Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2026-22372 — WordPress Isida theme <= 1.4.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allows PHP Local File Inclusion.This issue affects Is…

Remote | Injection
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
8.1 HIGH
CVE-2026-22371 — WordPress Gustavo theme <= 1.2.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gustavo gustavo allows PHP Local File Inclusion.This issue affect…

Remote | Path Traversal
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.1 HIGH
CVE-2026-22370 — WordPress Marveland theme <= 1.3.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Marveland marveland allows PHP Local File Inclusion.This issue aff…

Remote | Path Traversal
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
8.1 HIGH
CVE-2026-22369 — WordPress Ironfit theme <= 1.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ironfit ironfit allows PHP Local File Inclusion.This issue affect…

Remote | Path Traversal
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.1 HIGH
CVE-2026-22368 — WordPress Redy theme <= 1.0.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Redy redy allows PHP Local File Inclusion.This issue affects Redy:…

Remote | Path Traversal
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
8.1 HIGH
CVE-2026-22367 — WordPress Coworking theme <= 1.6.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Coworking coworking allows PHP Local File Inclusion.This issue af…

Remote | Path Traversal
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.1 HIGH
CVE-2026-22366 — WordPress Jude theme <= 1.3.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion.This issue affects Jude:…

Remote | Path Traversal
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
9.8 CRITICAL
CVE-2026-22365 — WordPress Soleng theme <= 1.0.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects S…

Remote | Path Traversal
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.1 HIGH
CVE-2026-22364 — WordPress SevenTrees theme <=1.0.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue a…

Remote | Path Traversal
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
8.1 HIGH
CVE-2026-22363 — WordPress Rhodos theme <= 1.3.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rhodos rhodos allows PHP Local File Inclusion.This issue affects R…

Remote | Path Traversal
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.1 HIGH
CVE-2026-22362 — WordPress Photolia theme <= 1.0.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion.This issue affec…

Remote | Path Traversal
Feb 20, 2026 Feb 20, 2026
Feb 20, 2026
Feb 20, 2026
8.1 HIGH
CVE-2026-22361 — WordPress A-Mart theme <= 1.0.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes A-Mart a-mart allows PHP Local File Inclusion.This issue affects A…

Remote | Path Traversal
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.1 HIGH
CVE-2026-22357 — WordPress Link Whisper Free plugin <= 0.9.0 - Reflected Cross Site Scripting (XSS) vulner…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper …

link_whisper_free | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
7.5 HIGH
CVE-2026-22356 — WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue …

jetpack_crm | Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.8 HIGH
CVE-2026-22354 — WordPress Woocommerce Category Banner Management plugin <= 2.5.1 - PHP Object Injection v…

Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce allows Object Injection.This issue affects Woocommerce Category Ba…

Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
7.1 HIGH
CVE-2026-22352 — WordPress Persian Woocommerce SMS plugin <= 7.1.1 - Reflected Cross Site Scripting (XSS) …

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue aff…

persian_woocommerce_sms | Remote | Cross-Site Scripting
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
6.5 MEDIUM
CVE-2026-22351 — WordPress WP FullCalendar plugin <= 1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar:…

wp_fullcalendar | Remote | Authorization
Feb 20, 2026 Feb 23, 2026
Feb 20, 2026
Feb 23, 2026
6.5 MEDIUM
CVE-2026-22350 — WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.3.1 - Brok…

Missing Authorization vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Exploiting Incorrectly Configured Access Control Security Le…

Remote | Authorization
Feb 20, 2026 Feb 25, 2026
Feb 20, 2026
Feb 25, 2026
8.8 HIGH
CVE-2026-22346 — WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.5.4 -…

Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slide…

slider_responsive_slideshow | Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
8.8 HIGH
CVE-2026-22345 — WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plu…

Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects I…

image_gallery | Remote | Injection
Feb 20, 2026 Feb 24, 2026
Feb 20, 2026
Feb 24, 2026
Showing 20 of 5272 Results