Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

7.1

HIGH

CVE-2025-23719

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zckevin ZhinaTwitterWidget allows Reflected XSS.This issue affects ZhinaTwitterWidget: from n/a through 1.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-66151

Missing Authorization vulnerability in merkulove Countdowner for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Countdowner for Elementor: from n/a through 1.0.4....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
4.3

MEDIUM

CVE-2025-62133

Cross-Site Request Forgery (CSRF) vulnerability in Manidoraisamy FormFacade allows Cross Site Request Forgery.This issue affects FormFacade: from n/a through 1.4.1....

Affected Products : formfacade
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery
5.3

MEDIUM

CVE-2025-63001

Missing Authorization vulnerability in nicdark Hotel Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through 3.8....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.4

MEDIUM

CVE-2025-62091

Missing Authorization vulnerability in Vollstart Serial Codes Generator and Validator with WooCommerce Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serial Codes Generator and Validator with WooCommerce...

Affected Products : serial_codes_generator_and_validator_with_woocommerce_support
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.4

MEDIUM

CVE-2025-62108

Missing Authorization vulnerability in SaifuMak Add Custom Codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Custom Codes: from n/a through 4.80....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.4

MEDIUM

CVE-2025-62120

Cross-Site Request Forgery (CSRF) vulnerability in Rick Beckman OpenHook allows Cross Site Request Forgery.This issue affects OpenHook: from n/a through 4.3.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery
6.5

MEDIUM

CVE-2025-62758

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Funnelforms Funnelforms Free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through 3.8....

Affected Products : funnelforms_free
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-63000

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP for church Sermon Manager allows Stored XSS.This issue affects Sermon Manager: from n/a through 2.30.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62742

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Curator.Io allows Stored XSS.This issue affects Curator.Io: from n/a through 1.9.5....

Affected Products : curator.io
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-63005

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 10.7.9....

Affected Products : wordpress_tooltips
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62125

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshul Gangrade Custom Background Changer custom-background-changer allows Stored XSS.This issue affects Custom Background Changer: from n/a through 3.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62118

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kcseopro AdWords Conversion Tracking Code allows Stored XSS.This issue affects AdWords Conversion Tracking Code: from n/a through 1.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-62888

Missing Authorization vulnerability in Marco Milesi WP Attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through 5.2....

Affected Products : wp_attachments
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.9

MEDIUM

CVE-2025-62140

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.65....

Affected Products : locatoraid_store_locator
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-62134

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.5.1....

Affected Products : contact_form_widget
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery
6.5

MEDIUM

CVE-2025-62096

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Maximum Products per User for WooCommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through 4.4....

Affected Products : maximum_products_per_user_for_woocommerce
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-62144

Missing Authorization vulnerability in Mohammed Kaludi Core Web Vitals & PageSpeed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.27....

Affected Products : core_web_vitals_\&_pagespeed_booster
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.3

MEDIUM

CVE-2025-63031

Missing Authorization vulnerability in WP Grids EasyTest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through 1.0.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.3

MEDIUM

CVE-2025-62122

Missing Authorization vulnerability in Solwininfotech Trash Duplicate and 301 Redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trash Duplicate and 301 Redirect: from n/a through 1.9.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization

Showing 20 of 4502 Results

Browse by Apps

Latest CVE Feed

7.1

5.4

4.3

5.3

5.4

5.4

5.4

6.5

6.5

6.5

6.5

6.5

6.5

5.4

5.9

5.4

6.5

5.4

5.3

5.3

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable