Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-62115

    Missing Authorization vulnerability in ThemeBoy Hide Plugins allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hide Plugins: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-62088

    Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-62116

    Missing Authorization vulnerability in Quadlayers AI Copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through 1.4.7.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-63014

    Cross-Site Request Forgery (CSRF) vulnerability in Serhii Pasyuk Gmedia Photo Gallery allows Cross Site Request Forgery.This issue affects Gmedia Photo Gallery: from n/a through 1.24.1.... Read more

    Affected Products : gmedia_gallery
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-49340

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Digages Direct Payments WP allows Retrieve Embedded Sensitive Data.This issue affects Direct Payments WP: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-62130

    Missing Authorization vulnerability in WPdiscover Accordion Slider Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider Gallery: from n/a through 2.7.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-62148

    Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.Txt rewrite allows Cross Site Request Forgery.This issue affects Robots.Txt rewrite: from n/a through 1.6.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-62079

    Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Taxonomies: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-62756

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lvaudore The Moneytizer allows DOM-Based XSS.This issue affects The Moneytizer: from n/a through 10.0.6.... Read more

    Affected Products : the_moneytizer
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-63031

    Missing Authorization vulnerability in WP Grids EasyTest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-49357

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Audiomack allows Stored XSS.This issue affects Audiomack: from n/a through 1.4.8.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.8

    MEDIUM
    CVE-2025-59003

    Insertion of Sensitive Information Into Sent Data vulnerability in Inkthemescom Black Rider allows Retrieve Embedded Sensitive Data.This issue affects Black Rider: from n/a through 1.2.3.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-62118

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kcseopro AdWords Conversion Tracking Code allows Stored XSS.This issue affects AdWords Conversion Tracking Code: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62125

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshul Gangrade Custom Background Changer custom-background-changer allows Stored XSS.This issue affects Custom Background Changer: from n/a through 3.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-62744

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Steman Page Title Splitter allows Stored XSS.This issue affects Page Title Splitter: from n/a through 2.5.9.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-15223

    A vulnerability was found in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. Impacted is an unknown function of the file /login.php. Performing manipulation of the argument Username results in cross site scripting. The attack is... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2021-47741

    ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the config... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2021-47745

    Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fw_url' parameter in the ctm-config-upgrade.sh scri... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2025-66149

    Missing Authorization vulnerability in merkulove UnGrabber allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnGrabber: from n/a through 3.1.3.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-62137

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shuttlethemes Shuttle allows Stored XSS.This issue affects Shuttle: from n/a through 1.5.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2025
    • Modified: Dec. 31, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 4488 Results