Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.5 HIGH
CVE-2026-56064 — WordPress Tourfic plugin <= 2.22.5 - SQL Injection vulnerability

Subscriber SQL Injection in Tourfic <= 2.22.5 versions.

tourfic | Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.3 HIGH
CVE-2026-56063 — WordPress MailChimp Block plugin <= 1.1.15 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-56062 — WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-56061 — WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerabi…

Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-56060 — WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 7.1.1 - Sensitive Data…

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce <= 7.1.1 versions.

Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.9 CRITICAL
CVE-2026-56059 — WordPress Travel Booking theme <= 2.2.5 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.

Remote | Misconfiguration
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.9 CRITICAL
CVE-2026-56058 — WordPress Quform plugin <= 2.23.0 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions.

Remote | Misconfiguration
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-56057 — WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-56055 — WordPress RealHomes theme <= 4.5.3 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.

realhomes | Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-56048 — WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Inse…

Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-56047 — WordPress perfmatters plugin <= 2.6.3 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-56046 — WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-56045 — WordPress Automatic plugin < 3.135.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.

automatic | Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-56044 — WordPress Blog2Social plugin <= 8.9.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.

blog2social | Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-56043 — WordPress Customer Reviews for WooCommerce plugin <= 5.110.1 - Cross Site Scripting (XSS)…

Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.

customer_reviews_for_woocommerce | Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-56041 — WordPress Responsive Lightbox plugin <= 2.7.6 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.

responsive_lightbox | Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-56040 — WordPress Gutenverse Form plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-56039 — WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vu…

Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-56038 — WordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerability

Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-56036 — WordPress 워드프레스 결제 심플페이 plugin <= 5.5.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Showing 20 of 7880 Results