Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-40781 — WordPress ReviewX plugin <= 2.3.6 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.7 HIGH
CVE-2026-40779 — WordPress Link Library plugin <= 7.8.8 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.

Remote | Path Traversal
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-40776 — WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.3 HIGH
CVE-2026-40775 — WordPress Royal MCP plugin <= 1.4.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-40774 — WordPress Booking Package plugin <= 1.7.06 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.

booking_package | Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-40773 — WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.7.9 - Broken Access C…

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress <= 4.7.9 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
10.0 CRITICAL
CVE-2026-40772 — WordPress GeekyBot plugin <= 1.2.2 - Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.

Remote | Misconfiguration
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.3 CRITICAL
CVE-2026-40771 — WordPress Contest Gallery plugin <= 28.1.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-40770 — WordPress Coupon Affiliates plugin <= 7.5.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.

coupon_affiliates | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.6 HIGH
CVE-2026-40769 — WordPress Contact Form Extender for Divi – Save Entries, File Upload & Country Code Field…

Unauthenticated Arbitrary File Deletion in Contact Form Extender for Divi &#8211; Save Entries, File Upload &amp; Country Code Field <= 1.0.6 versions.

Remote | Path Traversal
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-40767 — WordPress wpForo Forum plugin < 3.0.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.5 HIGH
CVE-2026-40766 — WordPress MasterStudy LMS plugin <= 3.7.25 - SQL Injection vulnerability

Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.

masterstudy_lms | Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-40762 — WordPress WPGraphQL plugin < 2.11.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-40743 — WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.

tutor_lms | Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-40741 — WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerabil…

Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-40732 — WordPress Notification for Telegram plugin <= 3.5 - Cross Site Scripting (XSS) vulnerabil…

Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.7 HIGH
CVE-2026-40727 — WordPress Groundhogg plugin <= 4.4 - Arbitrary File Deletion vulnerability

Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 versions.

Remote | Path Traversal
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.4 MEDIUM
CVE-2026-39594 — WordPress Ultra Addons for WPForms plugin <= 1.0.11 - Broken Access Control vulnerability

Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.9 CRITICAL
CVE-2026-39591 — WordPress WP-BusinessDirectory plugin <= 4.0.0 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.

Remote | Misconfiguration
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.1 HIGH
CVE-2026-39587 — WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Showing 20 of 6850 Results