CVE-2026-49085
— WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms…
Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49083
— WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49082
— WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Servi…
Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions.
Remote
|
Information Disclosure
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49078
— WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability
Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49070
— WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49068
— WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49067
— WordPress Advanced 301 and 302 Redirect plugin <= 1.6.9 - SQL Injection vulnerability
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49066
— WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49065
— WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulne…
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49063
— WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49061
— WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download v…
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
Remote
|
Path Traversal
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49056
— WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plu…
Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.
Remote
|
Information Disclosure
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49055
— WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross S…
Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-49043
— WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerabili…
Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions.
Remote
|
Cross-Site Request Forgery
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48970
— WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.
Remote
|
Authentication
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48966
— WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.2 - Cross Site Scripting (XSS) vul…
Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.
Remote
|
Cross-Site Scripting
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48965
— WordPress XCloner plugin <= 4.8.6 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.
xcloner
|
Remote
|
Information Disclosure
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48964
— WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injec…
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
Remote
|
Injection
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48889
— WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Amelia <= 2.3 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
CVE-2026-48887
— WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions.
Remote
|
Authorization
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
