Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.1 HIGH
CVE-2026-57422 — WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.2.0 - Reflected Cross Sit…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Bopo – WooCommerce Product Bundle Builder bopo-woo-product-bundle-builder allows Refle…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57421 — WordPress CRM Perks Forms plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms crm-perks-forms allows Reflected XSS.This issue affects CRM Perks Forms…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.5 MEDIUM
CVE-2026-57420 — WordPress Author Box WP Lens plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Netrr Author Box WP Lens author-box-for-divi allows Stored XSS.This issue affects Author Box WP L…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.5 MEDIUM
CVE-2026-57419 — WordPress Stock Locations for WooCommerce plugin <= 3.1.8 - Broken Access Control vulnera…

Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.5 MEDIUM
CVE-2026-57418 — WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.13 - Broken Access Control v…

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client I…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57417 — WordPress Cart Lift plugin <= 3.1.57 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme Cart Lift cart-lift allows Stored XSS.This issue affects Cart Lift: from n/a through <= …

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57416 — WordPress SiteGround Email Marketing plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnera…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SiteGround SiteGround Email Marketing siteground-email-marketing allows Stored XSS.This issue aff…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57415 — WordPress Gift Vouchers plugin <= 4.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codemenschen Gift Vouchers gift-voucher allows Stored XSS.This issue affects Gift Vouchers: from …

gift_vouchers | Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.5 MEDIUM
CVE-2026-57414 — WordPress ChatBot for eCommerce – WoowBot plugin <= 4.6.1 - Cross Site Scripting (XSS) vu…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud ChatBot for eCommerce &#8211; WoowBot woowbot-woocommerce-chatbot allows Stored XSS.…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.4 MEDIUM
CVE-2026-57413 — WordPress Instant Image Generator plugin <= 2.1.4 - Server Side Request Forgery (SSRF) vu…

Server-Side Request Forgery (SSRF) vulnerability in bdthemes Instant Image Generator ai-image allows Server Side Request Forgery.This issue affects Instant Image Generator: from n/a through <= 2.1.4.

Remote | Server-Side Request Forgery
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.5 MEDIUM
CVE-2026-57412 — WordPress Gift Vouchers plugin <= 4.6.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codemenschen Gift Vouchers gift-voucher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Vouchers: from n/a throu…

gift_vouchers | Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57411 — WordPress CF7 Views – Complete Entry Management for Contact Form 7 plugin <= 3.2.2 - Cros…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman CF7 Views &#8211; Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XS…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
8.8 HIGH
CVE-2026-57410 — WordPress MailerPress plugin <= 2.0.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in MailerPress Team MailerPress mailerpress allows Privilege Escalation.This issue affects MailerPress: from n/a through <= 2.0.2.

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57409 — WordPress Active Products Tables for WooCommerce plugin <= 1.1.0 - Cross Site Scripting (…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows D…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.5 MEDIUM
CVE-2026-57408 — WordPress Peach Payments Gateway plugin <= 4.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach …

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.2 HIGH
CVE-2026-57407 — WordPress PDF Generator for WordPress plugin <= 1.6.2 - Server Side Request Forgery (SSRF…

Server-Side Request Forgery (SSRF) vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Server Side Request Forgery.This issue affects PDF Generator for WordPress: from …

pdf_generator_for_wordpress | Remote | Server-Side Request Forgery
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.5 MEDIUM
CVE-2026-57406 — WordPress FundEngine plugin <= 1.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor FundEngine wp-fundraising-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FundEngine: from n/a throug…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57405 — WordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through <= 1.7.1.

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.5 MEDIUM
CVE-2026-57404 — WordPress Booking and Rental Manager plugin <= 2.6.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.Thi…

Remote | Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.1 HIGH
CVE-2026-57403 — WordPress GD Security Headers plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Security Headers gd-security-headers allows Reflected XSS.This issue affects GD…

Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
Showing 20 of 7294 Results