Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-34898 — WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control v…

Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-34892 — WordPress Rank Math SEO plugin <= 1.0.271 - Broken Access Control vulnerability

Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-34891 — WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure…

Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-34886 — WordPress Simple Membership plugin <= 4.7.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.2 HIGH
CVE-2026-27407 — WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability

Editor Privilege Escalation in AI Engine <= 3.4.9 versions.

ai_engine | Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.1 HIGH
CVE-2026-27333 — WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Deserialization of untrusted dat…

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site <= 7.3.23 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-27089 — WordPress WpTravelly plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-27053 — WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
5.3 MEDIUM
CVE-2026-25440 — WordPress Essential Addons for Elementor plugin < 6.6.0 - Broken Access Control vulnerabi…

Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.

essential_addons_for_elementor | Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-25425 — WordPress User Registration plugin <= 5.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.5 HIGH
CVE-2026-24637 — WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability

Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-23970 — WordPress Redirection for Contact Form 7 plugin <= 3.2.8 - Cross Site Scripting (XSS) vul…

Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-9691 — WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Fo…

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2025-69332 — WordPress Bookify plugin <= 1.1.1 - Broken Access Control vulnerability

Subscriber Broken Access Control in Bookify <= 1.1.1 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2025-68872 — WordPress Eli's WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected C…

Unauthenticated Cross Site Scripting (XSS) in Eli&#039;s WordCents adSense Widget with Analytics <= 1.3.03.27 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2025-68851 — WordPress Okay Toolkit plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2025-68840 — WordPress iRobots.txt SEO plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerab…

Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.3 MEDIUM
CVE-2025-68049 — WordPress bunny.net plugin <= 2.3.6 - Broken Access Control vulnerability

Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
4.4 MEDIUM
CVE-2025-60175 — WordPress PopAd Plugin <= 1.0.4 - Server Side Request Forgery (SSRF) Vulnerability

Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.

Remote | Server-Side Request Forgery
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2025-59133 — WordPress Projectopia plugin <= 5.1.25.2 - Insecure Direct Object References (IDOR) vulne…

Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Showing 20 of 6850 Results