Latest CVE Vulnerabilities

9.8 CRITICAL

CVE-2026-54806 — WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.

wp_activity_log | Remote | Injection

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

8.8 HIGH

CVE-2026-54805 — WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.

Remote | Authorization

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

7.6 HIGH

CVE-2026-54804 — WordPress Melhor Envio plugin <= 2.16.3 - Broken Authentication vulnerability

Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.

Remote | Authentication

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

9.8 CRITICAL

CVE-2026-54803 — WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerabil…

Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.

Remote | Authorization

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

7.5 HIGH

CVE-2026-54802 — WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerabi…

Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.

Remote | Authentication

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

6.8 MEDIUM

CVE-2026-54196 — WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.

Remote | Authorization

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

7.1 HIGH

CVE-2026-54195 — WordPress JetFormBuilder plugin <= 3.6.0.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.

Remote | Cross-Site Scripting

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

7.1 HIGH

CVE-2026-54192 — WordPress Popup box plugin <= 6.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.

Remote | Cross-Site Scripting

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

7.1 HIGH

CVE-2026-54189 — WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

Remote | Cross-Site Scripting

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

7.1 HIGH

CVE-2026-54188 — WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

Remote | Cross-Site Scripting

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

9.3 CRITICAL

CVE-2026-54187 — WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.

Remote | Injection

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

9.3 CRITICAL

CVE-2026-54186 — WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.

jobsearch | Remote | Injection

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

8.5 HIGH

CVE-2026-54185 — WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability

Subscriber SQL Injection in Cornerstone < 7.8.8 versions.

Remote | Injection

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

8.2 HIGH

CVE-2026-54184 — WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerabi…

Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.

Remote | Authorization

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

9.8 CRITICAL

CVE-2026-52706 — WordPress JetEngine plugin <= 3.8.10 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.

Remote | Injection

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

9.0 CRITICAL

CVE-2026-52705 — WordPress SigmaForms Pro – AI Generated Forms plugin <= 1.4.5 - Arbitrary File Upload vul…

Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions.

Remote | Misconfiguration

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

7.4 HIGH

CVE-2026-52698 — WordPress PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget plugin …

Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions.

Remote | Information Disclosure

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

7.5 HIGH

CVE-2026-52696 — WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.

Remote | Information Disclosure

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

7.1 HIGH

CVE-2026-49778 — WordPress WPFunnels Pro plugin <= 2.9.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.

Remote | Cross-Site Scripting

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

9.8 CRITICAL

CVE-2026-49767 — WordPress wpForo Forum plugin <= 3.1.0 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.

Remote | Authentication

Jun 17, 2026 Jun 17, 2026

Jun 17, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences