Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-24376 — WordPress WPVulnerability plugin <= 4.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPVulnerability: from …

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24373 — WordPress RegistrationMagic plugin <= 6.0.7.1 - Account Takeover vulnerability

Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: …

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24372 — WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerabi…

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerc…

| Authentication
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24370 — WordPress The Grid plugin < 2.8.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through < 2.8…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24369 — WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24364 — WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a t…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24363 — WordPress WP Cost Estimation & Payment Forms Builder plugin < 10.3.0 - Broken Access Cont…

Missing Authorization vulnerability in loopus WP Cost Estimation & Payment Forms Builder WP_Estimation_Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects …

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24362 — WordPress Ultimate Post Kit plugin <= 4.0.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from …

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24359 — WordPress Dokan plugin <= 4.2.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan-lite allows Authentication Abuse.This issue affects Dokan: from n/a through <= 4.2.4.

| Authentication
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-23979 — WordPress Gyan Elements plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerabil…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softwebmedia Gyan Elements gyan-elements allows Reflected XSS.This issue affects Gyan Elements: f…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-23977 — WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.2 - Broken Access …

Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security …

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-23973 — WordPress Golo theme < 1.7.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo golo allows Reflected XSS.This issue affects Golo: from n/a through < 1.7.5.

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-23972 — WordPress Booking and Rental Manager plugin <= 2.6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.Thi…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-23971 — WordPress WoodMart theme <= 8.3.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through <= 8.3.8.

| Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-23807 — WordPress WP Telegram Widget and Join Link plugin <= 2.2.13 - Reflected Cross Site Script…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Reflected XSS.This issue affec…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-23806 — WordPress Jobs for WordPress plugin <= 2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for Wor…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
5.5 MEDIUM
CVE-2026-23636 — Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerou…

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type du…

Remote | Misconfiguration
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
6.5 MEDIUM
CVE-2026-23635 — Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials

Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Cred…

Remote | Misconfiguration
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-22524 — WordPress Legacy Admin plugin <= 9.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Legacy Admin legacy-admin allows Reflected XSS.This issue affects Legacy Admin: from…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-22523 — WordPress Ultra WordPress Admin plugin <= 11.7 - Reflected Cross Site Scripting (XSS) vul…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra Word…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
Showing 20 of 6018 Results