Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2025-4691

    The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'view_request_details' due to missing validation o... Read more

    • Published: May. 31, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-5375

    A vulnerability was found in PHPGurukul HPGurukul Online Birth Certificate System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/registered-users.php. The manipulation of the argument del leads to sql injection... Read more

    Affected Products : online_birth_certificate_system
    • Published: May. 31, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-5374

    A vulnerability was found in PHPGurukul Online Birth Certificate System 2.0 and classified as critical. This issue affects some unknown processing of the file /admin/all-applications.php. The manipulation of the argument del leads to sql injection. The at... Read more

    Affected Products : online_birth_certificate_system
    • Published: May. 31, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-5373

    A vulnerability has been found in PHPGurukul Online Birth Certificate System 2.0 and classified as critical. This vulnerability affects unknown code of the file /admin/users-applications.php. The manipulation of the argument userid leads to sql injection.... Read more

    Affected Products : online_birth_certificate_system
    • Published: May. 31, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5371

    A vulnerability, which was classified as critical, has been found in SourceCodester Health Center Patient Record Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin.php. The manipulation of the argument Use... Read more

    • Published: May. 31, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Injection

  • 6.4

    MEDIUM
    CVE-2025-5290

    The Borderless – Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes ... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-3813

    The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. This ... Read more

    Affected Products : royal_elementor_addons
    • Published: May. 31, 2025
    • Modified: Jul. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-5292

    The Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content’ parameter in all versions up to, and inc... Read more

    Affected Products : element_pack
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-5285

    The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmlTag’ parameter in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possib... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-4672

    The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback() function in versions 2.2.1 to 2.15.2. This makes it possible for authenticated attackers, with Contribu... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-4631

    The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the save_object_as_user() function for objects wh... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-4607

    The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forge... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authentication

  • 6.4

    MEDIUM
    CVE-2025-4595

    The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up to, and including, 3.0.1 due to insufficient input sanitization and out... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.4

    MEDIUM
    CVE-2025-4590

    The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisycon_uitvaart' shortcode in all versions up to, and including, 4.8.4 due to insufficient input sanitization and output escaping on user ... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-4103

    The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wp_ajax_wpgm_start_geojson_import() function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber... Read more

    Affected Products :
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2025-5370

    A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack... Read more

    Affected Products : news_portal news_portal_project
    • Published: May. 31, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-5369

    A vulnerability classified as critical has been found in SourceCodester PHP Display Username After Login 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible to launc... Read more

    Affected Products : display_username_after_login
    • Published: May. 31, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-5368

    A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /expense-yearwise-reports-detailed.php. The manipulation of the argument todate leads to sql in... Read more

    Affected Products : daily_expense_tracker_system
    • Published: May. 31, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection

  • 4.7

    MEDIUM
    CVE-2025-5016

    The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 (Free) and 2.27.6 (Premium) due to insufficient input sanitization and output escapi... Read more

    Affected Products : relevanssi
    • Published: May. 31, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-5367

    A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument Product leads to sql injection. The attack ca... Read more

    • Published: May. 31, 2025
    • Modified: Jun. 03, 2025
    • Vuln Type: Injection
Showing 20 of 291794 Results