Latest CVE Vulnerabilities

9.1 CRITICAL

CVE-2026-39465 — WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE)…

Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-39463 — WordPress ManageWP Worker plugin <= 4.9.31 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.

Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.3 MEDIUM

CVE-2026-39451 — WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerabili…

Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.

Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-39450 — WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability

Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.

funnelkit_automations | Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-39449 — WordPress Contact Form to Any API plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerabil…

Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.

contact_form_to_any_api | Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-39447 — WordPress Simply Schedule Appointments plugin <= 1.6.10.6 - Cross Site Scripting (XSS) vu…

Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.

simply_schedule_appointments | Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.3 CRITICAL

CVE-2026-39441 — WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerabi…

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-39435 — WordPress CformsII plugin <= 15.1.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.

Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.2 HIGH

CVE-2026-39434 — WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in CTX Feed <= 6.6.26 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-34902 — WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vul…

Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.

woocommerce_product_table_lite woocommerce_product_table | Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.8 CRITICAL

CVE-2026-34901 — WordPress iControlWP plugin <= 5.5.3 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-34900 — WordPress GiveWP plugin <= 4.14.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.

givewp | Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-34898 — WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control v…

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-34892 — WordPress Rank Math SEO plugin <= 1.0.271 - Broken Access Control vulnerability

Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-34891 — WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure…

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.

Remote | Information Disclosure

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-34886 — WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.

simple_membership | Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.2 HIGH

CVE-2026-27407 — WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability

Editor Privilege Escalation in AI Engine <= 3.4.9 versions.

ai_engine | Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

8.1 HIGH

CVE-2026-27333 — WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Deserialization of untrusted dat…

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site <= 7.3.23 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-27089 — WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.8 CRITICAL

CVE-2026-27053 — WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences