CVE-2026-27868
— PUBLICATION OF SENSITIVE INFORMATION ON REGESTA SMART HD-PLC OF TELDAT
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege inform…
Jun 17, 2026
Jul 01, 2026
Jun 17, 2026
Jul 01, 2026
CVE-2026-27429
— WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Nifty <= 1.4.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27410
— WordPress Slimstat Analytics plugin < 5.4.0 - Deserialization of untrusted data vulnerabi…
Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27400
— WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27395
— WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-27041
— WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upl…
Contributor Arbitrary File Upload in Unlimited Elements for Elementor (Premium) <= 2.0.6 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-25470
— WordPress ACPT (Pro) - Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote C…
Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion.
This issue affects ACPT (Pro) - Cust…
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-25446
— WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.
Remote
|
Misconfiguration
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-25439
— WordPress Booknetic plugin <= 4.8.5 - Account Takeover vulnerability
Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-24611
— WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-24610
— WordPress MetForm Pro plugin <= 3.9.1 - Broken Access Control vulnerability
Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-24575
— WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-22343
— WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-22342
— WordPress WordPress Dating Theme theme <= 11.2.0 - Cross Site Request Forgery (CSRF) to A…
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
Remote
|
Cross-Site Request Forgery
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-22340
— WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability
Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-22339
— WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versions.
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-22338
— WordPress EcoBlue theme <= 1.15 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-22335
— WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerab…
Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-22334
— WordPress Woocommerce Book Price plugin <= 1.3 - Arbitrary File Download vulnerability
Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-22332
— WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026