Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2025-12643

    The Saphali LiqPay for donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saphali_liqpay' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on user supp... Read more

    Affected Products :
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12652

    The Ungapped Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prefillvalues' parameter in the ungapped-form shortcode in all versions up to, and including, 1. This is due to insufficient input sanitization and output esca... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12658

    The Preload Current Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'complete' parameter in the 'preload_progress_bar' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12662

    The Coon Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in the 'map' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-11829

    The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'toolbar' attribute of the [five9-chat] shortcode in all versions up to, and including, 1.1.2. This is due to insufficient input sanitization and output escaping... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-11859

    The Paypal Donation Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in all versions up to, and including, 0.1. This is due to the plugin not properly sanitizing user input and output of the 'title' an... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-11860

    The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ottwitter_feed' shortcode in all versions up to, and including, 1.3.1. This is due to the plugin not properly sanitizing user input and output of the 'width' and '... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-11873

    The WP BBCode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-11856

    The Eventbee Ticketing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eventbeeticketwidget' shortcode in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input and output of ... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-11821

    The Woocommerce – Products By Custom Tax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'woo_products_custom_tax' shortcode in all versions up to, and including, 2.2. This is due to insufficient input sanitization and output esc... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-11828

    The Magazine Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headerHtmlTag' attribute in the bnm-blocks/featured-posts-1 block in all versions up to, and including, 1.2.3. This is due to insufficient input sanitization... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-11129

    The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api' and 'type' parameters in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it pos... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-11805

    The Skip to Timestamp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skipto' shortcode in all versions up to, and including, 1.4.4. This is due to insufficient input sanitization and output escaping on the 'time' attribute. Thi... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-11869

    The Precise Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `wrap_id` shortcode attribute in all versions up to, and including, 1.0. This is due to the plugin not properly sanitizing user input or escaping output when ins... Read more

    Affected Products :
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12583

    The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_neofix_sdl_edit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This mak... Read more

    Affected Products : simple_downloads_list
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-10295

    The Angel – Fashion Model Agency WordPress CMS Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting the profile media uploader in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This m... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-8397

    The Save as PDF Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's restpackpdfbutton shortcode in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied a... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-11769

    The WordPress Content Flipper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bgcolor' shortcode attribute of the 'flipper_front' shortcode in all versions up to, and including, 0.1. This is due to insufficient input sanitizatio... Read more

    Affected Products :
    • Published: Nov. 13, 2025
    • Modified: Nov. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-12837

    The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user-supplied values. Th... Read more

    Affected Products : athemes_addons_for_elementor
    • Published: Nov. 08, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-9055

    The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account.... Read more

    Affected Products : axis_os
    • Published: Nov. 11, 2025
    • Modified: Nov. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 3667 Results