Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.3 CRITICAL
CVE-2026-54827 — WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.6 HIGH
CVE-2026-54826 — WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnera…

Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-54825 — WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54824 — WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.

Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-54820 — WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-52701 — WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2026-24547 — WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2025-68075 — WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2025-68074 — WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2025-68064 — WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions.

Remote
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2025-68063 — WordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4…

Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions.

Remote | Path Traversal
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.8 HIGH
CVE-2025-68052 — WordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerabili…

Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions.

Remote | Cross-Site Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2025-66123 — WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2025-64637 — WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability

Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2025-64636 — WordPress Donation Thermometer plugin <= 2.2.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
4.3 MEDIUM
CVE-2025-63079 — WordPress Live Copy Paste for Elementor plugin <= 1.5.3 - Broken Access Control vulnerabi…

Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
4.3 MEDIUM
CVE-2025-63078 — WordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerabi…

Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.4 MEDIUM
CVE-2025-63041 — WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerab…

Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
0.0 NA
CVE-2026-45257 — Arbitrary file overwrite via the KTLS receive path

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by se…

| Memory Corruption
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-4339 — SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which all…

| Server-Side Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Showing 20 of 7892 Results