Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-54735

    Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP Framework allows Privilege Escalation. This issue affects CubeWP Framework: from n/a through 1.1.24.... Read more

    Affected Products : cubewp
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 9.3

    CRITICAL
    CVE-2025-54726

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 9.8

    CRITICAL
    CVE-2025-54713

    Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Authentication Abuse. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.3.0.... Read more

    Affected Products : ecab_taxi_booking_manager
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 9.1

    CRITICAL
    CVE-2025-54677

    Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Using Malicious Files. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a throu... Read more

    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.1

    HIGH
    CVE-2025-54670

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bobbingwide oik allows Reflected XSS. This issue affects oik: from n/a through 4.15.2.... Read more

    Affected Products : oik
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.1

    HIGH
    CVE-2025-54056

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist allows Reflected XSS. This issue affects Responsive HTML5 Audio Player PRO With Playlist: fr... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.1

    HIGH
    CVE-2025-54055

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Druco allows Reflected XSS. This issue affects Druco: from n/a through 1.5.2.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 6.6

    MEDIUM
    CVE-2025-54053

    Deserialization of Untrusted Data vulnerability in Adrian Tobey Groundhogg allows Object Injection. This issue affects Groundhogg: from n/a through 4.2.2.... Read more

    Affected Products : groundhogg
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.5

    HIGH
    CVE-2025-54052

    Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Realtyna Organic IDX plugin allows PHP Local File Inclusion. This issue affects Realtyna Organic IDX plugin: from n/a through 5.0.0.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 9.9

    CRITICAL
    CVE-2025-54049

    Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n/a through 4.2.2.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 9.3

    CRITICAL
    CVE-2025-54048

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniOrange Custom API for WP allows SQL Injection. This issue affects Custom API for WP: from n/a through 4.2.2.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-54046

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator allows Stored XSS. This issue affects Cost Calculator: from n/a through 7.4.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.1

    HIGH
    CVE-2025-54044

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player allows Reflected XSS. This issue affects Elite Video Player: from n/a through 10.0.5.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-54040

    Missing Authorization vulnerability in Webba Appointment Booking Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 5.1.20.... Read more

    Affected Products : webba_booking
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.5

    HIGH
    CVE-2025-54034

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Tribulant Software Newsletters allows PHP Local File Inclusion. This issue affects Newsletters: from n/a through 4.10.... Read more

    Affected Products : newsletters
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.1

    HIGH
    CVE-2025-54032

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro allows Reflected XSS. This issue affects Real Estate Manager Pro: from n/a through 12.7.3.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 8.1

    HIGH
    CVE-2025-54031

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board allows PHP Local File Inclusion. This issue affects Support Board: from n/a through 3.8.0.... Read more

    Affected Products : support_board
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.5

    HIGH
    CVE-2025-54028

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team Tobias CF7 WOW Styler allows PHP Local File Inclusion. This issue affects CF7 WOW Styler: from n/a through 1.7.2.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 7.1

    HIGH
    CVE-2025-54027

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Schiocco Support Board allows Reflected XSS. This issue affects Support Board: from n/a through 3.8.0.... Read more

    Affected Products : support_board
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 6.5

    MEDIUM
    CVE-2025-54025

    Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.4.0.... Read more

    Affected Products : coupon_affiliates
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025
Showing 20 of 290958 Results