Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2025-24750

    Missing Authorization vulnerability in ExactMetrics ExactMetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ExactMetrics: from n/a through 8.1.0.... Read more

    Affected Products : exactmetrics
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24746

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2.... Read more

    Affected Products : popup_maker
    • Published: Jan. 24, 2025
    • Modified: Mar. 28, 2025

  • 4.3

    MEDIUM
    CVE-2025-24739

    Cross-Site Request Forgery (CSRF) vulnerability in FluentSMTP & WPManageNinja Team FluentSMTP allows Cross Site Request Forgery. This issue affects FluentSMTP: from n/a through 2.2.80.... Read more

    Affected Products : fluentsmtp
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-24738

    Cross-Site Request Forgery (CSRF) vulnerability in NowButtons.com Call Now Button allows Cross Site Request Forgery. This issue affects Call Now Button: from n/a through 1.4.13.... Read more

    Affected Products : call_now_button
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-24736

    Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Duplicator: from n/a through 2.35.... Read more

    Affected Products : post_duplicator
    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2025-24733

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AddonMaster Post Grid Master allows PHP Local File Inclusion. This issue affects Post Grid Master: from n/a through 3.4.12.... Read more

    Affected Products : post_grid_master
    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2025-24732

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking & Appointment - Repute Infosystems BookingPress allows DOM-Based XSS. This issue affects BookingPress: from n/a through 1.1.25.... Read more

    Affected Products : bookingpress
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24731

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IP2Location Download IP2Location Country Blocker allows Stored XSS. This issue affects Download IP2Location Country Blocker: from n/a through 2.38.3.... Read more

    Affected Products : country_blocker
    • Published: Jan. 24, 2025
    • Modified: Aug. 12, 2025

  • 6.5

    MEDIUM
    CVE-2025-24730

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rextheme WP VR allows DOM-Based XSS. This issue affects WP VR: from n/a through 8.5.14.... Read more

    Affected Products : wp_vr
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24729

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.3.... Read more

    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.5

    HIGH
    CVE-2025-24728

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yannick Lefebvre Bug Library allows Blind SQL Injection. This issue affects Bug Library: from n/a through 2.1.4.... Read more

    Affected Products : bug_library
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24727

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Contact Form Email allows Stored XSS. This issue affects Contact Form Email: from n/a through 1.3.52.... Read more

    Affected Products : contact_form_email
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24726

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Conctact Form 7 allows Stored XSS. This issue affects HT Conctact Form 7: from n/a through 1.2.1.... Read more

    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-24725

    Missing Authorization vulnerability in ThimPress Thim Elementor Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Elementor Kit: from n/a through 1.2.8.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24724

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite allows Cross Site Request Forgery. This issue affects Side Menu Lite: from n/a through 5.3.1.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24723

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Booking Calendar Contact Form allows Stored XSS. This issue affects Booking Calendar Contact Form: from n/a through 1.2.55.... Read more

    Affected Products : booking_calendar
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24722

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in F.A.Q Builder Team FAQ Builder AYS allows Stored XSS. This issue affects FAQ Builder AYS: from n/a through 1.7.3.... Read more

    Affected Products : faq_builder
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24721

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Easy YouTube Gallery allows Stored XSS. This issue affects Easy YouTube Gallery: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24720

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1.... Read more

    Affected Products : sticky_buttons
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24719

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Widget Countdown allows Stored XSS. This issue affects Widget Countdown: from n/a through 2.7.1.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
Showing 20 of 291150 Results