CVE-2026-40731
— WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40726
— WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40725
— WordPress WooCommerce Product Filters plugin < 2.0.6 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40724
— WordPress Client Portal (Pro) plugin <= 5.6.2 - Arbitrary File Download vulnerability
CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40723
— WordPress Bricks Builder theme <= 2.1.4 - Broken Access Control vulnerability
Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40722
— WordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Yoast SEO Premium: from n/a through 26.6.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40721
— WordPress Element Pack Pro plugin <= 9.0.6 - Local File Inclusion vulnerability
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39598
— WordPress Academy LMS Pro plugin < 3.5.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server.
This issue affects Academy LMS Pro: from n/a before 3.5.2.
Remote
|
Misconfiguration
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39597
— WordPress WPZOOM Addons for Elementor plugin <= 1.3.4 - Reflected Cross Site Scripting (X…
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39596
— WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39595
— WordPress W3 Total Cache plugin <= 2.9.1 - Broken Access Control vulnerability
Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39589
— WordPress Webenvo theme <= 0.0.6 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
Remote
|
Misconfiguration
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39582
— WordPress Hitek theme < 1.8.3 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39580
— WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39578
— WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Valiance <= 1.2 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39577
— WordPress Playroom theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39573
— WordPress Mildhill theme <= 1.5 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39568
— WordPress Mr. SEO theme <= 2.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39567
— WordPress Santé theme <= 1.5.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Santé <= 1.5.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39558
— WordPress Malmö theme <= 2.2 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026