Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-39598

    Path Traversal vulnerability in Quý Lê 91 Administrator Z allows Path Traversal. This issue affects Administrator Z: from n/a through 2025.03.28.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Path Traversal

  • 4.7

    MEDIUM
    CVE-2025-39597

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Arthur Yarwood Fast eBay Listings allows Phishing. This issue affects Fast eBay Listings: from n/a through 2.12.15.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-39593

    Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting allows Cross Site Request Forgery. This issue affects Ever Accounting: from n/a through 2.1.5.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-39592

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Unlock Lite allows PHP Local File Inclusion. This issue affects Subscribe to Unlock Lite: from n/a through 1.3... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Path Traversal

  • 5.4

    MEDIUM
    CVE-2025-39591

    Missing Authorization vulnerability in WP Shuffle WP Subscription Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms: from n/a through 1.2.3.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-39590

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS. This issue affects Essential Addons for Elementor: from n/a through 6.1.9.... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-39589

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9.... Read more

    Affected Products : essential_addons_for_elementor
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Information Disclosure

  • 6.5

    MEDIUM
    CVE-2025-39585

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Travelfic Toolkit allows Stored XSS. This issue affects Travelfic Toolkit: from n/a through 1.2.1.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-39584

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25.... Read more

    Affected Products : eventin
    • Published: Apr. 16, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Path Traversal

  • 6.5

    MEDIUM
    CVE-2025-39582

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Passionate Programmer Peter WP Data Access allows DOM-Based XSS. This issue affects WP Data Access: from n/a through 5.5.36.... Read more

    Affected Products : wp_data_access
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-39581

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Shortcodes allows Stored XSS. This issue affects Themify Shortcodes: from n/a through 2.1.3.... Read more

    Affected Products : themify_shortcodes
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-39579

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Membership For WooCommerce allows DOM-Based XSS. This issue affects Membership For WooCommerce: from n/a through 2.8.0.... Read more

    Affected Products : membership_for_woocommerce
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-39578

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.2.... Read more

    Affected Products : responsive_blocks
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-39577

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive allows Stored XSS. This issue affects PropertyHive: from n/a through 2.1.2.... Read more

    Affected Products : propertyhive
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-39576

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows Stored XSS. This issue affects WPAdverts: from n/a through 2.2.1.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-39575

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSight WPCasa allows Stored XSS. This issue affects WPCasa: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-39574

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Shortcodes allows Stored XSS. This issue affects Uix Shortcodes: from n/a through 2.0.4.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-39573

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.10.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2025-39572

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Checkout for PayPal allows Stored XSS. This issue affects Checkout for PayPal: from n/a through 1.0.38.... Read more

    Affected Products : checkout_for_paypal
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-39571

    Missing Authorization vulnerability in WPXPO WowStore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowStore: from n/a through 4.2.4.... Read more

    Affected Products : wowstore
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization
Showing 20 of 293527 Results