Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.5 HIGH
CVE-2026-49113 — WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability

Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.

Remote | Memory Corruption
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-49107 — WordPress Thrive Apprentice plugin < 10.8.10.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.

thrive_apprentice | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-49084 — WordPress JetEngine plugin < 3.8.9.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.

jetengine | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.2 HIGH
CVE-2026-49081 — WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-49080 — WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-49079 — WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-49076 — WordPress JetEngine plugin <= 3.8.9.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.

jetengine | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-49075 — WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability

Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.

jetengine | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-49074 — WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.

jetengine | Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.5 HIGH
CVE-2026-49073 — WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection. This issue affects Directorist Booking: fr…

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-49072 — WordPress WooCommerce Anti-Fraud plugin <= 7.2.6 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-49071 — WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.

woocommerce_dropshipping | Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-49058 — WordPress LoginPress Pro plugin <= 6.2.2 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.

Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-49057 — WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.

jobsearch_wp_job_board jobsearch | Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.5 HIGH
CVE-2026-48967 — WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability

Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.

geo_mashup | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-48929 — Rocket.Chat Unauthenticated File Deletion

Rocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7, <7.13.9, and <7.10.13 is vulnerable to unauthenticated file deletion. The deleteFileMessage Meteor method permanently deletes a…

rocket.chat | Remote | Authentication
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
9.3 CRITICAL
CVE-2026-48875 — WordPress JetSmartFilters plugin <= 3.8.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-48869 — WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.

enfold | Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-48797 — Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication

Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authenticatio…

Remote | Authentication
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
8.2 HIGH
CVE-2026-48788 — Remark42: Cross-Site Scripting (XSS) on /api/v1/img via content-type spoofing

Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site Scripting (XSS) vulnerability explo…

remark42 | Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7989 Results