Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2025-67969 — WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.5.1 - Broken Access Con…

Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.…

Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2025-67624 — WordPress Optimize More! – Images plugin <= 1.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arya Dhiratara Optimize More! &#8211; Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Opt…

Remote | Authorization
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
6.5 MEDIUM
CVE-2025-67547 — WordPress Konte theme <= 2.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in uixthemes Konte konte allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Konte: from n/a through <= 2.4.6.

Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
6.1 MEDIUM
CVE-2025-67438 — "Sync-in Server Stored XSS"

A Stored Cross-Site Scripting (XSS) vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG fil…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
5.9 MEDIUM
CVE-2025-60183 — WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silence Silencesoft RSS Reader external-rss-reader allows Stored XSS.This issue affects Silenceso…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 27, 2026
Feb 20, 2026
Feb 27, 2026
8.1 HIGH
CVE-2025-60087 — WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Incl…

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-add…

extensive_vc_addons_for_wpbakery_page_builder | Remote | Path Traversal
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.1 HIGH
CVE-2025-53237 — WordPress WP Wizard Cloak Plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Wizard Cloak wp-wizard-cloak allows Reflected XSS.This issue affects WP Wizard Cloak: f…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.1 HIGH
CVE-2025-53233 — WordPress Storyform plugin <= 0.6.14 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RylanH Storyform storyform allows Reflected XSS.This issue affects Storyform: from n/a through <=…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.1 HIGH
CVE-2025-53231 — WordPress Easy Taxonomy Images plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevstudio Easy Taxonomy Images easy-taxonomy-images allows Stored XSS.This issue affects Easy T…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.1 HIGH
CVE-2025-53228 — WordPress bbpress Simple Advert Units Plugin <= 0.41 - Cross Site Scripting (XSS) Vulnera…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jezza101 bbpress Simple Advert Units bbpress-simple-advert-units allows Reflected XSS.This issue …

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.6 HIGH
CVE-2025-53217 — WordPress AIO WP Builder Plugin <= 2.0.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n…

Remote | Authorization
Feb 20, 2026 Feb 26, 2026
Feb 20, 2026
Feb 26, 2026
7.6 HIGH
CVE-2025-52744 — WordPress Inpersttion For Theme plugin <= 1.0 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a thro…

Remote | Injection
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
3.5 LOW
CVE-2025-52603 — HCL Connections is vulnerable to information disclosure

HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata i…

connections | Remote | Information Disclosure
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
6.5 MEDIUM
CVE-2024-56208 — WordPress NewsMash theme <= 1.0.71 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <=…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 27, 2026
Feb 20, 2026
Feb 27, 2026
4.3 MEDIUM
CVE-2024-54222 — WordPress Seraphinite Accelerator plugin <= 2.22.15 - Authenticated Sensitive Data Exposu…

Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n…

seraphinite_accelerator | Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
5.9 MEDIUM
CVE-2024-52387 — WordPress Master Addons plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows Stored XSS.This issue affects Maste…

master_addons | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 27, 2026
Feb 20, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2024-51915 — WordPress LiteSpeed Cache plugin <= 6.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteS…

litespeed_cache | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2024-50555 — WordPress Elementor Website Builder plugin <= 3.29.0 - Cross Site Scripting (XSS) vulnera…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Webs…

website_builder | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 27, 2026
Feb 20, 2026
Feb 27, 2026
6.5 MEDIUM
CVE-2024-50452 — WordPress Nexter Blocks plugin <= 3.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Stored XSS.This issue affects Next…

nexter_blocks | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
5.3 MEDIUM
CVE-2024-43228 — WordPress SecuPress Free plugin <= 2.2.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in SecuPress SecuPress Free secupress.This issue affects SecuPress Free: from n/a through <= 2.2.5.3.

secupress | Remote | Authorization
Feb 20, 2026 Feb 26, 2026
Feb 20, 2026
Feb 26, 2026
Showing 20 of 5066 Results