Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.9

MEDIUM

CVE-2025-62140

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.65....

Affected Products : locatoraid_store_locator
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
7.1

HIGH

CVE-2025-50053

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin & Your native, mobile iPhone App and Android App allows Reflected XSS.This issue affects Blappsta Mobile App Plugin ...

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-62117

Cross-Site Request Forgery (CSRF) vulnerability in Jayce53 EasyIndex easyindex allows Cross Site Request Forgery.This issue affects EasyIndex: from n/a through 1.1.1704....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery
6.5

MEDIUM

CVE-2025-63032

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Consulting allows Stored XSS.This issue affects Consulting: from n/a through 1.5.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62991

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Minamaze allows Stored XSS.This issue affects Minamaze: from n/a through 1.10.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-62149

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SaifuMak Add Custom Codes allows Stored XSS.This issue affects Add Custom Codes: from n/a through 4.80....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62744

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Steman Page Title Splitter allows Stored XSS.This issue affects Page Title Splitter: from n/a through 2.5.9....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62749

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bainternet User Specific Content allows DOM-Based XSS.This issue affects User Specific Content: from n/a through 1.0.6....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62748

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Genetech Products Web and WooCommerce Addons for WPBakery Builder allows DOM-Based XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder...

Affected Products : web_and_woocommerce_addons_for_wpbakery_builder
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-49358

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ruhul Amin Content Fetcher allows DOM-Based XSS.This issue affects Content Fetcher: from n/a through 1.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62136

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Melos allows Stored XSS.This issue affects Melos: from n/a through 1.6.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62760

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-63005

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 10.7.9....

Affected Products : wordpress_tooltips
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.3

MEDIUM

CVE-2025-15223

A vulnerability was found in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. Impacted is an unknown function of the file /login.php. Performing manipulation of the argument Username results in cross site scripting. The attack is...

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-62119

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ViitorCloud Technologies Pvt Ltd Add Featured Image Custom Link allows DOM-Based XSS.This issue affects Add Featured Image Custom Link: from n/a through ...

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-62750

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filipe Seabra WooCommerce Parcelas allows DOM-Based XSS.This issue affects WooCommerce Parcelas: from n/a through 1.3.5....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62097

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SEOthemes SEO Slider allows DOM-Based XSS.This issue affects SEO Slider: from n/a through 1.1.1....

Affected Products : seo_slider
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62111

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webvitaly Extra Shortcodes allows Stored XSS.This issue affects Extra Shortcodes: from n/a through 2.2....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.3

MEDIUM

CVE-2025-49338

Missing Authorization vulnerability in Flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through 1.1.5....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
4.3

MEDIUM

CVE-2025-49356

Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through 1.2.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization

Showing 20 of 4098 Results

Browse by Apps

Latest CVE Feed

5.9

7.1

5.4

6.5

6.5

5.9

6.5

6.5

6.5

6.5

6.5

6.5

6.5

5.3

5.9

5.9

6.5

6.5

5.3

4.3

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable