Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    CVSS31
    CVE-2025-47691

    Improper Control of Generation of Code ('Code Injection') vulnerability in Ultimate Member Ultimate Member allows Code Injection. This issue affects Ultimate Member: from n/a through 2.10.3.... Read more

    Affected Products : ultimate_member
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.3

    CVSS31
    CVE-2025-47688

    Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1.... Read more

    Affected Products : advanced_file_manager
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.5

    CVSS31
    CVE-2025-47686

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DELUCKS DELUCKS SEO allows Stored XSS. This issue affects DELUCKS SEO: from n/a through 2.5.9.... Read more

    Affected Products : delucks_seo
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 7.1

    CVSS31
    CVE-2025-47685

    Cross-Site Request Forgery (CSRF) vulnerability in Moloni Contribuinte Checkout allows Stored XSS. This issue affects Contribuinte Checkout: from n/a through 2.0.02.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.4

    CVSS31
    CVE-2025-47684

    Cross-Site Request Forgery (CSRF) vulnerability in Smaily Smaily for WP allows Cross Site Request Forgery. This issue affects Smaily for WP: from n/a through 3.1.6.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 7.2

    CVSS31
    CVE-2025-47683

    Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance allows Object Injection. This issue affects WP Maintenance: from n/a through 6.1.9.7.... Read more

    Affected Products : wp_maintenance
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 4.3

    CVSS31
    CVE-2025-47681

    Cross-Site Request Forgery (CSRF) vulnerability in Ability, Inc Web Accessibility with Max Access allows Cross Site Request Forgery. This issue affects Web Accessibility with Max Access: from n/a through 2.0.9.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.5

    CVSS31
    CVE-2025-47679

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RS WP THEMES RS WP Book Showcase allows DOM-Based XSS. This issue affects RS WP Book Showcase: from n/a through 6.7.40.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.5

    CVSS31
    CVE-2025-47677

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gt3themes Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery allows Stored XSS. This issue affects Photo Gallery - GT3 Image Gallery & Gutenberg... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.5

    CVSS31
    CVE-2025-47676

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Faiyaz Alam User Login History allows Stored XSS. This issue affects User Login History: from n/a through 2.1.6.... Read more

    Affected Products : user-login-history
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.5

    CVSS31
    CVE-2025-47675

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woobox Woobox allows DOM-Based XSS. This issue affects Woobox: from n/a through 1.6.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 4.3

    CVSS31
    CVE-2025-47674

    Cross-Site Request Forgery (CSRF) vulnerability in Credova Financial Credova_Financial allows Cross Site Request Forgery. This issue affects Credova_Financial: from n/a through 2.5.0.... Read more

    Affected Products : financial
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.5

    CVSS31
    CVE-2025-47669

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sabuj Kundu CBX Map for Google Map & OpenStreetMap allows DOM-Based XSS. This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through 1.1.... Read more

    Affected Products : cbx_map
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.9

    CVSS31
    CVE-2025-47668

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cookiecode CookieCode allows Stored XSS. This issue affects CookieCode: from n/a through 2.4.4.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.4

    CVSS31
    CVE-2025-47667

    Cross-Site Request Forgery (CSRF) vulnerability in qusupport LiveAgent allows Cross Site Request Forgery. This issue affects LiveAgent: from n/a through 4.4.7.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.9

    CVSS31
    CVE-2025-47665

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bistromatic N360 | Splash Screen allows Stored XSS. This issue affects N360 | Splash Screen: from n/a through 1.0.6.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 4.4

    CVSS31
    CVE-2025-47664

    Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2.... Read more

    Affected Products : wp_pipes
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.5

    CVSS31
    CVE-2025-47662

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woobox Woobox allows Stored XSS. This issue affects Woobox: from n/a through 1.6.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 5.4

    CVSS31
    CVE-2025-47661

    Cross-Site Request Forgery (CSRF) vulnerability in codemstory 워드프레스 결제 심플페이 allows Cross Site Request Forgery. This issue affects 워드프레스 결제 심플페이: from n/a through 5.2.11.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025

  • 6.5

    CVSS31
    CVE-2025-47659

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements allows Stored XSS. This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through 1.0.4.... Read more

    Affected Products :
    • Published: May. 07, 2025
    • Modified: May. 08, 2025
Showing 20 of 462 Results
© cvefeed.io
Latest DB Update: May. 09, 2025 13:40