Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.4 MEDIUM
CVE-2026-32612 — Statamic: privilege escalation via stored cross-site scripting

Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to in…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.9 MEDIUM
CVE-2026-32598 — OneUptime: Password Reset Token Logged at INFO Level

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO lo…

| Information Disclosure
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
7.5 HIGH
CVE-2026-32597 — PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array l…

Remote | Misconfiguration
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32543 — WordPress Responsive Blocks plugin <= 2.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsi…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32487 — WordPress Lawyer Landing Page theme <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32486 — WordPress Travel Booking theme <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32462 — WordPress Master Addons for Elementor plugin <= 2.1.3 - Cross Site Scripting (XSS) vulner…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Ma…

| Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32461 — WordPress Really Simple SSL plugin <= 9.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simp…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32460 — WordPress Ultimate Addons for Contact Form 7 plugin <= 3.5.36 - Cross Site Scripting (XSS…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting …

| Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
8.5 HIGH
CVE-2026-32459 — WordPress UpsellWP plugin <= 2.2.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects Up…

Remote | Injection
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
7.6 HIGH
CVE-2026-32458 — WordPress WOLF plugin <= 1.0.8.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through …

Remote | Injection
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32457 — WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.18 - Bro…

Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access …

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
4.3 MEDIUM
CVE-2026-32456 — WordPress Admin Menu Editor plugin <= 1.14.1 - Cross Site Request Forgery (CSRF) vulnerab…

Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1.

Remote | Cross-Site Request Forgery
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32455 — WordPress MDTF plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects M…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32454 — WordPress Avada Core plugin < 5.15.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a t…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32453 — WordPress Avada Core plugin < 5.15.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.1…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32452 — WordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a th…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.3 MEDIUM
CVE-2026-32451 — WordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a th…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32450 — WordPress Active Products Tables for WooCommerce plugin <= 1.0.7 - Cross Site Scripting (…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows D…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32449 — WordPress Themify Event Post plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Even…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
Showing 20 of 5495 Results