Latest CVE Vulnerabilities

8.1 HIGH

CVE-2026-42411 — WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.3 CRITICAL

CVE-2026-42386 — WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerabili…

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.

order_delivery_date_for_woocommerce | Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-42384 — WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulner…

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.

simply_schedule_appointments | Remote | Information Disclosure

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.3 CRITICAL

CVE-2026-42381 — WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-42378 — WordPress WP Full Stripe Free plugin <= 8.4.1 - Broken Authentication vulnerability

Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-41556 — WordPress ProfilePress plugin <= 4.16.13 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.

profilepress | Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

5.8 MEDIUM

CVE-2026-40799 — WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerabil…

Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.3 CRITICAL

CVE-2026-40798 — WordPress wpForo Forum plugin <= 3.0.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-40796 — WordPress WPPizza plugin <= 3.19.9 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.

Remote | Information Disclosure

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-40795 — WordPress Amelia plugin <= 2.2 - Broken Access Control vulnerability

Subscriber Broken Access Control in Amelia <= 2.2 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-40794 — WordPress myCred plugin <= 3.0.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in myCred <= 3.0.3 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-40793 — WordPress Groundhogg plugin < 4.4.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.3 MEDIUM

CVE-2026-40792 — WordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerabili…

Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2.1 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-40791 — WordPress WP Time Slots Booking Form plugin <= 1.2.46 - Cross Site Scripting (XSS) vulner…

Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.

wp_time_slots_booking_form | Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-40790 — WordPress WP SMS plugin <= 7.2.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.

wp_sms | Remote | Information Disclosure

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-40789 — WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions.

Remote | Information Disclosure

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-40788 — WordPress ChatBot plugin <= 7.9.7 - Broken Access Control vulnerability

Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.

chatbot | Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-40787 — WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerabil…

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.

quiz_and_survey_master | Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-40785 — WordPress AutomatorWP plugin <= 5.6.7 - Broken Authentication vulnerability

Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-40782 — WordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences