Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2026-27097 — WordPress CasaMia | Property Rental Real Estate WordPress Theme theme <= 1.1.2 - Local Fi…

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia all…

Remote | Path Traversal
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
7.2 HIGH
CVE-2026-24963 — WordPress Amelia plugin <= 1.2.38 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in ameliabooking Amelia ameliabooking allows Privilege Escalation.This issue affects Amelia: from n/a through <= 1.2.38.

amelia | Remote | Authorization
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
9.9 CRITICAL
CVE-2026-24960 — WordPress Charety theme < 2.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Charety charety allows Using Malicious Files.This issue affects Charety: from n/a through < 2.0.2.

Remote | Misconfiguration
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
7.5 HIGH
CVE-2026-24385 — WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through <= 5.9.1.

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
0.0 NA
CVE-2026-23802 — WordPress AI Engine plugin <= 3.3.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine ai-engine allows Using Malicious Files.This issue affects AI Engine: from n/a through <= 3.3.2.

ai_engine | Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-23801 — WordPress The Issue theme <= 1.6.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affec…

Remote | Path Traversal
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
0.0 NA
CVE-2026-23799 — WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5.

tutor_lms | Authorization
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.8 HIGH
CVE-2026-23798 — WordPress PowerPress Podcasting plugin <= 11.15.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10.

powerpress | Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
9.8 CRITICAL
CVE-2026-23767 — Epson ESC/POS Printer Unauthenticated Network Command Injection Vulnerability

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinati…

sb-h50_firmware sb-h50 tm-h6000v_firmware tm-h6000v tm-l100_firmware tm-l100 +42 more | Remote | Authentication
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
0.0 NA
CVE-2026-23546 — WordPress Classified Listing plugin <= 5.3.4 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing allows Retrieve Embedded Sensitive Data.This issue affects Classified Listing: fro…

classified_listing | Information Disclosure
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.8 CRITICAL
CVE-2026-22501 — WordPress Mounthood theme <= 1.3.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2.

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
0.0 NA
CVE-2026-22497 — WordPress Jardi theme <= 1.7.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2.

| Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.5 HIGH
CVE-2026-22479 — WordPress Easy Post Submission plugin <= 2.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Post Submiss…

Remote | Authorization
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
0.0 NA
CVE-2026-22478 — WordPress FindAll theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes FindAll findall allows PHP Local File Inclusion.This issue affec…

| Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-22477 — WordPress Felizia theme <= 1.3.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Felizia felizia allows PHP Local File Inclusion.This issue affect…

Remote | Path Traversal
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
0.0 NA
CVE-2026-22476 — WordPress Etchy theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Etchy etchy allows PHP Local File Inclusion.This issue affects E…

| Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.8 CRITICAL
CVE-2026-22475 — WordPress Estate theme <= 1.3.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4.

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
0.0 NA
CVE-2026-22474 — WordPress Equestrian Centre theme <= 1.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5.

| Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.8 HIGH
CVE-2026-22473 — WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7.

Remote | Injection
Mar 05, 2026 Mar 09, 2026
Mar 05, 2026
Mar 09, 2026
0.0 NA
CVE-2026-22471 — WordPress Secudeal Payments for Ecommerce plugin <= 1.1 - PHP Object Injection vulnerabil…

Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecomm…

| Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
Showing 20 of 5033 Results