Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2025-69166 — WordPress Gunslinger theme <= 1.7 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69164 — WordPress Skyward theme <= 1.10 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69158 — WordPress Granola theme <= 1.13 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Granola <= 1.13 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69157 — WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69144 — WordPress Preservation theme <= 1.10 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2025-69140 — WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerabil…

Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.8 HIGH
CVE-2025-69130 — WordPress Entrepreneur - Booking for Small Businesses WordPress Theme theme <= 3.1.3 - PH…

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2025-69127 — WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69126 — WordPress Fortius theme <= 2.3.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69123 — WordPress Snow Club theme <= 1.1 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69120 — WordPress Dazzle theme <= 1.0.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69115 — WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local Fi…

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2025-69111 — WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69106 — WordPress Imba theme <= 1.5.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2025-68524 — WordPress Avante theme < 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2025-59554 — WordPress Advanced Ads – Tracking plugin < 3.0.7 - SQL Injection vulnerability

Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
5.3 MEDIUM
CVE-2025-15657 — WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) v…

Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.7 HIGH
CVE-2026-54193 — WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2025-59872 — HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability,

HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a…

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.2 MEDIUM
CVE-2026-11975 — Stored Cross-Site Scripting (XSS) in SimplCommerce News Module Admin Interface

Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and Ful…

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7567 Results