Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-25443 — WordPress Fraud Prevention For Woocommerce plugin <= 2.3.3 - Arbitrary Content Deletion v…

Missing Authorization vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Exploiting Incorrectly Configured Access Con…

fraud_prevention_for_woocommerce | Remote | Authorization
Mar 19, 2026 Apr 01, 2026
Mar 19, 2026
Apr 01, 2026
7.1 HIGH
CVE-2026-25442 — WordPress Kentha theme <= 4.7.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes Kentha kentha allows Reflected XSS.This issue affects Kentha: from n/a through <= 4.…

Remote | Cross-Site Scripting
Mar 19, 2026 Apr 01, 2026
Mar 19, 2026
Apr 01, 2026
7.1 HIGH
CVE-2026-25438 — WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected C…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks allows Reflected XSS.This issue affects Gutenberg Blo…

gutenberg_blocks | Remote | Cross-Site Scripting
Mar 19, 2026 Apr 01, 2026
Mar 19, 2026
Apr 01, 2026
5.4 MEDIUM
CVE-2026-21788 — HCL Connections is vulnerable to cross-site scripting (XSS)

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executi…

connections | Remote | Cross-Site Scripting
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
7.1 HIGH
CVE-2025-68836 — WordPress Table of Contents Creator plugin <= 1.6.4.1 - Reflected Cross Site Scripting (X…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table of Contents Creator allows Reflected XSS.This issue affects Table of Contents …

Remote | Cross-Site Scripting
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
7.1 HIGH
CVE-2025-67618 — WordPress Brookside theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4.

Remote | Cross-Site Scripting
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
6.5 MEDIUM
CVE-2025-62043 — WordPress WPCasa plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPSight WPCasa allows DOM-Based XSS.This issue affects WPCasa: from n/a through 1.4.1.

Remote | Cross-Site Scripting
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
9.8 CRITICAL
CVE-2025-60237 — WordPress Finag theme <= 1.5.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0.

Remote | Injection
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
9.8 CRITICAL
CVE-2025-60233 — WordPress Zuut theme <= 1.4.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2.

Remote | Injection
Mar 19, 2026 Mar 19, 2026
Mar 19, 2026
Mar 19, 2026
7.1 HIGH
CVE-2025-53222 — WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vu…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-I…

Remote | Cross-Site Scripting
Mar 19, 2026 Apr 01, 2026
Mar 19, 2026
Apr 01, 2026
7.1 HIGH
CVE-2025-50001 — WordPress tagDiv Composer plugin <= 5.4.2 - Reflected Cross Site Scripting (XSS) vulnerab…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from …

composer | Remote | Cross-Site Scripting
Mar 19, 2026 Apr 01, 2026
Mar 19, 2026
Apr 01, 2026
6.5 MEDIUM
CVE-2025-32223 — WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerabil…

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/…

tutor_lms | Remote | Authorization
Mar 19, 2026 Apr 01, 2026
Mar 19, 2026
Apr 01, 2026
Showing 20 of 6492 Results