Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2025-32281

    Missing Authorization vulnerability in FocuxTheme WPKit For Elementor allows Privilege Escalation. This issue affects WPKit For Elementor: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authorization

  • 7.1

    HIGH
    CVE-2025-31428

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddhaThemes HYDRO allows Reflected XSS. This issue affects HYDRO: from n/a through 2.8.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-31067

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Seven Stars allows Stored XSS. This issue affects Seven Stars: from n/a through 1.4.4.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-30992

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Puca allows PHP Local File Inclusion. This issue affects Puca: from n/a through 2.6.33.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-30972

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan Woocommerce Line Notify allows Stored XSS. This issue affects Woocommerce Line Notify: from n/a through 1.1.7.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-28998

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in serpednet SERPed.net allows PHP Local File Inclusion. This issue affects SERPed.net: from n/a through 4.6.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 8.6

    HIGH
    CVE-2025-28993

    Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Content No Cache allows Code Injection. This issue affects Content No Cache: from n/a through 0.1.3.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 8.1

    HIGH
    CVE-2025-28990

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Vicky allows PHP Local File Inclusion. This issue affects SNS Vicky: from n/a through 3.7.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-28988

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aharonyan WP Front User Submit / Front Editor allows Reflected XSS. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.3.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-28970

    Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic allows Object Injection. This issue affects WP Optimize By xTraffic: from n/a through 5.1.6.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Injection

  • 7.1

    HIGH
    CVE-2025-28960

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in regibaer Evangelische Termine allows Reflected XSS. This issue affects Evangelische Termine: from n/a through 3.3.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-28956

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphobby Backwp allows Reflected XSS. This issue affects Backwp: from n/a through 2.0.2.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-28947

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme MBStore - Digital WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects MBStore - Digital WooCommer... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 8.1

    HIGH
    CVE-2025-28946

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme PrintXtore allows PHP Local File Inclusion. This issue affects PrintXtore: from n/a through 1.7.5.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 7.1

    HIGH
    CVE-2025-27361

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google allows Reflected XSS. This issue affects Photo Express for Google: from n/a through 0.3.2.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-25173

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FasterThemes FastBook allows Stored XSS. This issue affects FastBook: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-25171

    Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemesGrove WP SmartPay allows Authentication Abuse. This issue affects WP SmartPay: from n/a through 2.7.13.... Read more

    Affected Products : wp_smartpay
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Authentication

  • 7.1

    HIGH
    CVE-2025-24774

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce allows Reflected XSS. This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.1

    HIGH
    CVE-2025-24769

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Zenny allows PHP Local File Inclusion. This issue affects Zenny: from n/a through 1.7.5.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal

  • 7.7

    HIGH
    CVE-2025-24765

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RobMarsh Image Shadow allows Path Traversal. This issue affects Image Shadow: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293344 Results