Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-49104 — WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formi…

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.8 CRITICAL
CVE-2026-49085 — WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms…

Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-49083 — WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability

Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.4 HIGH
CVE-2026-49082 — WordPress Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Servi…

Subscriber Sensitive Data Exposure in Chatway Live Chat &#8211; AI Chatbot, Customer Support, FAQ &amp; Helpdesk Customer Service &amp; Chat Buttons <= 1.4.8 versions.

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-49078 — WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability

Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-49070 — WordPress Knit Pay plugin <= 9.4.0.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-49068 — WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.

coupon_affiliates | Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
9.3 CRITICAL
CVE-2026-49067 — WordPress Advanced 301 and 302 Redirect plugin <= 1.6.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-49066 — WordPress Conekta Payment Gateway plugin <= 6.0.0 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.2 HIGH
CVE-2026-49065 — WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.5 - Broken Access Control vulne…

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.3 HIGH
CVE-2026-49063 — WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-49061 — WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download v…

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.

Remote | Path Traversal
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.5 HIGH
CVE-2026-49056 — WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plu…

Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.9.4 versions.

Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-49055 — WordPress Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.9.7 - Cross S…

Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
4.7 MEDIUM
CVE-2026-49043 — WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerabili…

Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite <= 2.7.8 versions.

Remote | Cross-Site Request Forgery
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.1 HIGH
CVE-2026-48970 — WordPress Really Simple SSL plugin <= 9.5.10 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions.

Remote | Authentication
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
7.1 HIGH
CVE-2026-48966 — WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.2 - Cross Site Scripting (XSS) vul…

Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.

Remote | Cross-Site Scripting
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
6.5 MEDIUM
CVE-2026-48965 — WordPress XCloner plugin <= 4.8.6 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.

xcloner | Remote | Information Disclosure
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.5 HIGH
CVE-2026-48964 — WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.6 - SQL Injec…

Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.

Remote | Injection
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
8.8 HIGH
CVE-2026-48889 — WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Amelia <= 2.3 versions.

Remote | Authorization
Jun 15, 2026 Jun 15, 2026
Jun 15, 2026
Jun 15, 2026
Showing 20 of 6862 Results