Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-32567 — WordPress YML for Yandex Market plugin < 5.3.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Y…

| Path Traversal
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32562 — WordPress PPWP plugin <= 1.9.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through <= 1.…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32546 — WordPress Restrict Content plugin <= 3.2.22 - Broken Access Control vulnerability

Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32545 — WordPress Taboola Pixel plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerabil…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32544 — WordPress OOPSpam Anti-Spam plugin <= 1.2.62 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OOPSpam Team OOPSpam Anti-Spam oopspam-anti-spam allows Stored XSS.This issue affects OOPSpam Ant…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32542 — WordPress Fusion Builder plugin < 3.15.0 - Reflected Cross Site Scripting (XSS) vulnerabi…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder fusion-builder allows Reflected XSS.This issue affects Fusion Builder:…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32541 — WordPress Premmerce Redirect Manager plugin <= 1.0.12 - Broken Access Control vulnerabili…

Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premm…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32540 — WordPress Bookly plugin <= 26.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bookly Bookly bookly-responsive-appointment-booking-tool allows Reflected XSS.This issue affects …

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32539 — WordPress PublishPress Revisions plugin <= 3.7.23 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects Pub…

| Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32538 — WordPress SMTP Mailer plugin <= 1.1.24 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through <= 1.1.24.

| Information Disclosure
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32537 — WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclus…

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Loc…

| Path Traversal
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32536 — WordPress Green Downloads plugin <= 2.08 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a thr…

| Misconfiguration
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32535 — WordPress JS Help Desk plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnera…

Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS …

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32534 — WordPress JS Help Desk plugin <= 3.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk…

| Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32533 — WordPress LatePoint plugin <= 5.2.6 - Insecure Direct Object References (IDOR) vulnerabil…

Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: f…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32532 — WordPress Contact Form & Lead Form Elementor Builder plugin <= 2.0.1 - Cross Site Scripti…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Stored XSS.This iss…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32531 — WordPress Kunco theme < 1.4.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: f…

| Path Traversal
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32530 — WordPress Creator LMS plugin <= 1.1.18 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through <= 1.1.18.

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32529 — WordPress Molla theme < 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through < 1.5.19.

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32528 — WordPress Riode | Multi-Purpose WooCommerce theme < 1.6.29 - Reflected Cross Site Scripti…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through < 1.6.29.

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
Showing 20 of 6007 Results