Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-30624

    Missing Authorization vulnerability in WordLift WordLift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordLift: from n/a through 3.54.4.... Read more

    Affected Products : wordlift
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-29013

    Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Category/Post Type Post order: from n/a through 1.5.9.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-29011

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer YouTube Simple Gallery allows Stored XSS. This issue affects YouTube Simple Gallery: from n/a through 2.2.0.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-29010

    Missing Authorization vulnerability in eleopard Behance Portfolio Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 4.9

    MEDIUM
    CVE-2025-29008

    Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark allows Server Side Request Forgery. This issue affects SocialMark: from n/a through 2.0.7.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.3

    MEDIUM
    CVE-2025-29006

    Missing Authorization vulnerability in centangle Direct Checkout for WooCommerce Lite allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Direct Checkout for WooCommerce Lite: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-29005

    Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR Management Lite allows Cross Site Request Forgery. This issue affects HR Management Lite: from n/a through 3.3.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-29003

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mva7 The Holiday Calendar allows Stored XSS. This issue affects The Holiday Calendar: from n/a through 1.18.2.1.... Read more

    Affected Products : the_holiday_calendar
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-28997

    Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-28996

    Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-28995

    Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-28994

    Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 5.9

    MEDIUM
    CVE-2025-28989

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arildur Read More Login allows Stored XSS. This issue affects Read More Login: from n/a through 2.0.3.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.2

    HIGH
    CVE-2025-28986

    Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin allows SQL Injection. This issue affects Epicwin Plugin: from n/a through 1.5.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2025-28985

    Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-28984

    Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce allows Cross Site Request Forgery. This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through 1.3.7.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-28981

    Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options allows Stored XSS. This issue affects WP Mail Options: from n/a through 0.2.3.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-28974

    Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP allows Stored XSS. This issue affects Free WP Mail SMTP: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-28966

    Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive allows Stored XSS. This issue affects Recent Posts Slider Responsive: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-28964

    Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 291520 Results