Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.5 HIGH
CVE-2026-54835 — WordPress Five Star Restaurant Menu plugin <= 2.5.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54834 — WordPress Object Cache 4 everyone plugin <= 2.3.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.

Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.4 HIGH
CVE-2026-54833 — WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerability

Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions.

Remote | Authentication
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54832 — WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-54831 — WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-54827 — WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.6 HIGH
CVE-2026-54826 — WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnera…

Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-54825 — WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54824 — WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.

Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-54820 — WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-52701 — WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2026-24547 — WordPress SiteGround Email Marketing plugin <= 1.7.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2025-68075 — WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2025-68074 — WordPress Image Carousel plugin <= 1.0.0.41 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2025-68064 — WordPress Goya Core plugin < 1.0.9.4 - Local File Inclusion vulnerability

Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions.

Remote
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2025-68063 — WordPress Splash - Sport Club WordPress theme for Basketball, Football, Hockey theme <= 4…

Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey <= 4.4.3 versions.

Remote | Path Traversal
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.8 HIGH
CVE-2025-68052 — WordPress Eagle Booking plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerabili…

Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <= 1.3.4.3 versions.

Remote | Cross-Site Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2025-66123 — WordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2025-64637 — WordPress Auros Core plugin <= 5.3.1 - Content Injection vulnerability

Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2025-64636 — WordPress Donation Thermometer plugin <= 2.2.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Showing 20 of 7903 Results