Latest CVE Vulnerabilities

7.5 HIGH

CVE-2026-48883 — WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vul…

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce <= 8.5.3 versions.

wpc_product_bundles_for_woocommerce | Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

8.5 HIGH

CVE-2026-48882 — WordPress WP Time Slots Booking Form plugin <= 1.2.50 - SQL Injection vulnerability

Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions.

wp_time_slots_booking_form | Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

9.1 CRITICAL

CVE-2026-48881 — WordPress TrueBooker plugin <= 1.1.9 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.

truebooker | Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-48880 — WordPress WP Job Portal plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versions.

Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-48878 — WordPress Visual Link Preview plugin <= 2.4.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 versions.

Remote | Information Disclosure

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-48876 — WordPress Stop Spammers plugin <= 2026.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.

Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

8.5 HIGH

CVE-2026-48874 — WordPress GamiPress plugin <= 7.8.7 - SQL Injection vulnerability

Subscriber SQL Injection in GamiPress <= 7.8.7 versions.

Remote | Injection

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-48873 — WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Montonio for WooCommerce <= 10.1.2 versions.

montonio_for_woocommerce | Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-48872 — WordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.

embedpress | Remote | Information Disclosure

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-48871 — WordPress MW WP Form plugin <= 5.1.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.

Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

6.5 MEDIUM

CVE-2026-48870 — WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulner…

Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.

Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-48868 — WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR)…

Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-48867 — WordPress Quiz And Survey Master plugin <= 11.1.2 - Cross Site Scripting (XSS) vulnerabil…

Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.

quiz_and_survey_master | Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.1 HIGH

CVE-2026-48838 — WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.

post_smtp | Remote | Cross-Site Scripting

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

10.0 CRITICAL

CVE-2026-48836 — WordPress Easy Invoice plugin <= 2.1.19 - Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions.

Remote | Authentication

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

7.5 HIGH

CVE-2026-48835 — WordPress Contact Form by WPForms plugin <= 1.10.0.4 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Contact Form by WPForms <= 1.10.0.4 versions.

Remote | Authorization

Jun 15, 2026 Jun 15, 2026

Jun 15, 2026

3.7 LOW

CVE-2026-48709 — OliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argu…

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any auth…

olivetin | Remote | Authentication

Jun 15, 2026 Jun 16, 2026

Jun 15, 2026

Jun 16, 2026

7.5 HIGH

CVE-2026-48708 — OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Co…

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance (tpl package-level va…

olivetin | Remote | Race Condition

Jun 15, 2026 Jun 16, 2026

Jun 15, 2026

Jun 16, 2026

4.3 MEDIUM

CVE-2026-48518 — MultiJuicer: Login CSRF allows attacker to force victims into their team

MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint (POST /multi-ju…

Remote | Cross-Site Request Forgery

Jun 15, 2026 Jun 16, 2026

Jun 15, 2026

Jun 16, 2026

8.5 HIGH

CVE-2026-48124 — Cursor Desktop sandbox escape via Claude hook configuration

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without ded…

cursor | Misconfiguration

Jun 15, 2026 Jun 16, 2026

Jun 15, 2026

Jun 16, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences