Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.3 CRITICAL
CVE-2026-48886 — WordPress JS Help Desk plugin <= 3.0.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-48885 — WordPress HollerBox plugin <= 2.3.10.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.

hollerbox | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-48883 — WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vul…

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.

wpc_product_bundles_for_woocommerce | Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.5 HIGH
CVE-2026-48882 — WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability

Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.

wp_time_slots_booking_form | Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.1 CRITICAL
CVE-2026-48881 — WordPress TrueBooker plugin <= 1.1.9 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.

truebooker | Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-48880 — WordPress WP Job Portal plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-48878 — WordPress Visual Link Preview plugin <= 2.4.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-48876 — WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.5 HIGH
CVE-2026-48874 — WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

Subscriber SQL Injection in GamiPress <= 7.8.7 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-48873 — WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-48872 — WordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.

embedpress | Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-48871 — WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-48870 — WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulner…

Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-48868 — WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR)…

Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-48867 — WordPress Quiz And Survey Master plugin <= 11.1.2 - Cross Site Scripting (XSS) vulnerabil…

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.

quiz_and_survey_master | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-48838 — WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.

post_smtp | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
10.0 CRITICAL
CVE-2026-48836 — WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-48835 — WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
3.7 LOW
CVE-2026-48709 — OliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argu…

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any auth…

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-48708 — OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Co…

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance (tpl package-level va…

Remote | Race Condition
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Showing 20 of 6861 Results