Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-25331 — WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activi…

wp_activity_log | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 27, 2026
Feb 19, 2026
Feb 27, 2026
4.3 MEDIUM
CVE-2026-25330 — WordPress PublishPress Authors plugin <= 4.10.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in PublishPress PublishPress Authors publishpress-authors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PublishPress A…

Remote | Authorization
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
4.3 MEDIUM
CVE-2026-25329 — WordPress Quiz And Survey Master plugin <= 10.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And …

Remote | Authorization
Feb 19, 2026 Feb 26, 2026
Feb 19, 2026
Feb 26, 2026
7.5 HIGH
CVE-2026-25326 — WordPress CMSMasters Content Composer plugin <= 1.4.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP …

Remote | Path Traversal
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
5.3 MEDIUM
CVE-2026-25325 — WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.8 - Sensitive Data …

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Da…

rtmedia | Remote | Information Disclosure
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
5.3 MEDIUM
CVE-2026-25324 — WordPress Quiz And Survey Master plugin <= 10.3.4 - Insecure Direct Object References (ID…

Authorization Bypass Through User-Controlled Key vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.T…

Remote | Authorization
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
4.3 MEDIUM
CVE-2026-25323 — WordPress OSM plugin <= 6.1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in MiKa OSM osm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OSM: from n/a through <= 6.1.12.

Remote | Authorization
Feb 19, 2026 Feb 27, 2026
Feb 19, 2026
Feb 27, 2026
5.4 MEDIUM
CVE-2026-25322 — WordPress PublishPress Revisions plugin <= 3.7.22 - Cross Site Request Forgery (CSRF) vul…

Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through <= 3.7…

Remote | Cross-Site Request Forgery
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
5.3 MEDIUM
CVE-2026-25321 — WordPress SupportCandy plugin <= 3.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through …

supportcandy | Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
5.3 MEDIUM
CVE-2026-25320 — WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cool Plugins Elementor Contact Form DB sb-elementor-contact-form-db allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects E…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-25319 — WordPress Zita Elementor Site Library plugin <= 1.6.6 - Cross Site Request Forgery (CSRF)…

Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Elementor Site Library zita-site-library allows Cross Site Request Forgery.This issue affects Zita Elementor Site Library: from n/a thro…

Remote | Cross-Site Request Forgery
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-25318 — WordPress WiserReview Product Reviews for WooCommerce plugin <= 2.9 - Broken Access Contr…

Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
7.2 HIGH
CVE-2026-25316 — WordPress CartFlows plugin <= 2.1.19 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19.

Remote | Injection
Feb 19, 2026 Feb 24, 2026
Feb 19, 2026
Feb 24, 2026
5.3 MEDIUM
CVE-2026-25315 — WordPress hCaptcha for WP plugin <= 4.22.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP:…

Remote | Authorization
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
4.3 MEDIUM
CVE-2026-25314 — WordPress TOP Table Of Contents plugin <= 1.3.31 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of C…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-25313 — WordPress FluentForm plugin <= 6.1.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <=…

contact_form | Remote | Authorization
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
5.4 MEDIUM
CVE-2026-25311 — WordPress Autoshare for Twitter plugin <= 2.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in 10up Autoshare for Twitter autoshare-for-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Autoshare for Twitte…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.9 MEDIUM
CVE-2026-25310 — WordPress Extend Link plugin <= 2.0.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through <= 2.0.0.

Remote | Server-Side Request Forgery
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-25308 — WordPress Simple Membership plugin <= 4.6.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in wp.insider Simple Membership simple-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Membership: fro…

simple_membership | Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
6.5 MEDIUM
CVE-2026-25307 — WordPress XStore Core plugin < 5.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a t…

xstore_core | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
Showing 20 of 5067 Results