Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    CVSS31
    CVE-2025-29152

    Cross-Site Scripting vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via multiple components, including Strategic Planning Perspective Registration, Training Request, Perspective Editing, Education Reg... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 7.1

    CVSS31
    CVE-2025-47517

    Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Accept Donations with PayPal allows Stored XSS. This issue affects Accept Donations with PayPal: from n/a through 1.4.5.... Read more

    Affected Products : accept_donations_with_paypal
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.9

    CVSS31
    CVE-2025-47518

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Stored XSS. This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.... Read more

    Affected Products : paypal_\&_stripe_add-on
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.9

    CVSS31
    CVE-2025-47525

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.3.0.... Read more

    Affected Products : bold_page_builder
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.4

    CVSS31
    CVE-2025-47526

    Missing Authorization vulnerability in GS Plugins GS Variation Swatches for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Variation Swatches for WooCommerce: from n/a through 3.0.4.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 4.3

    CVSS31
    CVE-2025-47543

    Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker allows Cross Site Request Forgery. This issue affects TrueBooker: from n/a through 1.0.7.... Read more

    Affected Products : truebooker
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.3

    CVSS31
    CVE-2025-47545

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Ays Pro Poll Maker allows Leveraging Race Conditions. This issue affects Poll Maker: from n/a through 5.7.7.... Read more

    Affected Products : poll_maker
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.5

    CVSS31
    CVE-2025-47499

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Simple Blog Stats allows Stored XSS. This issue affects Simple Blog Stats: from n/a through 20250416.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.4

    CVSS31
    CVE-2025-47473

    Cross-Site Request Forgery (CSRF) vulnerability in pimwick PW WooCommerce Bulk Edit allows Cross Site Request Forgery. This issue affects PW WooCommerce Bulk Edit: from n/a through 2.134.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.9

    CVSS31
    CVE-2025-47520

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syed Balkhi Charitable allows Stored XSS. This issue affects Charitable: from n/a through 1.8.5.1.... Read more

    Affected Products : charitable
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.9

    CVSS31
    CVE-2025-47522

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AWEOS GmbH AWEOS WP Lock allows Stored XSS. This issue affects AWEOS WP Lock: from n/a through 1.4.8.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.5

    CVSS31
    CVE-2025-47476

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org Cost Calculator for Elementor allows DOM-Based XSS. This issue affects Cost Calculator for Elementor: from n/a through 1.3.3.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 8.1

    CVSS31
    CVE-2025-47533

    Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graphina allows PHP Local File Inclusion. This issue affects Graphina: from n/a through 3.0.4.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 4.3

    CVSS31
    CVE-2025-47528

    Missing Authorization vulnerability in pewilliams Ovation Elements allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ovation Elements: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.4

    CVSS31
    CVE-2025-47480

    Missing Authorization vulnerability in Iqonic Design Graphina allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Graphina: from n/a through 3.0.4.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.3

    CVSS31
    CVE-2025-47540

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail allows Retrieve Embedded Sensitive Data. This issue affects weMail: from n/a through 1.14.13.... Read more

    Affected Products : wemail
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.3

    CVSS31
    CVE-2025-47481

    Improper Control of Generation of Code ('Code Injection') vulnerability in GS Plugins GS Testimonial Slider allows Code Injection. This issue affects GS Testimonial Slider: from n/a through 3.2.9.... Read more

    Affected Products : gs_testimonial_slider
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 7.1

    CVSS31
    CVE-2025-47546

    Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress allows Cross Site Request Forgery. This issue affects WP Compress: from n/a through 6.30.30.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.4

    CVSS31
    CVE-2025-47548

    Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress allows Server Side Request Forgery. This issue affects Wbcom Designs - Activity Link Preview For BuddyPress: from n/a through 1.4.4.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 7.5

    CVSS31
    CVE-2025-47498

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.6.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
Showing 20 of 462 Results
© cvefeed.io
Latest DB Update: May. 09, 2025 13:53