Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.4 MEDIUM
CVE-2026-25428 — WordPress TS Poll plugin <= 2.5.5 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll poll-wp allows Server Side Request Forgery.This issue affects TS Poll: from n/a through <= 2.5.5.

Remote | Server-Side Request Forgery
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
3.8 LOW
CVE-2026-25423 — WordPress Real 3D FlipBook plugin <= 4.16.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real 3…

real3d_flipbook | Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
5.4 MEDIUM
CVE-2026-25422 — WordPress Popularis Extra plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) vulnerabil…

Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Extra popularis-extra allows Cross Site Request Forgery.This issue affects Popularis Extra: from n/a through <= 1.2.10.

popularis_extra | Remote | Cross-Site Request Forgery
Feb 19, 2026 Feb 27, 2026
Feb 19, 2026
Feb 27, 2026
4.3 MEDIUM
CVE-2026-25420 — WordPress MailerLite plugin <= 1.7.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: f…

mailerlite | Remote | Authorization
Feb 19, 2026 Feb 20, 2026
Feb 19, 2026
Feb 20, 2026
4.3 MEDIUM
CVE-2026-25419 — WordPress UpsellWP plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a t…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
7.6 HIGH
CVE-2026-25418 — WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bitpressadmin Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a throug…

Remote | Injection
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-25416 — WordPress News Kit Elementor Addons plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News …

news_kit_elementor_addons | Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
5.3 MEDIUM
CVE-2026-25415 — WordPress WPBookit Pro plugin <= 1.6.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-25411 — WordPress Revision Manager TMC plugin <= 2.8.22 - Cross Site Request Forgery (CSRF) vulne…

Cross-Site Request Forgery (CSRF) vulnerability in themastercut Revision Manager TMC revision-manager-tmc allows Cross Site Request Forgery.This issue affects Revision Manager TMC: from n/a through <…

revision_manager_tmc | Remote | Cross-Site Request Forgery
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-25410 — WordPress WP-CORS plugin <= 0.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in tstephenson WP-CORS wp-cors allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CORS: from n/a through <= 0.2.2.

wp-cors | Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-25409 — WordPress JAMstack Deployments plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in crgeary JAMstack Deployments wp-jamstack-deployments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JAMstack Deploym…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
5.3 MEDIUM
CVE-2026-25408 — WordPress Broken Link Notifier plugin <= 1.3.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in PluginRx Broken Link Notifier broken-link-notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Notifi…

broken_link_notifier | Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-25407 — WordPress Cookiebot plugin <= 4.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
5.3 MEDIUM
CVE-2026-25404 — WordPress WP Job Manager plugin <= 2.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a thr…

Remote | Authorization
Feb 19, 2026 Feb 24, 2026
Feb 19, 2026
Feb 24, 2026
4.3 MEDIUM
CVE-2026-25402 — WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 16.011.0 - …

Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Level…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-25399 — WordPress Serious Slider plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in CryoutCreations Serious Slider cryout-serious-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Serious Slider: …

serious_slider | Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-25395 — WordPress Business Roy theme <= 1.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in ikreatethemes Business Roy business-roy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Roy: from n/a throug…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-25394 — WordPress Fitness FSE theme <= 1.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in sparklewpthemes Fitness FSE fitness-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fitness FSE: from n/a through…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.3 MEDIUM
CVE-2026-25393 — WordPress Hello FSE theme <= 1.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE: from n/a through <= 1.…

Remote | Authorization
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
4.7 MEDIUM
CVE-2026-25392 — WordPress Update URLs – Quick and Easy way to search old links and replace them with new …

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs &#8211; Quick and Easy way to search old links and replace them with new links in WordPress update-urls a…

Remote | Misconfiguration
Feb 19, 2026 Feb 19, 2026
Feb 19, 2026
Feb 19, 2026
Showing 20 of 5066 Results