Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2025-31560

    Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system allows Privilege Escalation. This issue affects Salon booking system: from n/a through 10.11.... Read more

    Affected Products : salon_booking_system
    • Published: Apr. 01, 2025
    • Modified: Apr. 14, 2025
    • Vuln Type: Authorization

  • 9.3

    CRITICAL
    CVE-2025-31553

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting allows SQL Injection. This issue affects Advanced WooCommerce Product Sales Reporting: from n/a th... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-31552

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.4.8.... Read more

    Affected Products : rsvpmaker
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-31551

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salesmate.io Salesmate Add-On for Gravity Forms allows SQL Injection. This issue affects Salesmate Add-On for Gravity Forms: from n/a through 2.0.3.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2025-31550

    Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in thom4 WP-LESS allows Retrieve Embedded Sensitive Data. This issue affects WP-LESS: from 1.9.3 through 3.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-31548

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Tuhin Ultimate Push Notifications allows Reflected XSS. This issue affects Ultimate Push Notifications: from n/a through 1.1.8.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31537

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in madfishdigital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS. This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.16.... Read more

    Affected Products : bulk_noindex_\&_nofollow_toolkit
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-31534

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shopperdotcom Shopper allows SQL Injection. This issue affects Shopper: from n/a through 3.2.5.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2025-31531

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in click5 History Log by click5 allows SQL Injection. This issue affects History Log by click5: from n/a through 1.0.13.... Read more

    Affected Products : sitemap_by_click5
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-31525

    Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Menu allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Mobile Bottom Menu: from n/a through 1.2.9.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-31462

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rzfarrell CGM Event Calendar allows Reflected XSS. This issue affects CGM Event Calendar: from n/a through 0.8.5.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31461

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound NanoSupport allows Reflected XSS. This issue affects NanoSupport: from n/a through 0.6.0.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31455

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Limit Max IPs Per User allows DOM-Based XSS. This issue affects Limit Max IPs Per User: from n/a through 1.5.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31454

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Delete Post Revision allows Reflected XSS. This issue affects Delete Post Revision: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31446

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jiangmiao WP Cleaner allows Reflected XSS. This issue affects WP Cleaner: from n/a through 1.1.5.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31445

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pages Order allows Reflected XSS. This issue affects Pages Order: from n/a through 1.1.3.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31441

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in S WordPress Galleria allows Reflected XSS. This issue affects WordPress Galleria: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31431

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Bookmarks allows Reflected XSS. This issue affects WP Bookmarks: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-31097

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ho3einie Material Dashboard allows PHP Local File Inclusion. This issue affects Material Dashboard: from n/a through 1.4.5.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Path Traversal

  • 8.5

    HIGH
    CVE-2025-31089

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fahad Mahmood Order Splitter for WooCommerce allows SQL Injection. This issue affects Order Splitter for WooCommerce: from n/a through 5.3.0.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Injection
Showing 20 of 293284 Results