Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.3 MEDIUM
CVE-2025-12500 — Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limi…

The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the…

Remote | Authentication
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
6.1 MEDIUM
CVE-2025-12451 — Easy SVG Support <= 4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Fil…

The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 4.0 due to insufficient input sanitization and output…

easy_svg_support | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
6.4 MEDIUM
CVE-2025-12448 — Smartsupp – live chat, AI shopping assistant and chatbots <= 3.9.1 - Authenticated (Subsc…

The Smartsupp – live chat, AI shopping assistant and chatbots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in all versions up to, and including, 3.9.1 du…

Remote | Cross-Site Scripting
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
6.4 MEDIUM
CVE-2025-12375 — Printful Integration for WooCommerce <= 2.2.11 - Authenticated (Contributor+) Server-Side…

The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. …

Remote | Server-Side Request Forgery
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2025-12172 — Mailchimp List Subscribe Form <= 2.0.0 - Cross-Site Request Forgery to Mailchimp List Cha…

The Mailchimp List Subscribe Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on…

Remote | Cross-Site Request Forgery
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
6.4 MEDIUM
CVE-2025-12117 — Renden <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title

The Renden theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. …

Remote | Cross-Site Scripting
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
6.4 MEDIUM
CVE-2025-12116 — Drift <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title

The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. T…

Remote | Cross-Site Scripting
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2025-12081 — ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Att…

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acf_photo_gallery_edit_save" function in all versions up …

acf_photo_gallery_field | Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2025-12027 — Mesmerize Companion <= 1.6.158 - Missing Authorization Authenticated (Subscriber+) Settin…

The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor…

mesmerize_companion | Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
7.5 HIGH
CVE-2025-11754 — Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCP…

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and incl…

Remote | Authentication
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
6.5 MEDIUM
CVE-2025-11725 — Aruba HiSpeed Cache <= 3.0.2 - Missing Authorization to Unauthenticated Plugin's Settings…

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the multiple functions in all versions up to, and including, 3.0.…

aruba_hispeed_cache | Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
6.1 MEDIUM
CVE-2025-11706 — Aruba HiSpeed Cache <= 3.0.2 - Reflected Cross-Site Scripting

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitizat…

aruba_hispeed_cache | Remote | Cross-Site Scripting
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
Showing 20 of 5812 Results