Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.5 HIGH
CVE-2026-32365 — WordPress Collapsing Archives plugin <= 3.0.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Co…

collapsing_archives | Remote | Injection
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
7.5 HIGH
CVE-2026-32364 — WordPress Turbo Manager plugin < 4.0.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issu…

Remote | Path Traversal
Mar 13, 2026 Mar 17, 2026
Mar 13, 2026
Mar 17, 2026
5.3 MEDIUM
CVE-2026-32363 — WordPress WPLifeCycle plugin <= 3.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a thr…

Remote | Authorization
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
5.3 MEDIUM
CVE-2026-32362 — WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.3 - Broken Access Cont…

Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe…

wp_sessions_time_monitoring_full_automatic | Remote | Authorization
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-32361 — WordPress Editorial Calendar plugin <= 3.9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows DOM-Based XSS.This issue affects Edit…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
5.9 MEDIUM
CVE-2026-32360 — WordPress Rich Showcase for Google Reviews plugin <= 6.9.4.3 - Cross Site Scripting (XSS)…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue a…

plugin_for_google_reviews | Remote | Cross-Site Scripting
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-32359 — WordPress Icon List Block plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: fr…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
7.6 HIGH
CVE-2026-32358 — WordPress Booking Calendar plugin <= 10.14.15 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar…

booking_calendar | Remote | Injection
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
6.4 MEDIUM
CVE-2026-32357 — WordPress Simple Blog Card plugin <= 2.37 - Server Side Request Forgery (SSRF) vulnerabil…

Server-Side Request Forgery (SSRF) vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through <= 2.3…

simple_blog_card | Remote | Server-Side Request Forgery
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-32356 — WordPress Robo Gallery plugin <= 5.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a…

robo_gallery | Remote | Cross-Site Scripting
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
8.8 HIGH
CVE-2026-32355 — WordPress JetEngine plugin < 3.8.4.1 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.

jetengine | Remote | Injection
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
5.3 MEDIUM
CVE-2026-32354 — WordPress WpEvently plugin < 5.1.9 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.…

event_manager_and_tickets_selling_for_woocommerce | Remote | Information Disclosure
Mar 13, 2026 Mar 17, 2026
Mar 13, 2026
Mar 17, 2026
6.4 MEDIUM
CVE-2026-32353 — WordPress MailerPress plugin <= 1.4.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in MailerPress Team MailerPress mailerpress allows Server Side Request Forgery.This issue affects MailerPress: from n/a through <= 1.4.2.

Remote | Server-Side Request Forgery
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
6.5 MEDIUM
CVE-2026-32352 — WordPress Elementor Website Builder plugin <= 3.35.5 - Cross Site Scripting (XSS) vulnera…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor W…

website_builder | Remote | Cross-Site Scripting
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
5.9 MEDIUM
CVE-2026-32351 — WordPress PowerPress Podcasting plugin <= 11.15.13 - Cross Site Scripting (XSS) vulnerabi…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows Stored XSS.This issue affects PowerPress Podcasti…

powerpress | Remote | Cross-Site Scripting
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
5.3 MEDIUM
CVE-2026-32350 — WordPress Chocolate House theme <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a t…

Remote | Authorization
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
4.9 MEDIUM
CVE-2026-32349 — WordPress Embed PDF Viewer plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerabi…

Server-Side Request Forgery (SSRF) vulnerability in Andy Fragen Embed PDF Viewer embed-pdf-viewer allows Server Side Request Forgery.This issue affects Embed PDF Viewer: from n/a through <= 2.4.7.

Remote | Server-Side Request Forgery
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
5.3 MEDIUM
CVE-2026-32348 — WordPress MAS Videos plugin <= 1.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through <= 1.3…

Remote | Authorization
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
5.3 MEDIUM
CVE-2026-32347 — WordPress Restaurant and Cafe theme <= 1.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Restaurant and Cafe restaurant-and-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant and Cafe…

Remote | Authorization
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
5.3 MEDIUM
CVE-2026-32346 — WordPress Travel Agency theme <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Travel Agency travel-agency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Agency: from n/a through…

Remote | Authorization
Mar 13, 2026 Mar 16, 2026
Mar 13, 2026
Mar 16, 2026
Showing 20 of 5488 Results