Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-32499 — WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a thro…

| Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32498 — WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.Thi…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32497 — WordPress User Verification plugin <= 2.0.45 - Email Verification Bypass vulnerability

Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through <= 2.0.45.

| Authentication
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32496 — WordPress Spam Protect for Contact Form 7 plugin <= 1.2.9 - Arbitrary File Deletion vulne…

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NYSL Spam Protect for Contact Form 7 wp-contact-form-7-spam-blocker allows Path Traversal.This issue af…

| Path Traversal
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32495 — WordPress WP Terms Popup plugin <= 2.10.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from …

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32494 — WordPress Image Slider by Ays plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Image Slider by Ays ays-slider allows Exploiting Incorrectly Configured Access Control Se…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32493 — WordPress JobSearch plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32492 — WordPress My Tickets plugin <= 2.1.1 - Bypass Vulnerability vulnerability

Authentication Bypass by Spoofing vulnerability in Joe Dolson My Tickets my-tickets allows Identity Spoofing.This issue affects My Tickets: from n/a through <= 2.1.1.

| Authentication
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32491 — WordPress WP Review Slider plugin <= 13.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Sli…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32490 — WordPress WP TripAdvisor Review Slider plugin <= 14.1 - Cross Site Scripting (XSS) vulner…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP TripAdvisor Review Slider wp-tripadvisor-review-slider allows Stored XSS.This issue …

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32489 — WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32488 — WordPress User Registration plugin <= 4.4.9 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in wpeverest User Registration user-registration allows Privilege Escalation.This issue affects User Registration: from n/a through <= 4.4.9.

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32485 — WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a t…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32484 — WordPress weForms plugin <= 1.6.26 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through <= 1.6.26.

| Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32483 — WordPress Contact Form Email plugin <= 1.3.63 - Broken Access Control vulnerability

Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Emai…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32482 — WordPress Ona theme < 1.24 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through < 1.24.

| Misconfiguration
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-32441 — WordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-31921 — WordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - Broken Access Control vulne…

Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.Thi…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-31920 — WordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind…

| Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-31914 — WordPress WP Courses LMS plugin <= 3.2.26 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hookandhook WP Courses LMS wp-courses allows DOM-Based XSS.This issue affects WP Courses LMS: fro…

| Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
Showing 20 of 6018 Results