Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2025-54050

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Addons for Elementor allows Stored XSS. This issue affects Responsive Addons for Elementor: from n/a through 1.7.3.... Read more

    Affected Products : responsive_addons_for_elementor
    • Published: Jul. 16, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-54047

    Missing Authorization vulnerability in QuanticaLabs Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cost Calculator: from n/a through 7.4.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 7.6

    HIGH
    CVE-2025-54043

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for Amazon SES allows SQL Injection. This issue affects SMTP for Amazon SES: from n/a through 1.9.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2025-54042

    Cross-Site Request Forgery (CSRF) vulnerability in xfinitysoft WP Post Hide allows Cross Site Request Forgery. This issue affects WP Post Hide: from n/a through 1.0.9.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-54041

    Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet System for WooCommerce allows Cross Site Request Forgery. This issue affects Wallet System for WooCommerce: from n/a through 2.6.7.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-54039

    Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator allows Cross Site Request Forgery. This issue affects Animator: from n/a through 3.0.16.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-54038

    Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaurant Menu by MotoPress allows Cross Site Request Forgery. This issue affects Restaurant Menu by MotoPress: from n/a through 2.4.6.... Read more

    Affected Products : restaurant_menu
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-54037

    Missing Authorization vulnerability in blazethemes News Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects News Kit Elementor Addons: from n/a through 1.3.4.... Read more

    Affected Products : news_kit_elementor_addons
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-54036

    Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment Booking Webba Booking allows Cross Site Request Forgery. This issue affects Webba Booking: from n/a through 5.1.20.... Read more

    Affected Products : webba_booking
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-54035

    Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Newsletters allows Cross Site Request Forgery. This issue affects Newsletters: from n/a through 4.10.... Read more

    Affected Products : newsletters
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-54033

    Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP Theme Builder For Elementor allows Cross Site Request Forgery. This issue affects Theme Builder For Elementor: from n/a through 1.2.3.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-54030

    Cross-Site Request Forgery (CSRF) vulnerability in GSheetConnector by WesternDeal WooCommerce Google Sheet Connector allows Cross Site Request Forgery. This issue affects WooCommerce Google Sheet Connector: from n/a through 1.3.20.... Read more

    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.5

    HIGH
    CVE-2025-54026

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuanticaLabs GymBase Theme Classes allows SQL Injection. This issue affects GymBase Theme Classes: from n/a through 1.4.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-54024

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affects WPAdverts: from n/a through 2.2.5.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-54023

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Delicious WP Delicious allows DOM-Based XSS. This issue affects WP Delicious: from n/a through 1.8.4.... Read more

    Affected Products : wp_delicious
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-54022

    Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Cross Site Request Forgery. This issue affects Coupon Affiliates: from n/a through 6.4.0.... Read more

    Affected Products : coupon_affiliates
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-54020

    Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for Contact Form 7 allows Cross Site Request Forgery. This issue affects AntiSpam for Contact Form 7: from n/a through 0.6.3.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-54018

    Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-Up banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CM Pop-Up banners: from n/a through 1.8.4.... Read more

    Affected Products : cm_popup
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-54016

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Gilman Videopack allows DOM-Based XSS. This issue affects Videopack: from n/a through 4.10.3.... Read more

    Affected Products :
    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.6

    MEDIUM
    CVE-2025-54015

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins HT Contact Form 7 allows PHP Local File Inclusion. This issue affects HT Contact Form 7: from n/a through 2.0.0.... Read more

    • Published: Jul. 16, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Path Traversal
Showing 20 of 291400 Results