Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.5 HIGH
CVE-2026-32433 — WordPress CP Contact Form with Paypal plugin <= 1.3.61 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.Thi…

Remote | Injection
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32432 — WordPress WP Time Slots Booking Form plugin <= 1.2.42 - Broken Access Control vulnerabili…

Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP T…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32431 — WordPress Astra Bulk Edit plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Bulk Edit astra-bulk-edit allows DOM-Based XSS.This issue affects Astra Bu…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32430 — WordPress PowerPack Addons for Elementor plugin <= 2.9.9 - Cross Site Scripting (XSS) vul…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IdeaBox Creations PowerPack Addons for Elementor powerpack-lite-for-elementor allows Stored XSS.T…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32429 — WordPress Magical Addons For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulne…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Stored XSS.This issue …

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32428 — WordPress Popup Like box plugin <= 3.7.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: fro…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32427 — WordPress VW Education Lite plugin <= 2.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb VW Education Lite vw-education-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Education Lite: from …

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
7.5 HIGH
CVE-2026-32426 — WordPress Medilazar Core plugin < 1.4.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This …

Remote | Path Traversal
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32425 — WordPress Payment Gateway Pix For GiveWP plugin <= 2.2.3 - Broken Access Control vulnerab…

Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32424 — WordPress Sprout Clients plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from …

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.4 MEDIUM
CVE-2026-32423 — WordPress Admin and Site Enhancements (ASE) plugin <= 8.4.0 - Broken Access Control vulne…

Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin …

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
8.5 HIGH
CVE-2026-32422 — WordPress WP EasyCart plugin <= 5.8.13 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP Eas…

Remote | Injection
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32421 — WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a throu…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.4 MEDIUM
CVE-2026-32420 — WordPress GamiPress plugin <= 7.6.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garcia GamiPress gamipress allows Cross Site Request Forgery.This issue affects GamiPress: from n/a through <= 7.6.6.

Remote | Cross-Site Request Forgery
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.9 MEDIUM
CVE-2026-32419 — WordPress List category posts plugin <= 0.93.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects L…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
7.6 HIGH
CVE-2026-32418 — WordPress Meow Gallery plugin <= 5.4.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: …

Remote | Injection
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.4 MEDIUM
CVE-2026-32417 — WordPress Pochipp plugin < 1.18.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through < 1.18.9.

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.4 MEDIUM
CVE-2026-32416 — WordPress PDF Poster plugin <= 2.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins PDF Poster pdf-poster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Poster: from n/a through <= 2.4.0.

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32415 — WordPress Squeeze plugin <= 1.7.7 - Directory Traversal vulnerability

Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.

| Path Traversal
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
7.2 HIGH
CVE-2026-32414 — WordPress Advanced Woo Labels plugin <= 2.36 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a …

Remote | Injection
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
Showing 20 of 5479 Results