CVE-2026-54815
— WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerabi…
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection.
This issue affects …
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54816
— WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion.
This issue affects Advanced Ads: from n/a through 2.0.21.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54817
— WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation.
This issue affects MStore API: from n/a through 4.18.4.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54818
— WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQL Injection.
This issue affects Slimstat Analytics:…
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54417
— Integer Overflow in rxi/microtar mtar_next() Causes Infinite Loop DoS
An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a craf…
Remote
|
Denial of Service
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54819
— WordPress Listdom plugin <= 5.4.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injection.
This issue affects Listdom: from n/a through 5.…
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-60230
— WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection.
This issue affects The Barber Shop: from n/a through 1.9.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-10641
— Out-of-bounds write in Bluetooth HFP Hands-Free CIND indicator parsing (cind_handle_value…
Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write. During Service Level Connection setup the HF sends…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2025-60229
— WordPress Lagom theme <= 2.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection.
This issue affects Lagom: from n/a through 2.0.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN te…
shiro
|
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-52716
— WordPress WorkScout-Core plugin <= 1.7.11 - Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-52707
— WordPress Kastell theme <= 2.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49108
— WordPress Moderno theme < 1.43 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40757
— WordPress Château theme <= 1.2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40756
— WordPress Zoya theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40752
— WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40738
— WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40733
— WordPress ShiftUp theme <= 1.3 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40720
— WordPress Royal Elementor Addons Pro plugin < 1.7.1041 - Cross Site Scripting (XSS) vulne…
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39590
— WordPress Atomlab theme <= 2.4.5 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
