Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.1

HIGH

CVE-2025-49345

Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through 3.1.2....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery
7.1

HIGH

CVE-2025-31054

Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery
6.5

MEDIUM

CVE-2025-28973

Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Path Traversal
5.4

MEDIUM

CVE-2025-66160

Missing Authorization vulnerability in merkulove Select Graphist for Elementor Graphist for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Select Graphist for Elementor Graphist for Elementor: from n/a...

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.9

MEDIUM

CVE-2025-62124

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soli WP Post Signature allows Stored XSS.This issue affects WP Post Signature: from n/a through 0.4.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-49344

Cross-Site Request Forgery (CSRF) vulnerability in Rene Ade SensitiveTagCloud allows Stored XSS.This issue affects SensitiveTagCloud: from n/a through 1.4.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery
7.1

HIGH

CVE-2025-59137

Cross-Site Request Forgery (CSRF) vulnerability in eLEOPARD Behance Portfolio Manager allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through 1.7.5....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery
5.9

MEDIUM

CVE-2025-59135

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eLEOPARD Behance Portfolio Manager allows Stored XSS.This issue affects Behance Portfolio Manager: from n/a through 1.7.5....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-66153

Missing Authorization vulnerability in merkulove Headinger for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headinger for Elementor: from n/a through 1.1.4....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.4

MEDIUM

CVE-2025-66152

Missing Authorization vulnerability in merkulove Criptopayer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Criptopayer for Elementor: from n/a through 1.0.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.9

MEDIUM

CVE-2025-62989

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boxy Studio Cooked allows Stored XSS.This issue affects Cooked: from n/a through 1.11.2....

Affected Products : cooked
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-68885

Cross-Site Request Forgery (CSRF) vulnerability in Page Carbajal Custom Post Status allows Stored XSS.This issue affects Custom Post Status: from n/a through 1.1.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery
7.5

HIGH

CVE-2025-62753

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MadrasThemes MAS Videos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through 1.3.2....

Affected Products :
Published: Dec. 30, 2025

Modified: Dec. 31, 2025

Vuln Type: Path Traversal
5.4

MEDIUM

CVE-2025-62088

Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n...

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Server-Side Request Forgery
5.3

MEDIUM

CVE-2025-62755

Unauthenticated Broken Access Control in GS Portfolio for Envato <= 1.4.2 versions....

Affected Products : gs_portfolio_for_envato
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.3

MEDIUM

CVE-2025-62079

Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Taxonomies: from n/a through 1.0.3....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.4

MEDIUM

CVE-2025-62134

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.5.1....

Affected Products : contact_form_widget
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery
5.9

MEDIUM

CVE-2025-62140

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.65....

Affected Products : locatoraid_store_locator
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-66150

Missing Authorization vulnerability in merkulove Appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through 1.1.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
6.5

MEDIUM

CVE-2025-62757

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebMan Design | Oliver Juhas WebMan Amplifier allows DOM-Based XSS.This issue affects WebMan Amplifier: from n/a through 1.5.12....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting

Showing 20 of 4485 Results

Browse by Apps

Latest CVE Feed

7.1

7.1

6.5

5.4

5.9

7.1

7.1

5.9

5.4

5.4

5.9

7.1

7.5

5.4

5.3

5.3

5.4

5.9

5.4

6.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable