6.4

    MEDIUM
    CVE-2024-6870

    The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image AJAX ... Read more

    Affected Products : responsive_lightbox
    • Published: Aug. 22, 2024
    • Modified: Sep. 27, 2024

  • 6.4

    MEDIUM
    CVE-2024-5583

    The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction parameter of testimonials widget in all versions up to, and ... Read more

    Affected Products : the_plus_addons_for_elementor
    • Published: Aug. 22, 2024
    • Modified: Sep. 27, 2024

  • 9.6

    CRITICAL
    CVE-2024-7568

    The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_admin_page_0 function. This makes it possible for unauthen... Read more

    Affected Products : favicon_generator
    • Published: Aug. 24, 2024
    • Modified: Sep. 27, 2024

  • 6.4

    MEDIUM
    CVE-2024-2254

    The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user sup... Read more

    Affected Products : rt_easy_builder
    • Published: Aug. 24, 2024
    • Modified: Sep. 26, 2024

  • 6.1

    MEDIUM
    CVE-2023-6987

    The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unaut... Read more

    Affected Products : string_locator
    • Published: Aug. 24, 2024
    • Modified: Sep. 26, 2024
Showing 20 of 291219 Results