Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.3 CRITICAL
CVE-2025-69306 — WordPress Electio Core plugin <= 1.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL Injection.This issue affects Electio Core…

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
9.3 CRITICAL
CVE-2025-69305 — WordPress Crete Core plugin <= 1.4.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Crete Core crete-core allows Blind SQL Injection.This issue affects Crete Core: from…

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
9.3 CRITICAL
CVE-2025-69304 — WordPress Allmart plugin <= 1.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Allmart allmart-core allows Blind SQL Injection.This issue affects Allmart: from n/a…

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.5 HIGH
CVE-2025-69303 — WordPress ModelTheme Framework plugin <= 1.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Frame…

Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
7.1 HIGH
CVE-2025-69302 — WordPress DesignThemes Core Features plugin <= 2.3 - Reflected Cross Site Scripting (XSS)…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core Features designthemes-core-features allows Reflected XSS.This issu…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
9.8 CRITICAL
CVE-2025-69301 — WordPress PhotoMe theme <= 5.6.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods PhotoMe photome allows Object Injection.This issue affects PhotoMe: from n/a through <= 5.6.11.

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.2 HIGH
CVE-2025-69299 — WordPress Oxygen theme <= 6.0.8 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Laborator Oxygen oxygen allows Server Side Request Forgery.This issue affects Oxygen: from n/a through <= 6.0.8.

Remote | Server-Side Request Forgery
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.5 HIGH
CVE-2025-69298 — WordPress Gauge theme <= 6.56.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in GhostPool Gauge gauge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gauge: from n/a through <= 6.56.4.

Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
7.5 HIGH
CVE-2025-69297 — WordPress Aardvark Plugin plugin <= 2.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a t…

Remote | Authorization
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.1 HIGH
CVE-2025-69296 — WordPress Aardvark theme <= 4.6.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhostPool Aardvark aardvark allows Reflected XSS.This issue affects Aardvark: from n/a through <=…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
9.3 CRITICAL
CVE-2025-69295 — WordPress Coven Core plugin <= 1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injection.This issue affects Coven Core: from…

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.8 HIGH
CVE-2025-69294 — WordPress PeakShops theme <= 1.5.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through <= 1.5.9.

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.6 HIGH
CVE-2025-69063 — WordPress New User Approve plugin <= 3.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n…

new_user_approve | Remote | Authorization
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
6.5 MEDIUM
CVE-2025-69011 — WordPress Cool Tag Cloud plugin <= 2.29 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKube Cool Tag Cloud cool-tag-cloud allows Stored XSS.This issue affects Cool Tag Cloud: from n/…

cool_tag_cloud | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2025-68895 — WordPress AhaChat Messenger Marketing plugin <= 1.1 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in ahachat AhaChat Messenger Marketing ahachat-messenger-marketing allows Password Recovery Exploitation.This issue affects AhaC…

Remote | Authentication
Feb 20, 2026 Feb 27, 2026
Feb 20, 2026
Feb 27, 2026
7.1 HIGH
CVE-2025-68880 — WordPress Simple Archive Generator plugin <= 5.2 - Reflected Cross Site Scripting (XSS) v…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in peterwsterling Simple Archive Generator simple-archive-generator allows Reflected XSS.This issue …

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.1 HIGH
CVE-2025-68863 — WordPress iContact for Gravity Forms plugin <= 1.3.2 - Reflected Cross Site Scripting (XS…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz iContact for Gravity Forms gravity-forms-icontact allows Reflected XSS.This issue affec…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.7 HIGH
CVE-2025-68862 — WordPress Woo File Dropzone plugin <= 1.1.7 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Murtaza Bhurgri Woo File Dropzone woo-file-dropzone allows Path Traversal.This issue affects Woo File D…

Remote | Path Traversal
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
7.1 HIGH
CVE-2025-68856 — WordPress Mopinion Feedback Form plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) v…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keeswolters Mopinion Feedback Form mopinion-feedback-form allows DOM-Based XSS.This issue affects…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
5.9 MEDIUM
CVE-2025-68855 — WordPress JobBoard Job listing plugin <= 1.2.8 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in themeglow JobBoard Job listing job-board-light allows Retrieve Embedded Sensitive Data.This issue affects JobBoard Job listing: from…

Remote | Information Disclosure
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
Showing 20 of 5270 Results