Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-42385 — WordPress Profile Builder Pro plugin <= 3.15.0 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-42380 — WordPress AI Lab theme < 5.4.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-41557 — WordPress Kapee theme < 1.7.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-40783 — WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerabil…

Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.3 HIGH
CVE-2026-40768 — WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (ID…

Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-40765 — WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-40753 — WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-40749 — WordPress Charity Zone theme <= 1.1.1 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-40748 — WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-40747 — WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-40746 — WordPress Restaurant Zone theme <= 0.7.8 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-40735 — WordPress Reina theme <= 2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Reina <= 2.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-40731 — WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.2 HIGH
CVE-2026-40726 — WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-40725 — WordPress WooCommerce Product Filters plugin < 2.0.6 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-40724 — WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability

CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2026-40723 — WordPress Bricks Builder theme <= 2.1.4 - Broken Access Control vulnerability

Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-40721 — WordPress Element Pack Pro plugin <= 9.0.6 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-39597 — WordPress WPZOOM Addons for Elementor plugin <= 1.3.4 - Reflected Cross Site Scripting (X…

Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-39596 — WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability

Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7621 Results