Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2025-68037 — WordPress Export Media URLs plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerab…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atlas Gondal Export Media URLs export-media-urls allows Reflected XSS.This issue affects Export M…

export_all_urls | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
6.5 MEDIUM
CVE-2025-68032 — WordPress Advanced WC Analytics plugin <= 3.19.0 - Settings Change vulnerability

Missing Authorization vulnerability in Passionate Brains Advanced WC Analytics advance-wc-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced…

Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
7.1 HIGH
CVE-2025-68031 — WordPress افزونه پیامک حرفه ای فراز اس ام اس plugin <= 2.7.3 - Reflected Cross Site Scrip…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افز…

Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
6.5 MEDIUM
CVE-2025-68028 — WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control …

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4…

Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2025-68026 — WordPress LC Wizard plugin <= 2.1.1 - Settings Change vulnerability

Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.…

Remote | Authorization
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
6.5 MEDIUM
CVE-2025-68025 — WordPress Addonify Floating Cart For WooCommerce plugin <= 1.2.17 - Broken Access Control…

Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affect…

Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2025-68024 — WordPress Addonify – WooCommerce Wishlist plugin <= 2.0.15 - Settings Change vulnerability

Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify –…

Remote | Authorization
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
6.5 MEDIUM
CVE-2025-68023 — WordPress Addonify – Compare Products For WooCommerce plugin <= 1.1.17 - Settings Change …

Missing Authorization vulnerability in Addonify Addonify &#8211; Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.Thi…

Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
6.3 MEDIUM
CVE-2025-68022 — WordPress Plugin BlueX for WooCommerce plugin <= 3.1.6 - Broken Access Control vulnerabil…

Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin…

Remote | Authorization
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
6.5 MEDIUM
CVE-2025-68021 — WordPress ConveyThis plugin <= 269.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a throu…

Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2025-68005 — WordPress Easy Hotel Booking plugin <= 1.8.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a …

Remote | Authorization
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
6.5 MEDIUM
CVE-2025-68002 — WordPress Open User Map plugin <= 1.4.16 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 100plugins Open User Map open-user-map allows Path Traversal.This issue affects Open User Map: from n/a…

open_user_map | Remote | Path Traversal
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2025-68000 — WordPress Testimonial Slider plugin <= 2.0.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n…

Remote | Authorization
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.8 HIGH
CVE-2025-67998 — WordPress Miraculous Elementor plugin <= 2.0.7 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a…

Remote | Authentication
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
9.8 CRITICAL
CVE-2025-67997 — WordPress Travelicious theme < 1.6.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7.

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
9.8 CRITICAL
CVE-2025-67996 — WordPress Nestin theme < 1.2.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through < 1.2.6.

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
9.8 CRITICAL
CVE-2025-67995 — WordPress PatioTime theme < 2.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injection.This issue affects PatioTime: from n/a through < 2.1.

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.5 HIGH
CVE-2025-67994 — WordPress YayCurrency plugin <= 3.3 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in YayCommerce YayCurrency yaycurrency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayCurrency: from n/a through <= …

Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
6.5 MEDIUM
CVE-2025-67993 — WordPress Atarim plugin <= 4.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a throug…

Remote | Authorization
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.1 HIGH
CVE-2025-67992 — WordPress PatioTime theme < 2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affec…

Remote | Path Traversal
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
Showing 20 of 5069 Results