Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2026-40754 — WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40751 — WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40739 — WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-40736 — WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39580 — WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39578 — WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39577 — WordPress Playroom theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39568 — WordPress Mr. SEO theme <= 2.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39567 — WordPress Santé theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39557 — WordPress NeoBeat theme <= 1.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39554 — WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39549 — WordPress Aperitif theme <= 1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
7.1 HIGH
CVE-2026-39548 — WordPress MagOne theme <= 9.0 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.

Remote | Cross-Site Scripting
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39547 — WordPress Getaway theme < 1.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Getaway < 1.8 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39539 — WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.8 CRITICAL
CVE-2026-39529 — WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39522 — WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Solene <= 3.4 versions.

Remote | Path Traversal
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39446 — WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
8.1 HIGH
CVE-2026-39443 — WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
9.3 CRITICAL
CVE-2026-39438 — WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability

Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.

Remote | Injection
Jun 16, 2026 Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Showing 20 of 7351 Results