Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.1

    HIGH
    CVE-2025-39424

    Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps allows Stored XSS. This issue affects Simple Maps: from n/a through 0.98.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39423

    Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header allows Stored XSS. This issue affects Add to Header: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39422

    Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking allows Stored XSS. This issue affects WP Social Bookmarking: from n/a through 3.6.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39421

    Cross-Site Request Forgery (CSRF) vulnerability in Mustafa KUCUK WP Sticky Side Buttons allows Stored XSS. This issue affects WP Sticky Side Buttons: from n/a through 2.1.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39420

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ruudkok WP Twitter Button allows Stored XSS. This issue affects WP Twitter Button: from n/a through 1.4.1.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-39419

    Cross-Site Request Forgery (CSRF) vulnerability in David Miller Revision Diet allows Stored XSS. This issue affects Revision Diet: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39418

    Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager allows Stored XSS. This issue affects RSS Manager: from n/a through 0.06.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39417

    Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page allows Stored XSS. This issue affects Redirect wordpress to welcome or landing page: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39416

    Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it! allows Stored XSS. This issue affects translit it!: from n/a through 1.6.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39415

    Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links allows Stored XSS. This issue affects Social Media Links: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39414

    Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper allows Stored XSS. This issue affects spam-stopper: from n/a through 3.1.3.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-32686

    Deserialization of Untrusted Data vulnerability in WP Speedo Team Members allows Object Injection. This issue affects Team Members: from n/a through 3.4.0.... Read more

    Affected Products : team_members
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025

  • 9.9

    CRITICAL
    CVE-2025-32682

    Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server. This issue affects MapSVG Lite: from n/a through 8.5.34.... Read more

    Affected Products : mapsvg_lite
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-32674

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce allows Reflected XSS. This issue affects Product Excel Import Export & Bulk Edit for Wo... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-32670

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Parnell Spark GF Failed Submissions allows Reflected XSS. This issue affects Spark GF Failed Submissions: from n/a through 1.3.5.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-32666

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hive Support Hive Support allows Reflected XSS. This issue affects Hive Support: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.3

    CRITICAL
    CVE-2025-32665

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebbyTemplate Office Locator allows SQL Injection. This issue affects Office Locator: from n/a through 1.3.0.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-32662

    Deserialization of Untrusted Data vulnerability in Stylemix uListing allows Object Injection. This issue affects uListing: from n/a through 2.2.0.... Read more

    Affected Products : ulisting
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-32660

    Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2.... Read more

    Affected Products : js_job_manager
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-32658

    Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Injection
Showing 20 of 293566 Results