Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-39429

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Földesi, Mihály Széchenyi 2020 Logo allows PHP Local File Inclusion. This issue affects Széchenyi 2020 Logo: from n/a through 1.1.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Path Traversal

  • 5.9

    MEDIUM
    CVE-2025-39428

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders allows Stored XSS. This issue affects Gravity Forms CSS Themes with Fontawesome ... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-39427

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beth Tucker Long WP Post to PDF Enhanced allows Stored XSS. This issue affects WP Post to PDF Enhanced: from n/a through 1.1.1.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-39426

    Cross-Site Request Forgery (CSRF) vulnerability in illow illow – Cookies Consent allows Cross Site Request Forgery. This issue affects illow – Cookies Consent: from n/a through 0.2.0.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-39425

    Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager allows Cross Site Request Forgery. This issue affects Style Manager: from n/a through 2.2.7.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025

  • 7.1

    HIGH
    CVE-2025-39424

    Cross-Site Request Forgery (CSRF) vulnerability in simplemaps Simple Maps allows Stored XSS. This issue affects Simple Maps: from n/a through 0.98.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39423

    Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header allows Stored XSS. This issue affects Add to Header: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39422

    Cross-Site Request Forgery (CSRF) vulnerability in PResponsive WP Social Bookmarking allows Stored XSS. This issue affects WP Social Bookmarking: from n/a through 3.6.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39421

    Cross-Site Request Forgery (CSRF) vulnerability in Mustafa KUCUK WP Sticky Side Buttons allows Stored XSS. This issue affects WP Sticky Side Buttons: from n/a through 2.1.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39420

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ruudkok WP Twitter Button allows Stored XSS. This issue affects WP Twitter Button: from n/a through 1.4.1.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-39419

    Cross-Site Request Forgery (CSRF) vulnerability in David Miller Revision Diet allows Stored XSS. This issue affects Revision Diet: from n/a through 1.0.1.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39418

    Cross-Site Request Forgery (CSRF) vulnerability in ajayver RSS Manager allows Stored XSS. This issue affects RSS Manager: from n/a through 0.06.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39417

    Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page allows Stored XSS. This issue affects Redirect wordpress to welcome or landing page: from n/a through 2.0.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39416

    Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it! allows Stored XSS. This issue affects translit it!: from n/a through 1.6.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39415

    Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links allows Stored XSS. This issue affects Social Media Links: from n/a through 1.0.3.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-39414

    Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper allows Stored XSS. This issue affects spam-stopper: from n/a through 3.1.3.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-32686

    Deserialization of Untrusted Data vulnerability in WP Speedo Team Members allows Object Injection. This issue affects Team Members: from n/a through 3.4.0.... Read more

    Affected Products : team_members
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025

  • 9.9

    CRITICAL
    CVE-2025-32682

    Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server. This issue affects MapSVG Lite: from n/a through 8.5.34.... Read more

    Affected Products : mapsvg_lite
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Misconfiguration

  • 7.1

    HIGH
    CVE-2025-32674

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Product Excel Import Export & Bulk Edit for WooCommerce allows Reflected XSS. This issue affects Product Excel Import Export & Bulk Edit for Wo... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.1

    HIGH
    CVE-2025-32670

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Parnell Spark GF Failed Submissions allows Reflected XSS. This issue affects Spark GF Failed Submissions: from n/a through 1.3.5.... Read more

    Affected Products :
    • Published: Apr. 17, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293591 Results