Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2025-54681

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Phishing. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 6.5

    MEDIUM
    CVE-2025-54680

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Blogger Buzz allows Stored XSS. This issue affects Blogger Buzz: from n/a through 1.2.6.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 7.5

    HIGH
    CVE-2025-54679

    Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Neon Channel Product Customizer Free: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 9.3

    CRITICAL
    CVE-2025-54678

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder allows Blind SQL Injection. This issue affects Easy Form Builder: from n/a through 3.8.15.... Read more

    Affected Products : easy_form_builder
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 6.5

    MEDIUM
    CVE-2025-54676

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS. This issue affects Online Booking & Scheduling Calendar for WordPres... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 4.3

    MEDIUM
    CVE-2025-54675

    Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup allows Cross Site Request Forgery. This issue affects YITH WooCommerce Popup: from n/a through 1.48.0.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 5.4

    MEDIUM
    CVE-2025-54674

    Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for WooCommerce: from n/a through 1.4.4.... Read more

    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 4.3

    MEDIUM
    CVE-2025-54673

    Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify allows Cross Site Request Forgery. This issue affects Chartify: from n/a through 3.5.3.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 4.3

    MEDIUM
    CVE-2025-54672

    Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine allows Cross Site Request Forgery. This issue affects Photo Engine: from n/a through 6.4.3.... Read more

    Affected Products : photo_engine
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 4.3

    MEDIUM
    CVE-2025-54671

    Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik allows Cross Site Request Forgery. This issue affects oik: from n/a through 4.15.2.... Read more

    Affected Products : oik
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 9.3

    CRITICAL
    CVE-2025-54669

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG allows SQL Injection. This issue affects MapSVG: from n/a through n/a.... Read more

    Affected Products : mapsvg
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 6.5

    MEDIUM
    CVE-2025-54668

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred allows Stored XSS. This issue affects myCred: from n/a through 2.9.4.3.... Read more

    Affected Products : mycred
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 5.3

    MEDIUM
    CVE-2025-54667

    Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue affects myCred: from n/a through 2.9.4.3.... Read more

    Affected Products : mycred
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 8.5

    HIGH
    CVE-2025-52823

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio allows SQL Injection. This issue affects Cube Portfolio: from n/a through 1.16.8.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 8.5

    HIGH
    CVE-2025-52820

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) allows SQL Injection. This issue affects WooCommerce Point Of Sale (POS): from n/a through 1.4.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 7.5

    HIGH
    CVE-2025-52806

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch allows PHP Local File Inclusion. This issue affects JobSearch: from n/a through 2.9.0.... Read more

    Affected Products : jobsearch_wp_job_board
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 7.3

    HIGH
    CVE-2025-52801

    Missing Authorization vulnerability in VonStroheim TheBooking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects TheBooking: from n/a through 1.4.4.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 7.3

    HIGH
    CVE-2025-52800

    Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 7.1

    HIGH
    CVE-2025-52788

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix allows Reflected XSS. This issue affects CaptionPix: from n/a through 1.8.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025

  • 7.1

    HIGH
    CVE-2025-52785

    Missing Authorization vulnerability in softnwords SMM API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMM API: from n/a through 6.0.30.... Read more

    Affected Products :
    • Published: Aug. 14, 2025
    • Modified: Aug. 14, 2025
Showing 20 of 290955 Results