Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

6.5

MEDIUM

CVE-2025-62991

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Minamaze allows Stored XSS.This issue affects Minamaze: from n/a through 1.10.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-63032

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Consulting allows Stored XSS.This issue affects Consulting: from n/a through 1.5.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-62117

Cross-Site Request Forgery (CSRF) vulnerability in Jayce53 EasyIndex easyindex allows Cross Site Request Forgery.This issue affects EasyIndex: from n/a through 1.1.1704....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery
5.9

MEDIUM

CVE-2025-49337

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janhenckens Dashboard Beacon allows Stored XSS.This issue affects Dashboard Beacon: from n/a through 1.2.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-49355

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ikaes Accessibility Press allows Stored XSS.This issue affects Accessibility Press: from n/a through 1.0.2....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-66146

Missing Authorization vulnerability in merkulove Logger for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logger for Elementor: from n/a through 1.0.9....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.9

MEDIUM

CVE-2025-62140

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plainware Locatoraid Store Locator allows Stored XSS.This issue affects Locatoraid Store Locator: from n/a through 3.9.65....

Affected Products : locatoraid_store_locator
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-62134

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.5.1....

Affected Products : contact_form_widget
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery
6.5

MEDIUM

CVE-2025-62096

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Maximum Products per User for WooCommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through 4.4....

Affected Products : maximum_products_per_user_for_woocommerce
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-62144

Missing Authorization vulnerability in Mohammed Kaludi Core Web Vitals & PageSpeed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.27....

Affected Products : core_web_vitals_\&_pagespeed_booster
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.3

MEDIUM

CVE-2025-62147

Missing Authorization vulnerability in Nik Melnik Realbig allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through 1.1.3....

Affected Products : realbig
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.4

MEDIUM

CVE-2025-66144

Missing Authorization vulnerability in merkulove Worker for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for Elementor: from n/a through 1.0.10....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.3

MEDIUM

CVE-2025-63031

Missing Authorization vulnerability in WP Grids EasyTest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through 1.0.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
8.5

HIGH

CVE-2025-28949

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a t...

Affected Products : mediabay_-_wordpress_media_library_folders
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Injection
6.5

MEDIUM

CVE-2025-62756

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lvaudore The Moneytizer allows DOM-Based XSS.This issue affects The Moneytizer: from n/a through 10.0.6....

Affected Products : the_moneytizer
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.3

MEDIUM

CVE-2025-62145

Missing Authorization vulnerability in NewClarity DMCA Protection Badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through 2.2.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.3

MEDIUM

CVE-2025-63016

Missing Authorization vulnerability in Quadlayers QuadLayers TikTok Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through 4.6.4....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.3

MEDIUM

CVE-2025-62079

Missing Authorization vulnerability in Damian WP Export Categories & Taxonomies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Export Categories & Taxonomies: from n/a through 1.0.3....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
8.5

HIGH

CVE-2025-30628

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) allows SQL Injection.This issue affects Amazon Affiliates Addon for ...

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Injection
4.3

MEDIUM

CVE-2025-62148

Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.Txt rewrite allows Cross Site Request Forgery.This issue affects Robots.Txt rewrite: from n/a through 1.6.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery

Showing 20 of 4460 Results

Browse by Apps

Latest CVE Feed

6.5

6.5

5.4

5.9

5.9

5.4

5.9

5.4

6.5

5.4

5.3

5.4

5.3

8.5

6.5

5.3

5.3

5.3

8.5

4.3

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable