Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-9514 — Totolink CA750-PoE Setting cstecgi.cgi setNetworkDiag os command injection

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation …

| Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
5.4 MEDIUM
CVE-2026-32389 — WordPress NanoCare theme < 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Linethemes NanoCare allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects NanoCare: from n/a before 1.2.2.

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
6.5 MEDIUM
CVE-2026-42763 — WordPress SePay Gateway plugin <= 1.1.20 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve Embedded Sensitive Data. This issue affects SePay Gateway: from n/a through 1.1.20.

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
9.3 CRITICAL
CVE-2026-42773 — WordPress eMagicOne Store Manager plugin <= 1.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eMagicOne eMagicOne Store Manager allows Blind SQL Injection. This issue affects eMagicOne Store…

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
9.3 CRITICAL
CVE-2026-42774 — WordPress JetEngine plugin <= 3.8.8.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crocoblock JetEngine allows SQL Injection. This issue affects JetEngine: from n/a through 3.8.8.…

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
6.3 MEDIUM
CVE-2026-42776 — WordPress Sunshine Photo Cart plugin <= 3.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a throu…

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
7.5 HIGH
CVE-2026-45209 — WordPress MyCryptoCheckout plugin <= 2.161 - Broken Access Control vulnerability

Missing Authorization vulnerability in edward_plainview MyCryptoCheckout allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyCryptoCheckout: from n/a throug…

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.8 HIGH
CVE-2026-45216 — WordPress Smart Manager plugin <= 8.85.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0.

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
0.0 NA
CVE-2026-9513 — Totolink CA750-PoE Setting cstecgi.cgi NTPSyncWithHost os command injection

A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulat…

| Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
6.5 MEDIUM
CVE-2026-45217 — WordPress Stripe Payment Gateway for WooCommerce plugin <= 5.0.7 - Broken Authentication …

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe Payment Gateway for WooCommerce allows Password Recovery Exploitation. This issue affects Stripe Payment Ga…

Remote | Authentication
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
6.5 MEDIUM
CVE-2026-45435 — WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a thr…

Remote | Cross-Site Scripting
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
7.5 HIGH
CVE-2026-45438 — WordPress Smart Coupons for WooCommerce plugin < 2.3.0 - Broken Access Control vulnerabil…

Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Coupons for WooCommer…

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
7.1 HIGH
CVE-2026-39436 — WordPress CformsII plugin <= 15.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in bgermann CformsII allows Cross Site Request Forgery. This issue affects CformsII: from n/a through 15.1.3.

Remote | Cross-Site Request Forgery
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
0.0 NA
CVE-2026-9512 — Totolink CA750-PoE Setting cstecgi.cgi setPasswordCfg os command injection

A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performin…

| Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
7.2 HIGH
CVE-2026-24937 — WordPress Broadcast Live Video plugin < 7.1.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in VideoWhisper.Com Broadcast Live Video allows Code Injection. This issue affects Broadcast Live Video: from n/a before 7.1.3.

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
8.5 HIGH
CVE-2026-48837 — WordPress Unlimited Elements For Elementor plugin <= 2.0.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elemen…

Remote | Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
0.0 NA
CVE-2026-9511 — Totolink CA750-PoE Setting cstecgi.cgi setWebWlanIdx os command injection

A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argu…

| Injection
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
5.3 MEDIUM
CVE-2026-27357 — WordPress WP Search Analytics plugin < 1.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cornel Raiu WP Search Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Search Analytics: from n/a befor…

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
5.3 MEDIUM
CVE-2026-27398 — WordPress RSVP and Event Management plugin <= 2.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill RSVP and Event Management allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RSVP and Event Management: from …

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
4.9 MEDIUM
CVE-2026-27346 — WordPress B2BKing plugin < 5.2.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10.

Remote | Authorization
May 25, 2026 May 25, 2026
May 25, 2026
May 25, 2026
Showing 20 of 5861 Results