Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable

Score

Vulnerability

Published

6.4 MEDIUM

CVE-2026-1573 — OMIGO <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `omigo_donate_button` shortcode in all versions up to, and including, 3.3 due to insufficient input saniti…

Remote | Cross-Site Scripting

Feb 07, 2026 Feb 09, 2026

Feb 07, 2026

Feb 09, 2026

6.4 MEDIUM

CVE-2026-1570 — Simple Bible Verse via Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site …

The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `verse` shortcode in all versions up to, and including, 1.1 due to insufficient…

Remote | Cross-Site Scripting

Feb 07, 2026 Feb 09, 2026

Feb 07, 2026

Feb 09, 2026

4.3 MEDIUM

CVE-2026-1082 — TITLE ANIMATOR <= 1.0 - Cross-Site Request Forgery to Settings Update

The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page form handle…

Remote | Cross-Site Request Forgery

Feb 07, 2026 Feb 09, 2026

Feb 07, 2026

Feb 09, 2026

6.4 MEDIUM

CVE-2026-0555 — Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premme…

The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing c…

premmerce | Remote | Cross-Site Scripting

Feb 07, 2026 Feb 09, 2026

Feb 07, 2026

Feb 09, 2026

6.5 MEDIUM

CVE-2025-15477 — The Bucketlister <= 0.1.5 - Authenticated (Contributor+) SQL Injection via `category` and…

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to insufficient escaping…

Remote | Injection

Feb 07, 2026 Feb 09, 2026

Feb 07, 2026

Feb 09, 2026

4.3 MEDIUM

CVE-2025-15476 — The Bucketlister <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket L…

The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlister_do_admin_ajax() function in all versions up to, and …

Remote | Authorization

Feb 07, 2026 Feb 09, 2026

Feb 07, 2026

Feb 09, 2026

Showing 20 of 4986 Results

Latest CVE Feed

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable

Browse by Apps

Latest CVE Feed

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable

Cookie Preferences