Latest CVE Feed
CVE Intelligence
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Score
Vulnerability
Published
7.2
HIGH
CVE-2025-12886
— Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path
The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it possible for unau…
Remote
|
Server-Side Request Forgery
Mar 28, 2026
Apr 24, 2026
Mar 28, 2026
Apr 24, 2026
7.5
HIGH
CVE-2026-4987
— SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the crea…
Mar 28, 2026
Apr 24, 2026
Mar 28, 2026
Apr 24, 2026