Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2025-24663

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Ruhul Amin, Josh Lobe Simple Download Monitor allows Blind SQL Injection. This issue affects Simple Download Monitor: from n/a throug... Read more

    Affected Products : simple_download_monitor
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.6

    HIGH
    CVE-2025-24659

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WordPress Download Manager Premium Packages allows Blind SQL Injection. This issue affects Premium Packages: from n/a through 5.9.6.... Read more

    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24658

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Hawes Auction Nudge – Your eBay on Your Site allows Stored XSS. This issue affects Auction Nudge – Your eBay on Your Site: from n/a through 7.2.0.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24657

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 2.1.2.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24652

    Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 9.1

    CRITICAL
    CVE-2025-24650

    Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3.... Read more

    Affected Products : tourfic
    • Published: Jan. 24, 2025
    • Modified: Jun. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-24649

    Missing Authorization vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24647

    Cross-Site Request Forgery (CSRF) vulnerability in datafeedr.com WooCommerce Cloak Affiliate Links allows Cross Site Request Forgery. This issue affects WooCommerce Cloak Affiliate Links: from n/a through 1.0.35.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24644

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Stored XSS. This issue affects WooCommerce PDF Invoices, Pac... Read more

    • Published: Jan. 24, 2025
    • Modified: Feb. 11, 2025

  • 6.5

    MEDIUM
    CVE-2025-24638

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pete Dring Create with Code allows DOM-Based XSS. This issue affects Create with Code: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.1

    HIGH
    CVE-2025-24636

    Cross-Site Request Forgery (CSRF) vulnerability in Laymance Technologies LLC MachForm Shortcode allows Stored XSS. This issue affects MachForm Shortcode: from n/a through 1.4.1.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24634

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Svetoslav Marinov (Slavi) Orbisius Simple Notice allows Stored XSS. This issue affects Orbisius Simple Notice: from n/a through 1.1.3.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.3

    MEDIUM
    CVE-2025-24633

    Missing Authorization vulnerability in silverplugins217 Build Private Store For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Build Private Store For Woocommerce: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Mar. 03, 2025

  • 6.5

    MEDIUM
    CVE-2025-24627

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linnea Huxford, LinSoftware Blur Text allows Stored XSS. This issue affects Blur Text: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-24625

    Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxonomy/Term and Role based Discounts for W... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-24623

    Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Security Really Simple SSL allows Cross Site Request Forgery. This issue affects Really Simple SSL: from n/a through 9.1.4.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24622

    Cross-Site Request Forgery (CSRF) vulnerability in PickPlugins Job Board Manager allows Cross Site Request Forgery. This issue affects Job Board Manager: from n/a through 2.1.59.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.8

    HIGH
    CVE-2025-24618

    Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1.... Read more

    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-24613

    Missing Authorization vulnerability in Foliovision FV Thoughtful Comments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FV Thoughtful Comments: from n/a through 0.3.5.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 4.9

    MEDIUM
    CVE-2025-24611

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Smackcoders WP Ultimate Exporter allows Absolute Path Traversal. This issue affects WP Ultimate Exporter: from n/a through 2.9.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
Showing 20 of 291138 Results