Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.4 MEDIUM
CVE-2025-9989 — Broadstreet <= 1.53.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.53.1 due to insufficient input sanitization and output esc…

broadstreet | Remote | Cross-Site Scripting
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
4.3 MEDIUM
CVE-2025-9988 — Broadstreet <= 1.53.1 - Missing Authorization to Authenticated (Subscriber+) Advertiser C…

The Broadstreet plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the create_advertiser AJAX action in all versions up to, and including, 1.53.1. This mak…

broadstreet | Remote | Authorization
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
5.3 MEDIUM
CVE-2025-9987 — Broadstreet <= 1.53.1 - Authenticated (Subscriber+) Information Disclosure

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This makes it possible for …

broadstreet | Remote | Information Disclosure
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
5.3 MEDIUM
CVE-2025-14755 — Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct…

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference (IDOR) in all versions up to, and including, 4.0.1 only when …

cost_calculator_builder | Remote | Authorization
May 13, 2026 May 13, 2026
May 13, 2026
May 13, 2026
Showing 20 of 7064 Results