Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2026-27336 — WordPress Consultor | Consulting, Accounting & Legal Counsel WordPress Theme theme <= 1.2…

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Consultor | Consulting, Accounting & Legal Counsel WordPress Them…

Remote | Path Traversal
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
8.1 HIGH
CVE-2026-27335 — WordPress Ekoterra - NonProfit, Green Energy & Ecology Theme theme <= 1.0.0 - Local File …

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ekoterra - NonProfit, Green Energy & Ecology Theme ekoterra allow…

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
8.1 HIGH
CVE-2026-27334 — WordPress Alchemists theme <= 4.6.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dan_fisher Alchemists alchemists allows PHP Local File Inclusion.This issue af…

Remote | Path Traversal
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
7.1 HIGH
CVE-2026-27332 — WordPress Agrofood theme <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skygroup Agrofood agrofood allows Reflected XSS.This issue affects Agrofood: from n/a through <= …

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
8.1 HIGH
CVE-2026-27326 — WordPress AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme theme <=…

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress T…

Remote | Path Traversal
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
8.1 HIGH
CVE-2026-27098 — WordPress Au Pair Agency - Babysitting & Nanny Theme theme <= 1.2.2 - Deserialization of …

Deserialization of Untrusted Data vulnerability in axiomthemes Au Pair Agency - Babysitting & Nanny Theme au-pair-agency allows Object Injection.This issue affects Au Pair Agency - Babysitting & Nann…

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
8.1 HIGH
CVE-2026-27097 — WordPress CasaMia | Property Rental Real Estate WordPress Theme theme <= 1.1.2 - Local Fi…

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia all…

Remote | Path Traversal
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
7.2 HIGH
CVE-2026-24963 — WordPress Amelia plugin <= 1.2.38 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in ameliabooking Amelia ameliabooking allows Privilege Escalation.This issue affects Amelia: from n/a through <= 1.2.38.

amelia | Remote | Authorization
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
9.9 CRITICAL
CVE-2026-24960 — WordPress Charety theme < 2.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Charety charety allows Using Malicious Files.This issue affects Charety: from n/a through < 2.0.2.

Remote | Misconfiguration
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
7.5 HIGH
CVE-2026-24385 — WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through <= 5.9.1.

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
9.1 CRITICAL
CVE-2026-23802 — WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through <= 3.3.2.

ai_engine | Remote | Misconfiguration
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
8.1 HIGH
CVE-2026-23801 — WordPress The Issue theme <= 1.6.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affec…

Remote | Path Traversal
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
6.5 MEDIUM
CVE-2026-23799 — WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5.

tutor_lms | Remote | Authorization
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
8.8 HIGH
CVE-2026-23798 — WordPress PowerPress Podcasting plugin <= 11.15.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10.

powerpress | Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
9.8 CRITICAL
CVE-2026-23767 — Epson ESC/POS Printer Unauthenticated Network Command Injection Vulnerability

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinati…

sb-h50_firmware sb-h50 tm-h6000v_firmware tm-h6000v tm-l100_firmware tm-l100 +42 more | Remote | Authentication
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
6.5 MEDIUM
CVE-2026-23546 — WordPress Classified Listing plugin <= 5.3.4 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing allows Retrieve Embedded Sensitive Data.This issue affects Classified Listing: fro…

classified_listing | Remote | Information Disclosure
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
9.8 CRITICAL
CVE-2026-22501 — WordPress Mounthood theme <= 1.3.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2.

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
9.8 CRITICAL
CVE-2026-22497 — WordPress Jardi theme <= 1.7.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2.

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
7.5 HIGH
CVE-2026-22479 — WordPress Easy Post Submission plugin <= 2.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Post Submiss…

Remote | Authorization
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
0.0 NA
CVE-2026-22478 — WordPress FindAll theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes FindAll findall allows PHP Local File Inclusion.This issue affec…

| Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
Showing 20 of 5055 Results