Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-49071 — WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.

woocommerce_dropshipping | Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-49058 — WordPress LoginPress Pro plugin <= 6.2.2 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.

Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.5 HIGH
CVE-2026-48967 — WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability

Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-48875 — WordPress JetSmartFilters plugin <= 3.8.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-45436 — WordPress WPBakery Page Builder plugin <= 8.7.2 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.8 HIGH
CVE-2026-42629 — WordPress PowerPack Pro for Elementor plugin < v2.13.0 - Broken Authentication vulnerabil…

Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.

Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-42385 — WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-42380 — WordPress AI Lab theme < 5.4.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-41557 — WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-40783 — WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerabil…

Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.3 HIGH
CVE-2026-40768 — WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (ID…

Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-40765 — WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-40753 — WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-40749 — WordPress Charity Zone theme <= 1.1.1 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-40748 — WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-40747 — WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-40746 — WordPress Restaurant Zone theme <= 0.7.8 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-40735 — WordPress Reina theme <= 2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Reina <= 2.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-40731 — WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.2 HIGH
CVE-2026-40726 — WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7615 Results