Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-40725 — WordPress WooCommerce Product Filters plugin < 2.0.6 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-40724 — WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability

CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.3 MEDIUM
CVE-2026-40723 — WordPress Bricks Builder theme <= 2.1.4 - Broken Access Control vulnerability

Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
5.5 MEDIUM
CVE-2026-40722 — WordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Yoast SEO Premium: from n/a through 26.6.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-40721 — WordPress Element Pack Pro plugin <= 9.0.6 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.

element_pack | Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.0 HIGH
CVE-2026-39598 — WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-39597 — WordPress WPZOOM Addons for Elementor plugin <= 1.3.4 - Reflected Cross Site Scripting (X…

Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.

wpzoom_elementor_addons | Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-39596 — WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability

Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
4.7 MEDIUM
CVE-2026-39595 — WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability

Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.

w3_total_cache | Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.9 CRITICAL
CVE-2026-39589 — WordPress Webenvo theme <= 0.0.6 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.

Remote | Misconfiguration
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39582 — WordPress Hitek theme < 1.8.3 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39580 — WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39578 — WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39577 — WordPress Playroom theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39573 — WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39568 — WordPress Mr. SEO theme <= 2.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39567 — WordPress Santé theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39558 — WordPress Malmö theme <= 2.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39557 — WordPress NeoBeat theme <= 1.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in NeoBeat <= 1.7 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39554 — WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7983 Results