Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-24725

    Missing Authorization vulnerability in ThimPress Thim Elementor Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Elementor Kit: from n/a through 1.2.8.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24724

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite allows Cross Site Request Forgery. This issue affects Side Menu Lite: from n/a through 5.3.1.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24723

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Booking Calendar Contact Form allows Stored XSS. This issue affects Booking Calendar Contact Form: from n/a through 1.2.55.... Read more

    Affected Products : booking_calendar
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24722

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in F.A.Q Builder Team FAQ Builder AYS allows Stored XSS. This issue affects FAQ Builder AYS: from n/a through 1.7.3.... Read more

    Affected Products : faq_builder
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24721

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Easy YouTube Gallery allows Stored XSS. This issue affects Easy YouTube Gallery: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24720

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Sticky Buttons allows Cross Site Request Forgery. This issue affects Sticky Buttons: from n/a through 4.1.1.... Read more

    Affected Products : sticky_buttons
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24719

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevart Widget Countdown allows Stored XSS. This issue affects Widget Countdown: from n/a through 2.7.1.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.8

    HIGH
    CVE-2025-24717

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4.... Read more

    Affected Products : modal_window
    • Published: Jan. 24, 2025
    • Modified: Jul. 03, 2025

  • 5.4

    MEDIUM
    CVE-2025-24716

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1.... Read more

    Affected Products : herd_effects
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24715

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box allows Cross Site Request Forgery. This issue affects Counter Box: from n/a through 2.0.5.... Read more

    Affected Products : counter_box
    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025

  • 5.4

    MEDIUM
    CVE-2025-24714

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu allows Cross Site Request Forgery. This issue affects Bubble Menu – circle floating menu: from n/a through 4.0.2.... Read more

    Affected Products : bubble_menu
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24713

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder allows Cross Site Request Forgery. This issue affects Button Generator – easily Button Builder: from n/a through 3.1.1.... Read more

    Affected Products : button_generator
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24712

    Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Radius Blocks allows Cross Site Request Forgery. This issue affects Radius Blocks: from n/a through 2.1.2.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24711

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Popup Box allows Cross Site Request Forgery. This issue affects Popup Box: from n/a through 3.2.4.... Read more

    Affected Products : popup_box
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24709

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plethora Plugins Plethora Plugins Tabs + Accordions allows Stored XSS. This issue affects Plethora Plugins Tabs + Accordions: from n/a through 1.1.5.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24706

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Stored XSS. This issue affects WC Marketplace: from n/a through 4.2.13.... Read more

    Affected Products : multivendorx
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.3

    MEDIUM
    CVE-2025-24705

    Missing Authorization vulnerability in Arshid WooCommerce Quick View allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Quick View: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24704

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sebastian Zaha Magic the Gathering Card Tooltips allows Stored XSS. This issue affects Magic the Gathering Card Tooltips: from n/a through 3.4.0.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 4.4

    MEDIUM
    CVE-2025-24703

    Server-Side Request Forgery (SSRF) vulnerability in DLX Plugins Comment Edit Core – Simple Comment Editing allows Server Side Request Forgery. This issue affects Comment Edit Core – Simple Comment Editing: from n/a through 3.0.33.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24702

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xagio Xagio SEO allows Stored XSS. This issue affects Xagio SEO: from n/a through 7.0.0.20.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
Showing 20 of 291157 Results