Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-25360 — WordPress Vex theme < 1.2.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through < 1.2.9.

| Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25359 — WordPress Pendulum theme < 3.1.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5.

| Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25358 — WordPress Meloo theme < 2.8.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through < 2.8.2.

| Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25357 — WordPress Ultimate Membership Pro plugin <= 13.7 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro…

| Authentication
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25356 — WordPress Yobazar theme < 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through < 1.6.…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25355 — WordPress Sanzo theme < 2.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Sanzo sanzo allows Stored XSS.This issue affects Sanzo: from n/a through < 2.4.3.

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25354 — WordPress Reebox theme < 1.4.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Reebox reebox allows Reflected XSS.This issue affects Reebox: from n/a through < 1.4.8.

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25353 — WordPress Nooni theme < 1.5.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Nooni nooni allows Reflected XSS.This issue affects Nooni: from n/a through < 1.5.1.

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25352 — WordPress MyDecor theme < 1.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup MyDecor mydecor allows Reflected XSS.This issue affects MyDecor: from n/a through < 1.5.…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25351 — WordPress MyMedi theme < 1.7.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup MyMedi mymedi allows Reflected XSS.This issue affects MyMedi: from n/a through < 1.7.7.

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25350 — WordPress Miti theme < 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through < 1.5.3.

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25349 — WordPress Loobek theme < 1.5.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Loobek loobek allows Reflected XSS.This issue affects Loobek: from n/a through < 1.5.2.

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25347 — WordPress WP REST Cache plugin <= 2026.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acato WP REST Cache wp-rest-cache allows Stored XSS.This issue affects WP REST Cache: from n/a th…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25346 — WordPress FAQ Builder AYS plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control S…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25345 — WordPress SimpLy Gallery plugin <= 3.3.2 - Arbitrary Code Execution vulnerability

Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affec…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25344 — WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review S…

| Information Disclosure
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25342 — WordPress Boutique theme < 2.4.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kutethemes Boutique kute-boutique allows Reflected XSS.This issue affects Boutique: from n/a thro…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25341 — WordPress RSFirewall! plugin <= 1.1.45 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a throu…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25340 — WordPress Jobmonster theme < 4.8.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from…

| Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-25339 — WordPress Contact Form by WPForms plugin <= 1.9.8.7 - Sensitive Data Exposure vulnerabili…

Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Retrieve Embedded Sensitive Data.This issue affects Contact Form by WPForms:…

| Information Disclosure
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
Showing 20 of 6035 Results