Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

5.4

MEDIUM

CVE-2025-66154

Missing Authorization vulnerability in merkulove Couponer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Couponer for Elementor: from n/a through 1.1.7....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
4.3

MEDIUM

CVE-2025-62148

Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.Txt rewrite allows Cross Site Request Forgery.This issue affects Robots.Txt rewrite: from n/a through 1.6.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Request Forgery
4.3

MEDIUM

CVE-2025-62154

Missing Authorization vulnerability in Recorp AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Content Writing Assistant (Conte...

Affected Products : ai_content_writing_assistant
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.4

MEDIUM

CVE-2025-62098

Missing Authorization vulnerability in Totalsoft Portfolio Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery: from n/a through 1.4.8....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.3

MEDIUM

CVE-2025-49349

Missing Authorization vulnerability in Reuters News Agency Reuters Direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through 3.0.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.4

MEDIUM

CVE-2025-66155

Missing Authorization vulnerability in merkulove Questionar for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Questionar for Elementor: from n/a through 1.1.7....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
5.3

MEDIUM

CVE-2025-63031

Missing Authorization vulnerability in WP Grids EasyTest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through 1.0.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
6.1

MEDIUM

CVE-2021-47743

COMMAX Biometric Access Control System 1.0.0 contains an unauthenticated reflected cross-site scripting vulnerability in cookie parameters 'CMX_ADMIN_NM' and 'CMX_COMPLEX_NM'. Attackers can inject malicious HTML and JavaScript code into these cookie value...

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62095

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Neilgee Bootstrap Modals allows Stored XSS.This issue affects Bootstrap Modals: from n/a through 1.3.2....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-63020

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wayne Allen Postie postie allows Stored XSS.This issue affects Postie: from n/a through 1.9.73....

Affected Products : postie
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-62888

Missing Authorization vulnerability in Marco Milesi WP Attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through 5.2....

Affected Products : wp_attachments
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
7.1

HIGH

CVE-2025-52739

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-63032

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Consulting allows Stored XSS.This issue affects Consulting: from n/a through 1.5.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62991

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThinkUpThemes Minamaze allows Stored XSS.This issue affects Minamaze: from n/a through 1.10.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.9

MEDIUM

CVE-2025-62149

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SaifuMak Add Custom Codes allows Stored XSS.This issue affects Add Custom Codes: from n/a through 4.80....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62742

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Curator.Io allows Stored XSS.This issue affects Curator.Io: from n/a through 1.9.5....

Affected Products : curator.io
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
5.4

MEDIUM

CVE-2025-66145

Missing Authorization vulnerability in merkulove Worker for WPBakery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Worker for WPBakery: from n/a through 1.1.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Authorization
6.5

MEDIUM

CVE-2025-62759

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Series allows Stored XSS.This issue affects Series: from n/a through 2.0.1....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-62758

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Funnelforms Funnelforms Free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through 3.8....

Affected Products : funnelforms_free
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting
6.5

MEDIUM

CVE-2025-63000

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP for church Sermon Manager allows Stored XSS.This issue affects Sermon Manager: from n/a through 2.30.0....

Affected Products :
Published: Dec. 31, 2025

Modified: Dec. 31, 2025

Vuln Type: Cross-Site Scripting

Showing 20 of 3998 Results

Browse by Apps

Latest CVE Feed

5.4

4.3

4.3

5.4

5.3

5.4

5.3

6.1

6.5

6.5

5.4

7.1

6.5

6.5

5.9

6.5

5.4

6.5

6.5

6.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable