Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-24693

    Missing Authorization vulnerability in Yehi Advanced Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Notifications: from n/a through 1.2.7.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-24691

    Missing Authorization vulnerability in Gagan Sandhu , Enej Bajgoric , CTLT DEV, UBC People Lists allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects People Lists: from n/a through 1.3.10.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24687

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lars Wallenborn Show/Hide Shortcode allows Stored XSS. This issue affects Show/Hide Shortcode: from n/a through 1.0.0.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.6

    HIGH
    CVE-2025-24683

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill RSVP and Event Management Plugin allows SQL Injection. This issue affects RSVP and Event Management Plugin: from n/a through 2.7.14.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-24682

    Missing Authorization vulnerability in mikemmx Super Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Block Slider: from n/a through 2.7.9.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24681

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows Stored XSS. This issue affects Product Carousel Slider & Grid Ultimate for WooCommer... Read more

    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 4.3

    MEDIUM
    CVE-2025-24679

    Missing Authorization vulnerability in webraketen Internal Links Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Links Manager: from n/a through 2.5.2.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24678

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Listamester Listamester allows Stored XSS. This issue affects Listamester: from n/a through 2.3.4.... Read more

    Affected Products : listamester
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24675

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.2.... Read more

    Affected Products : wp_visitor_statistics
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24674

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Teplitsa. Technologies for Social Good ShMapper by Teplitsa allows Stored XSS. This issue affects ShMapper by Teplitsa: from n/a through 1.5.0.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 6.5

    MEDIUM
    CVE-2025-24673

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in AyeCode Ltd Ketchup Shortcodes allows Stored XSS. This issue affects Ketchup Shortcodes: from n/a through 0.1.2.... Read more

    Affected Products : ketchup_shortcodes
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.5

    HIGH
    CVE-2025-24672

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodePeople Form Builder CP allows SQL Injection. This issue affects Form Builder CP: from n/a through 1.2.41.... Read more

    Affected Products : form_builder_cp
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 8.5

    HIGH
    CVE-2025-24669

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SERPed SERPed.net allows SQL Injection. This issue affects SERPed.net: from n/a through 4.4.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24668

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle PPOM for WooCommerce allows Stored XSS. This issue affects PPOM for WooCommerce: from n/a through 33.0.8.... Read more

    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24666

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeIsle AI Chatbot for WordPress – Hyve Lite allows Stored XSS. This issue affects AI Chatbot for WordPress – Hyve Lite: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.6

    HIGH
    CVE-2025-24663

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Ruhul Amin, Josh Lobe Simple Download Monitor allows Blind SQL Injection. This issue affects Simple Download Monitor: from n/a throug... Read more

    Affected Products : simple_download_monitor
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 7.6

    HIGH
    CVE-2025-24659

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WordPress Download Manager Premium Packages allows Blind SQL Injection. This issue affects Premium Packages: from n/a through 5.9.6.... Read more

    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24658

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Hawes Auction Nudge – Your eBay on Your Site allows Stored XSS. This issue affects Auction Nudge – Your eBay on Your Site: from n/a through 7.2.0.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.9

    MEDIUM
    CVE-2025-24657

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee Wishlist for WooCommerce allows Stored XSS. This issue affects Wishlist for WooCommerce: from n/a through 2.1.2.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025

  • 5.4

    MEDIUM
    CVE-2025-24652

    Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6.... Read more

    Affected Products :
    • Published: Jan. 24, 2025
    • Modified: Jan. 24, 2025
Showing 20 of 291153 Results