Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.3 CRITICAL
CVE-2026-52693 — WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions.

ecommerce_product_catalog | Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-52692 — WordPress Affiliates Manager plugin <= 2.9.50 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.50 versions.

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49781 — WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.8 HIGH
CVE-2026-49780 — WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability

Customer Privilege Escalation in Dokan <= 5.0.2 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.3 CRITICAL
CVE-2026-49776 — WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translat…

Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-49775 — WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-49773 — WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vu…

Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.

fv_flowplayer_video_player | Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49770 — WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49769 — WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49768 — WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.9 CRITICAL
CVE-2026-49766 — WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.

Remote | Path Traversal
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49765 — WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms p…

Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49764 — WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.

registrationmagic | Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49763 — WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection v…

Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-49112 — WordPress Shared Files plugin <= 1.7.64 - Path Traversal vulnerability

Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.

shared_files | Remote | Path Traversal
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-49110 — WordPress Upsell Order Bump Offer for WooCommerce plugin <= 3.1.4 - Price Manipulation vu…

Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49109 — WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, …

Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49106 — WordPress Integration for Contact Form 7 and Constant Contact plugin <= 1.1.6 - PHP Objec…

Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49105 — WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms p…

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49104 — WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formi…

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Showing 20 of 6861 Results