Latest CVE Vulnerabilities

9.8 CRITICAL

CVE-2026-9691 — WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Fo…

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.6 CRITICAL

CVE-2026-52703 — WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability

Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.

fastdup | Remote | Path Traversal

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-52702 — WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.

Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

8.5 HIGH

CVE-2026-52700 — WordPress WCMultiShipping plugin <= 3.0.2 - SQL Injection vulnerability

Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-52699 — WordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerabi…

Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

8.5 HIGH

CVE-2026-52697 — WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability

Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-52695 — WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.

Remote | Information Disclosure

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-52694 — WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulner…

Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.

Remote | Information Disclosure

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.3 CRITICAL

CVE-2026-52693 — WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.

ecommerce_product_catalog | Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-52692 — WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.

Remote | Information Disclosure

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.8 CRITICAL

CVE-2026-49781 — WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

8.8 HIGH

CVE-2026-49780 — WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability

Customer Privilege Escalation in Dokan <= 5.0.2 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.3 CRITICAL

CVE-2026-49776 — WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translat…

Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-49775 — WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-49773 — WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vu…

Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.

fv_flowplayer_video_player | Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.8 CRITICAL

CVE-2026-49770 — WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.8 CRITICAL

CVE-2026-49769 — WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.8 CRITICAL

CVE-2026-49768 — WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.9 CRITICAL

CVE-2026-49766 — WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.

Remote | Path Traversal

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.8 CRITICAL

CVE-2026-49765 — WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms p…

Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences