Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
4.3 MEDIUM
CVE-2026-32447 — WordPress Atarim plugin <= 4.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a throug…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
4.3 MEDIUM
CVE-2026-32446 — WordPress Contact Form by WPForms plugin <= 1.9.9.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPFo…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
2.7 LOW
CVE-2026-32445 — WordPress Elementor Website Builder plugin <= 3.35.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Build…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32443 — WordPress Product Feed PRO for WooCommerce plugin <= 13.5.2 - Cross Site Request Forgery …

Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCom…

Remote | Cross-Site Request Forgery
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
4.3 MEDIUM
CVE-2026-32442 — WordPress e2pdf plugin <= 1.28.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15.

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32440 — WordPress WP Food plugin < 2.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1.

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32439 — WordPress BigHearts theme <= 3.1.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.1…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32438 — WordPress VW School Education theme <= 1.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education:…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32437 — WordPress VW Portfolio theme <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb VW Portfolio vw-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Portfolio: from n/a through <= …

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32436 — WordPress VW Photography theme <= 1.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a throu…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32435 — WordPress VW Pet Shop theme <= 1.4.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32434 — WordPress VW Fitness theme <= 4.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through <= 4.3.4.

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
8.5 HIGH
CVE-2026-32433 — WordPress CP Contact Form with Paypal plugin <= 1.3.61 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.Thi…

Remote | Injection
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32432 — WordPress WP Time Slots Booking Form plugin <= 1.2.42 - Broken Access Control vulnerabili…

Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP T…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32431 — WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bu…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32430 — WordPress PowerPack Addons for Elementor plugin <= 2.9.9 - Cross Site Scripting (XSS) vul…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.T…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32429 — WordPress Magical Addons For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulne…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue …

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32428 — WordPress Popup Like box plugin <= 3.7.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: fro…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32427 — WordPress VW Education Lite plugin <= 2.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from …

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
7.5 HIGH
CVE-2026-32426 — WordPress Medilazar Core plugin < 1.4.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This …

Remote | Path Traversal
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
Showing 20 of 5494 Results