CVE-2026-25470
— WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote C…
Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion.
This issue affects ACPT (Pro) - Cust…
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-39598
— WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server.
This issue affects Academy LMS Pro: from n/a before 3.5.2.
Remote
|
Misconfiguration
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-49073
— WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection.
This issue affects Directorist Booking: fr…
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-48055
— Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction
Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle…
Remote
|
Path Traversal
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-11409
— OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N
An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access m…
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-11410
— OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N
An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrat…
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-49113
— WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability
Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
Remote
|
Memory Corruption
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-49080
— WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-49057
— WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-48869
— WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
enfold
|
Remote
|
Cross-Site Scripting
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-40761
— WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-40760
— WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-40759
— WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-40758
— WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-40755
— WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-40754
— WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-40751
— WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-40739
— WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-40736
— WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
CVE-2026-39580
— WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
Remote
|
Injection
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
Jun 16, 2026
