Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2025-32691

    Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.4.... Read more

    Affected Products : powerpress
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Server-Side Request Forgery

  • 6.5

    MEDIUM
    CVE-2025-32690

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato PowerPress Podcasting allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through 11.12.5.... Read more

    Affected Products : powerpress
    • Published: Apr. 09, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.6

    HIGH
    CVE-2025-32685

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries allows SQL Injection. This issue affects WP Inquiries: from n/a through 0.2.1.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 5.0

    MEDIUM
    CVE-2025-32684

    Missing Authorization vulnerability in RomanCode MapSVG Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MapSVG Lite: from n/a through 8.5.32.... Read more

    Affected Products : mapsvg_lite
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-32683

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RomanCode MapSVG Lite allows DOM-Based XSS. This issue affects MapSVG Lite: from n/a through 8.5.32.... Read more

    Affected Products : mapsvg_lite
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.9

    MEDIUM
    CVE-2025-32680

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Grade Us, Inc. Review Stream allows Stored XSS. This issue affects Review Stream: from n/a through 1.6.7.... Read more

    Affected Products : review_stream
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2025-32679

    Cross-Site Request Forgery (CSRF) vulnerability in ZealousWeb User Registration Using Contact Form 7 allows Cross Site Request Forgery. This issue affects User Registration Using Contact Form 7: from n/a through 2.2.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-32678

    Cross-Site Request Forgery (CSRF) vulnerability in Ashish Ajani WP Show Stats allows Cross Site Request Forgery. This issue affects WP Show Stats: from n/a through 1.5.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.6

    HIGH
    CVE-2025-32677

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer allows Blind SQL Injection. This issue affects WP Social Stream Designer: from n/a through 1.3.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 7.6

    HIGH
    CVE-2025-32676

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect allows Blind SQL Injection. This issue affects Verowa Connect: from n/a through 3.0.5.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Injection

  • 6.8

    MEDIUM
    CVE-2025-32675

    Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help allows Server Side Request Forgery. This issue affects SEO Help: from n/a through 6.6.0.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Server-Side Request Forgery

  • 7.1

    HIGH
    CVE-2025-32673

    Cross-Site Request Forgery (CSRF) vulnerability in epeken Epeken All Kurir allows Stored XSS. This issue affects Epeken All Kurir: from n/a through 1.4.6.2.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-32669

    Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack allows Stored XSS. This issue affects Mergado Pack: from n/a through 4.1.1.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-32667

    Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms allows Stored XSS. This issue affects Doppler Forms: from n/a through 2.4.5.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-32664

    Cross-Site Request Forgery (CSRF) vulnerability in ashokbasnet Nepali Date Utilities allows Stored XSS. This issue affects Nepali Date Utilities: from n/a through 1.0.13.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-32661

    Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive US Map allows Stored XSS. This issue affects Interactive US Map: from n/a through 2.7.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-32659

    Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro for WooCommerce allows Stored XSS. This issue affects FraudLabs Pro for WooCommerce: from n/a through 2.22.7.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-32645

    Cross-Site Request Forgery (CSRF) vulnerability in Hiren Patel Custom Posts Order allows Stored XSS. This issue affects Custom Posts Order: from n/a through 4.4.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.1

    HIGH
    CVE-2025-32644

    Cross-Site Request Forgery (CSRF) vulnerability in ip2location IP2Location World Clock allows Stored XSS. This issue affects IP2Location World Clock: from n/a through 1.1.9.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 10.0

    CRITICAL
    CVE-2025-32642

    Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7.... Read more

    Affected Products :
    • Published: Apr. 09, 2025
    • Modified: Apr. 09, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 293508 Results