Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.3 HIGH
CVE-2025-69378 — WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerabi…

Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a throug…

product_filter | Remote | Authorization
Feb 20, 2026 Feb 27, 2026
Feb 20, 2026
Feb 27, 2026
7.7 HIGH
CVE-2025-69377 — WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fie…

user_extra_fields | Remote | Path Traversal
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
8.6 HIGH
CVE-2025-69376 — WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fie…

user_extra_fields | Remote | Path Traversal
Feb 20, 2026 Feb 26, 2026
Feb 20, 2026
Feb 26, 2026
8.1 HIGH
CVE-2025-69375 — WordPress Portfolio Builder plugin <= 1.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This …

Remote | Path Traversal
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.1 HIGH
CVE-2025-69374 — WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 2.0.3 - Local File Inclu…

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Eleblog – Elementor Blog And Magazine Addons ele-blog allows PHP Loca…

Remote | Path Traversal
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.5 HIGH
CVE-2025-69373 — WordPress VidoRev theme <= 2.9.9.9.9.9.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects …

Remote | Path Traversal
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
9.8 CRITICAL
CVE-2025-69372 — WordPress SevenHills theme <= 1.6.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.This issue affects SevenHills: from n/a through <= 1.6.2.

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
9.8 CRITICAL
CVE-2025-69371 — WordPress KindlyCare theme <= 1.6.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes KindlyCare kindlycare allows Object Injection.This issue affects KindlyCare: from n/a through <= 1.6.1.

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
9.8 CRITICAL
CVE-2025-69370 — WordPress Capella theme <= 2.5.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Capella capella allows Object Injection.This issue affects Capella: from n/a through <= 2.5.5.

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.1 HIGH
CVE-2025-69368 — WordPress SOHO - Photography WordPress Theme theme <= 3.0.3 - Cross Site Scripting (XSS) …

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes SOHO - Photography WordPress Theme soho allows DOM-Based XSS.This issue affects SOHO - …

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.1 HIGH
CVE-2025-69367 — WordPress Oyster - Photography WordPress Theme theme <= 4.4.3 - Cross Site Scripting (XSS…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oys…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
9.3 CRITICAL
CVE-2025-69366 — WordPress Emerce Core plugin <= 1.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Emerce Core emerce-core allows Blind SQL Injection.This issue affects Emerce Core: f…

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
9.3 CRITICAL
CVE-2025-69365 — WordPress Uroan Core plugin <= 1.4.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Uroan Core uroan-core allows Blind SQL Injection.This issue affects Uroan Core: from…

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
9.3 CRITICAL
CVE-2025-69337 — WordPress Wolmart Core plugin <= 1.9.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Wolmart Core wolmart-core allows Blind SQL Injection.This issue affects Wolmart Core: …

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.1 HIGH
CVE-2025-69330 — WordPress Prestige theme < 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes Prestige prestige allows Reflected XSS.This issue affects Prestige: from n/a through < 1.…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
9.8 CRITICAL
CVE-2025-69329 — WordPress Prestige theme < 1.4.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through < 1.4.1.

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.8 HIGH
CVE-2025-69328 — WordPress Booking and Rental Manager plugin <= 2.5.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental M…

booking_\&_rental_manager | Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.1 HIGH
CVE-2025-69326 — WordPress NEX-Forms plugin <= 9.1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-For…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
5.3 MEDIUM
CVE-2025-69325 — WordPress Primer MyData for Woocommerce plugin <= 4.2.8 - Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2…

Remote | Path Traversal
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.1 HIGH
CVE-2025-69324 — WordPress NEX-Forms plugin <= 9.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms:…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
Showing 20 of 5067 Results