Latest CVE Vulnerabilities

8.5 HIGH

CVE-2026-11410 — OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrat…

tl-wr940n | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.5 HIGH

CVE-2026-49113 — WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability

Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.

Remote | Memory Corruption

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

9.3 CRITICAL

CVE-2026-49080 — WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

7.5 HIGH

CVE-2026-49057 — WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.

jobsearch | Remote | Authorization

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

7.1 HIGH

CVE-2026-48869 — WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.

enfold | Remote | Cross-Site Scripting

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-40761 — WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-40760 — WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Behold <= 1.5 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-40759 — WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-40758 — WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-40755 — WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-40754 — WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-40751 — WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-40739 — WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-40736 — WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-39580 — WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

5.5 MEDIUM

CVE-2026-39578 — WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

5.5 MEDIUM

CVE-2026-39577 — WordPress Playroom theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-39568 — WordPress Mr. SEO theme <= 2.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.

Remote | Path Traversal

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-39567 — WordPress Santé theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

8.1 HIGH

CVE-2026-39557 — WordPress NeoBeat theme <= 1.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.

Remote | Injection

Jun 16, 2026 Jun 16, 2026

Jun 16, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences