Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.1 CRITICAL
CVE-2026-23802 — WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through <= 3.3.2.

ai_engine | Remote | Misconfiguration
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
8.1 HIGH
CVE-2026-23801 — WordPress The Issue theme <= 1.6.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affec…

Remote | Path Traversal
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
6.5 MEDIUM
CVE-2026-23799 — WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5.

tutor_lms | Remote | Authorization
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
8.8 HIGH
CVE-2026-23798 — WordPress PowerPress Podcasting plugin <= 11.15.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10.

powerpress | Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
9.8 CRITICAL
CVE-2026-23767 — Epson ESC/POS Printer Unauthenticated Network Command Injection Vulnerability

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinati…

sb-h50_firmware sb-h50 tm-h6000v_firmware tm-h6000v tm-l100_firmware tm-l100 +42 more | Remote | Authentication
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
6.5 MEDIUM
CVE-2026-23546 — WordPress Classified Listing plugin <= 5.3.4 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing allows Retrieve Embedded Sensitive Data.This issue affects Classified Listing: fro…

classified_listing | Remote | Information Disclosure
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
9.8 CRITICAL
CVE-2026-22501 — WordPress Mounthood theme <= 1.3.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2.

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
9.8 CRITICAL
CVE-2026-22497 — WordPress Jardi theme <= 1.7.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2.

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
7.5 HIGH
CVE-2026-22479 — WordPress Easy Post Submission plugin <= 2.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Post Submiss…

Remote | Authorization
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
0.0 NA
CVE-2026-22478 — WordPress FindAll theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes FindAll findall allows PHP Local File Inclusion.This issue affec…

| Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-22477 — WordPress Felizia theme <= 1.3.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Felizia felizia allows PHP Local File Inclusion.This issue affect…

Remote | Path Traversal
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
0.0 NA
CVE-2026-22476 — WordPress Etchy theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Etchy etchy allows PHP Local File Inclusion.This issue affects E…

| Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.8 CRITICAL
CVE-2026-22475 — WordPress Estate theme <= 1.3.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4.

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
9.8 CRITICAL
CVE-2026-22474 — WordPress Equestrian Centre theme <= 1.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5.

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
8.8 HIGH
CVE-2026-22473 — WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7.

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
0.0 NA
CVE-2026-22471 — WordPress Secudeal Payments for Ecommerce plugin <= 1.1 - PHP Object Injection vulnerabil…

Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecomm…

| Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.1 HIGH
CVE-2026-22467 — WordPress DeepDigital theme <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mwtemplates DeepDigital deepdigital allows Reflected XSS.This issue affects DeepDigital: from n/a…

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
0.0 NA
CVE-2026-22465 — WordPress BuddyApp theme <= 1.9.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen BuddyApp buddyapp allows Reflected XSS.This issue affects BuddyApp: from n/a through…

| Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.6 HIGH
CVE-2026-22460 — WordPress FormGent plugin <= 1.4.2 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax FormGent formgent allows Path Traversal.This issue affects FormGent: from n/a through <= 1.4.2.

Remote | Path Traversal
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
6.5 MEDIUM
CVE-2026-22459 — WordPress WordPress CTA plugin <= 1.7.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a…

Remote | Authorization
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
Showing 20 of 5065 Results