Latest CVE Feed
CVE Intelligence
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Score
Vulnerability
Published
6.4
MEDIUM
CVE-2026-0626
— WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_op…
The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpf_optin_form' shortcode in all v…
Remote
|
Cross-Site Scripting
Apr 04, 2026
Apr 24, 2026
Apr 04, 2026
Apr 24, 2026
5.3
MEDIUM
CVE-2025-14938
— Listeo-Core - Directory Plugin by Purethemes <= 2.0.27 - Unauthenticated Arbitrary Media …
The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeo_core_handle_dropped_media" function. This is …
Remote
|
Authorization
Apr 04, 2026
Apr 24, 2026
Apr 04, 2026
Apr 24, 2026