Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2026-57659 — WordPress Paid Memberships Pro - Add Member From Admin plugin <= 0.7.2 - Cross Site Reque…

Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.

Remote | Cross-Site Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.1 CRITICAL
CVE-2026-57658 — WordPress TemplateSpare plugin <= 4.2.0 - Arbitrary File Upload vulnerability

Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.

Remote | Misconfiguration
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
4.3 MEDIUM
CVE-2026-57657 — WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.

Remote | Cross-Site Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.9 MEDIUM
CVE-2026-57656 — WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.2 HIGH
CVE-2026-57655 — WordPress Child theme Wizard plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerabil…

Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.

Remote | Cross-Site Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-57654 — WordPress Affiliates Manager plugin <= 2.9.49 - Broken Access Control vulnerability

Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.5 HIGH
CVE-2026-57653 — WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vulnerability

Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.

wp_job_portal | Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2026-57652 — WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnera…

Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.

js_help_desk | Remote
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-57651 — WordPress Ghost Kit plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-57650 — WordPress Magazine Blocks plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
4.3 MEDIUM
CVE-2026-57649 — WordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
4.3 MEDIUM
CVE-2026-57648 — WordPress Nelio Content plugin <= 4.3.4 - Broken Access Control vulnerability

Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-57647 — WordPress Panorama Viewer – 360 Degree Image + Video Viewer plugin <= 1.6.1 - Local File …

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.

Remote | Path Traversal
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.4 MEDIUM
CVE-2026-57646 — WordPress Majestic Support plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vul…

Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.1 HIGH
CVE-2026-57645 — WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.

newsletters | Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.5 HIGH
CVE-2026-57644 — WordPress Restaurant Menu by MotoPress plugin <= 2.4.10 - SQL Injection vulnerability

Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.5 HIGH
CVE-2026-57643 — WordPress WP Post Author plugin <= 3.9.1 - SQL Injection vulnerability

Contributor SQL Injection in WP Post Author <= 3.9.1 versions.

wp_post_author | Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.5 HIGH
CVE-2026-57642 — WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability

Contributor SQL Injection in Gallery <= 4.7.8 versions.

gallery | Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-57641 — WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.

Remote | Cross-Site Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
4.3 MEDIUM
CVE-2026-57640 — WordPress MasterStudy LMS plugin <= 3.7.30 - Broken Access Control vulnerability

Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Showing 20 of 7892 Results