Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-27385 — WordPress DesignThemes Portfolio plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vul…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio designthemes-portfolio allows Reflected XSS.This issue affect…

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
0.0 NA
CVE-2026-27384 — WordPress W3 Total Cache plugin <= 2.9.1 - Arbitrary Code Execution vulnerability

Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total …

w3_total_cache | Authorization
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2026-27383 — WordPress Metro theme <= 2.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Metro metro allows PHP Local File Inclusion.This issue affects Met…

| Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2026-27382 — WordPress Metro theme <= 2.13 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through <= 2.13.

| Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-27381 — WordPress Aora theme <= 1.3.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: fro…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
0.0 NA
CVE-2026-27379 — WordPress NextScripts plugin <= 4.4.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through <= 4…

social_networks_auto_poster | Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.1 HIGH
CVE-2026-27376 — WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected C…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issu…

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
0.0 NA
CVE-2026-27375 — WordPress Gecko theme <= 1.9.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through <= 1.9.8.

| Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.5 HIGH
CVE-2026-27374 — WordPress WooCommerce Order Details plugin <= 3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in vanquish WooCommerce Order Details woocommerce-order-details allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooComme…

Remote | Authorization
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
0.0 NA
CVE-2026-27373 — WordPress Tablesome plugin <= 1.2.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Essekia Tablesome tablesome allows Blind SQL Injection.This issue affects Tablesome: from n/a thr…

tablesome | Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.5 HIGH
CVE-2026-27370 — WordPress Chaty plugin <= 3.5.1 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty: from n/a through <= 3.5.1.

chaty | Remote | Information Disclosure
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
0.0 NA
CVE-2026-27369 — WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6.

| Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.1 HIGH
CVE-2026-27367 — WordPress Musico theme <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through <= 3.2.…

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
0.0 NA
CVE-2026-27363 — WordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Cross Site Scripting (XSS) vuln…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Stored XSS.This issue af…

| Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
6.5 MEDIUM
CVE-2026-27362 — WordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Broken Access Control vulnerabi…

Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP …

Remote | Authorization
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
0.0 NA
CVE-2026-27361 — WordPress Responsive Posts Carousel Pro plugin <= 15.1 - Broken Access Control vulnerabil…

Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af…

| Authorization
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.1 HIGH
CVE-2026-27359 — WordPress Awa Plugins plugin <= 1.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fox-themes Awa Plugins awa-plugins allows Reflected XSS.This issue affects Awa Plugins: from n/a …

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
0.0 NA
CVE-2026-27358 — WordPress Architecturer theme <= 3.8.8 - Reflected Cross Site Scripting (XSS) vulnerabili…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Architecturer architecturer allows Reflected XSS.This issue affects Architecturer: fro…

| Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
6.5 MEDIUM
CVE-2026-27354 — WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Cross Site Scrip…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product allows Stor…

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
0.0 NA
CVE-2026-27353 — WordPress Grand News | Magazine Newspaper WordPress theme <= 3.4.3 - Reflected Cross Site…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand News grandnews allows Reflected XSS.This issue affects Grand News: from n/a thro…

| Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
Showing 20 of 5070 Results