Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    CVSS31
    CVE-2025-32152

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Essential Plugins by WP OnlineSupport Slider a SlidersPack allows PHP Local File Inclusion. This issue affects Slider a SlidersPack: f... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 7.5

    CVSS31
    CVE-2025-32151

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sven Lehnert BuddyForms allows PHP Local File Inclusion. This issue affects BuddyForms: from n/a through 2.8.15.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 7.5

    CVSS31
    CVE-2025-32150

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager allows PHP Local File Inclusion. This issue affects Real Estate Manager: from n/a through 7.3.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 8.5

    CVSS31
    CVE-2025-32149

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in winkm89 teachPress allows SQL Injection. This issue affects teachPress: from n/a through 9.0.11.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 8.5

    CVSS31
    CVE-2025-32148

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daisycon Daisycon prijsvergelijkers allows SQL Injection. This issue affects Daisycon prijsvergelijkers: from n/a through 4.8.4.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 8.8

    CVSS31
    CVE-2025-32147

    Missing Authorization vulnerability in coothemes Easy WP Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy WP Optimizer: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 8.8

    CVSS31
    CVE-2025-32146

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. This issue affects JS Job Manager: from n/a through 2.0.2.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 8.8

    CVSS31
    CVE-2025-32142

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors allows PHP Local File Inclusion. This issue affects Motors: from n/a through 1.4.65.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 8.8

    CVSS31
    CVE-2025-32141

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix MasterStudy LMS allows PHP Local File Inclusion. This issue affects MasterStudy LMS: from n/a through 3.5.23.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 6.6

    CVSS31
    CVE-2025-32138

    Improper Restriction of XML External Entity Reference vulnerability in supsystic Easy Google Maps allows XML Injection. This issue affects Easy Google Maps: from n/a through 1.11.17.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 4.9

    CVSS31
    CVE-2025-32137

    Relative Path Traversal vulnerability in Cristián Lávaque s2Member allows Path Traversal. This issue affects s2Member: from n/a through 250214.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 5.9

    CVSS31
    CVE-2025-32136

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in activecampaign ActiveCampaign allows Stored XSS. This issue affects ActiveCampaign: from n/a through 8.1.16.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 5.9

    CVSS31
    CVE-2025-32135

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rocketelements Split Test For Elementor allows Stored XSS. This issue affects Split Test For Elementor: from n/a through 1.8.3.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 5.9

    CVSS31
    CVE-2025-32134

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders URL Shortify allows Stored XSS. This issue affects URL Shortify: from n/a through 1.10.4.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 5.9

    CVSS31
    CVE-2025-32133

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 5.9

    CVSS31
    CVE-2025-32132

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Stored XSS. This issue affects FunnelCockpit: from n/a through 1.4.2.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 5.9

    CVSS31
    CVE-2025-32131

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in socialintents Social Intents allows Stored XSS. This issue affects Social Intents: from n/a through 1.6.14.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 5.9

    CVSS31
    CVE-2025-32130

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Migitation, Inc. Posts Footer Manager allows Stored XSS. This issue affects Posts Footer Manager: from n/a through 2.2.0.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 5.9

    CVSS31
    CVE-2025-32129

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Migitation, Inc. Welcome Bar allows Stored XSS. This issue affects Welcome Bar: from n/a through 2.0.4.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025

  • 7.6

    CVSS31
    CVE-2025-32127

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in onOffice GmbH onOffice for WP-Websites allows SQL Injection. This issue affects onOffice for WP-Websites: from n/a through 5.7.... Read more

    Affected Products :
    • Published: Apr. 04, 2025
    • Modified: Apr. 04, 2025
Showing 20 of 404 Results
© cvefeed.io
Latest DB Update: Apr. 05, 2025 6:54