Latest CVE Vulnerabilities

6.5 MEDIUM

CVE-2026-42662 — WordPress Event Tickets plugin <= 5.27.5 - Bypass Vulnerability vulnerability

Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

8.8 HIGH

CVE-2026-42661 — WordPress WP Customer Area plugin <= 8.3.4 - Path Traversal vulnerability

Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.

Remote | Path Traversal

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-42660 — WordPress Contest Gallery plugin <= 28.1.7 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Contest Gallery <= 28.1.7 versions.

Remote | Information Disclosure

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-42659 — WordPress Advanced Form Integration plugin <= 1.126.12 - Broken Access Control vulnerabil…

Subscriber Broken Access Control in Advanced Form Integration <= 1.126.12 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-42658 — WordPress Classified Listing plugin <= 5.3.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.

Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-42657 — WordPress Contest Gallery plugin <= 28.1.7 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-42656 — WordPress Contest Gallery plugin <= 28.1.6 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions.

Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-42655 — WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability

Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= 4.6.19 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.3 MEDIUM

CVE-2026-42651 — WordPress Classified Listing plugin <= 5.3.9 - Broken Access Control vulnerability

Subscriber Broken Access Control in Classified Listing <= 5.3.9 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.2 HIGH

CVE-2026-42650 — WordPress AutomatorWP plugin <= 5.6.7 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.

Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-42649 — WordPress Favicon Rotator plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.

Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-42640 — WordPress Classified Listing plugin <= 5.3.8 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.3 CRITICAL

CVE-2026-42639 — WordPress GD Rating System plugin <= 3.6.2 - SQL Injection vulnerability

Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.

gd_rating_system | Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

8.1 HIGH

CVE-2026-42411 — WordPress CloudSecure WP Security plugin <= 1.4.7 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in CloudSecure WP Security <= 1.4.7 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.3 CRITICAL

CVE-2026-42386 — WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerabili…

Unauthenticated SQL Injection in Order Delivery Date for WooCommerce <= 4.5.1 versions.

order_delivery_date_for_woocommerce | Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-42384 — WordPress Simply Schedule Appointments plugin < 1.6.11.2 - Sensitive Data Exposure vulner…

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments < 1.6.11.2 versions.

simply_schedule_appointments | Remote | Information Disclosure

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.3 CRITICAL

CVE-2026-42381 — WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-42378 — WordPress WP Full Stripe Free plugin <= 8.4.1 - Broken Authentication vulnerability

Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-41556 — WordPress ProfilePress plugin <= 4.16.13 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.

profilepress | Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

5.8 MEDIUM

CVE-2026-40799 — WordPress Simple Cloudflare Turnstile plugin <= 1.38.0 - Broken Authentication vulnerabil…

Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences