Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2025-48292

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster allows PHP Local File Inclusion. This issue affects Tourmaster: from n/a through 5.3.8.... Read more

    Affected Products : tour_master
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-48245

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows Reflected XSS. This issue affects Quick Contact Form : from n/a through 8.2.1.... Read more

    Affected Products : quick_contact_form
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-48283

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support allows SQL Injection. This issue affects Majestic Support: from n/a through 1.1.0.... Read more

    Affected Products : majestic_support
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-47690

    Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data Collection to CRM: from n/a through 3.1.... Read more

    Affected Products : lead_form_data_collection_to_crm
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-47672

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange miniOrange Discord Integration allows PHP Local File Inclusion. This issue affects miniOrange Discord Integration: from n/a... Read more

    Affected Products : discord_integration
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 9.8

    CRITICAL
    CVE-2025-47646

    Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login & Registration allows Password Recovery Exploitation. This issue affects PSW Front-end Login & Registration: from n/a through 1.13.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-47637

    Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS allows Upload a Web Shell to a Web Server. This issue affects STAGGS: from n/a through 2.11.0.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2025-47641

    Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Printcart Web to Print Product Designer for WooCommerce: from ... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-47618

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator allows Reflected XSS. This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-47599

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante allows SQL Injection. This issue affects Facturante: from n/a through 1.11.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-47678

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS. This issue affects FunnelCockpit: from n/a through 1.4.2.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-47529

    Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Experto CTA Widget – C... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authorization

  • 8.6

    HIGH
    CVE-2025-47492

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Path Traversal. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a thr... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-47535

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation allows Path Traversal. This issue affects Opal Woo Custom Product Variation: from n/a through 1.2.0.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-47461

    Authentication Bypass Using an Alternate Path or Channel vulnerability in mediaticus Subaccounts for WooCommerce allows Authentication Abuse. This issue affects Subaccounts for WooCommerce: from n/a through 1.6.6.... Read more

    Affected Products : subaccounts_for_woocommerce
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2025-47541

    Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.17.7.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Information Disclosure

  • 8.1

    HIGH
    CVE-2025-47453

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes WP Smart Import allows PHP Local File Inclusion. This issue affects WP Smart Import: from n/a through 1.1.3.... Read more

    Affected Products : wp_smart_import
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-46526

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janekniefeldt My Custom Widgets allows Reflected XSS. This issue affects My Custom Widgets: from n/a through 2.0.5.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-46455

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IndigoThemes WP HRM LITE allows SQL Injection. This issue affects WP HRM LITE: from n/a through 1.1.... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-46518

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts allows Stored XSS. This issue affects IGIT Related Posts With Thumb Image After Posts: from n... Read more

    Affected Products :
    • Published: May. 23, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292774 Results