Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-28881

    Cross-Site Request Forgery (CSRF) vulnerability in mg12 Mobile Themes allows Cross Site Request Forgery. This issue affects Mobile Themes: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-28879

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aumsrini Bee Layer Slider allows Stored XSS. This issue affects Bee Layer Slider: from n/a through 1.1.... Read more

    Affected Products : bee_layer_slider
    • Published: Mar. 11, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-28878

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Will Brubaker Awesome Surveys allows Stored XSS. This issue affects Awesome Surveys: from n/a through 2.0.10.... Read more

    Affected Products : awesome_surveys
    • Published: Mar. 11, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-28876

    Cross-Site Request Forgery (CSRF) vulnerability in Skrill_Team Skrill Official allows Cross Site Request Forgery. This issue affects Skrill Official: from n/a through 1.0.65.... Read more

    Affected Products : skrill
    • Published: Mar. 11, 2025
    • Modified: Apr. 09, 2025

  • 5.9

    MEDIUM
    CVE-2025-28875

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Email Assign Templates allows Stored XSS. This issue affects BP Email Assign Templates: from n/a through 1.6.... Read more

    Affected Products : bp_email_assign_templates
    • Published: Mar. 11, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-28874

    Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BP Email Assign Templates: from n/a through 1.6.... Read more

    Affected Products : bp_email_assign_templates
    • Published: Mar. 11, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-28872

    Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4.... Read more

    Affected Products : block_spam_by_math_reloaded
    • Published: Mar. 11, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-28871

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jwpegram Block Spam By Math Reloaded allows Stored XSS. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4.... Read more

    Affected Products : block_spam_by_math_reloaded
    • Published: Mar. 11, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-28870

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in amocrm amoCRM WebForm allows DOM-Based XSS. This issue affects amoCRM WebForm: from n/a through 1.1.... Read more

    Affected Products : amocrm
    • Published: Mar. 11, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-28868

    Cross-Site Request Forgery (CSRF) vulnerability in ZipList ZipList Recipe allows Cross Site Request Forgery. This issue affects ZipList Recipe: from n/a through 3.1.... Read more

    Affected Products : recipes ziplist_recipe
    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-28867

    Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter allows Cross Site Request Forgery. This issue affects Frontpage category filter: from n/a through 1.0.2.... Read more

    Affected Products : frontpage_category_filter
    • Published: Mar. 11, 2025
    • Modified: Mar. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-28866

    Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger allows Cross Site Request Forgery. This issue affects Login Logger: from n/a through 1.2.1.... Read more

    Affected Products : login_logger
    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-28864

    Cross-Site Request Forgery (CSRF) vulnerability in Planet Studio Builder for Contact Form 7 by Webconstruct allows Cross Site Request Forgery. This issue affects Builder for Contact Form 7 by Webconstruct: from n/a through 1.2.2.... Read more

    Affected Products : builder_for_contact_form_7
    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-28863

    Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image allows Cross Site Request Forgery. This issue affects Delete Original Image: from n/a through 0.4.... Read more

    Affected Products : delete_original_image
    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-28862

    Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover allows Cross Site Request Forgery. This issue affects Comment Date and Gravatar remover: from n/a through 1.0.... Read more

    Affected Products : comment_date_and_gravatar_remover
    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-28861

    Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker allows Stored XSS. This issue affects WP jQuery Persian Datepicker: from n/a through 0.1.0.... Read more

    Affected Products : wp_jquery_persian_datepicker
    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-28860

    Cross-Site Request Forgery (CSRF) vulnerability in PPDPurveyor Google News Editors Picks Feed Generator allows Stored XSS. This issue affects Google News Editors Picks Feed Generator: from n/a through 2.1.... Read more

    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025

  • 8.8

    HIGH
    CVE-2025-28859

    Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice allows Cross Site Request Forgery. This issue affects Maintenance Notice: from n/a through 1.0.5.... Read more

    Affected Products : maintenance_notice
    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-28857

    Cross-Site Request Forgery (CSRF) vulnerability in rankchecker Rankchecker.io Integration allows Stored XSS. This issue affects Rankchecker.io Integration: from n/a through 1.0.9.... Read more

    Affected Products : rankchecker
    • Published: Mar. 11, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-28856

    Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats allows Cross Site Request Forgery. This issue affects W3Counter Free Real-Time Web Stats: from n/a through 4.1.... Read more

    Affected Products : w3counter
    • Published: Mar. 11, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293435 Results