Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-32369 — WordPress Medilink-Core plugin < 2.0.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This i…

| Path Traversal
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
8.5 HIGH
CVE-2026-32368 — WordPress Geo to Lat plugin <= 1.0.19 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from…

Remote | Injection
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32367 — WordPress Modal Dialog plugin <= 3.5.16 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through <=…

| Injection
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
8.5 HIGH
CVE-2026-32366 — WordPress Collapsing Categories plugin <= 3.0.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affect…

Remote | Injection
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32365 — WordPress Collapsing Archives plugin <= 3.0.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Co…

| Injection
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32364 — WordPress Turbo Manager plugin < 4.0.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in redqteam Turbo Manager turbo-manager allows PHP Local File Inclusion.This issu…

| Path Traversal
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32363 — WordPress WPLifeCycle plugin <= 3.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a thr…

| Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32362 — WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.1.3 - Broken Access Cont…

Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32361 — WordPress Editorial Calendar plugin <= 3.9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows DOM-Based XSS.This issue affects Edit…

| Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.9 MEDIUM
CVE-2026-32360 — WordPress Rich Showcase for Google Reviews plugin <= 6.9.4.3 - Cross Site Scripting (XSS)…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue a…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32359 — WordPress Icon List Block plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: fr…

| Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
7.6 HIGH
CVE-2026-32358 — WordPress Booking Calendar plugin <= 10.14.15 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar…

Remote | Injection
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32357 — WordPress Simple Blog Card plugin <= 2.37 - Server Side Request Forgery (SSRF) vulnerabil…

Server-Side Request Forgery (SSRF) vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through <= 2.3…

| Server-Side Request Forgery
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32356 — WordPress Robo Gallery plugin <= 5.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32355 — WordPress JetEngine plugin < 3.8.4.1 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1.

| Injection
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32354 — WordPress WpEvently plugin < 5.1.9 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.…

| Information Disclosure
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32353 — WordPress MailerPress plugin <= 1.4.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in MailerPress Team MailerPress mailerpress allows Server Side Request Forgery.This issue affects MailerPress: from n/a through <= 1.4.2.

| Server-Side Request Forgery
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
6.5 MEDIUM
CVE-2026-32352 — WordPress Elementor Website Builder plugin <= 3.35.5 - Cross Site Scripting (XSS) vulnera…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor W…

Remote | Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
0.0 NA
CVE-2026-32351 — WordPress PowerPress Podcasting plugin <= 11.15.13 - Cross Site Scripting (XSS) vulnerabi…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows Stored XSS.This issue affects PowerPress Podcasti…

| Cross-Site Scripting
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
5.3 MEDIUM
CVE-2026-32350 — WordPress Chocolate House theme <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpradiant Chocolate House chocolate-house allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chocolate House: from n/a t…

Remote | Authorization
Mar 13, 2026 Mar 13, 2026
Mar 13, 2026
Mar 13, 2026
Showing 20 of 5519 Results