Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-32518 — WordPress Gaea theme < 3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Gaea gaea allows Reflected XSS.This issue affects Gaea: from n/a through < 3.8.

Remote | Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
7.1 HIGH
CVE-2026-32517 — WordPress Contact Manager plugin <= 9.1 - Reflected Cross Site Scripting (XSS) vulnerabil…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kleor Contact Manager contact-manager allows Reflected XSS.This issue affects Contact Manager: fr…

Remote | Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
8.5 HIGH
CVE-2026-32516 — WordPress Miraculous Core Plugin plugin < 2.1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Blind SQL Injection.This issue affects …

Remote | Injection
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
7.5 HIGH
CVE-2026-32515 — WordPress Miraculous theme < 2.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.1…

Remote | Authorization
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
6.5 MEDIUM
CVE-2026-32514 — WordPress Petitioner plugin <= 0.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= …

Remote | Authorization
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
8.8 HIGH
CVE-2026-32513 — WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7.

Remote | Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
9.8 CRITICAL
CVE-2026-32512 — WordPress Pelicula theme < 1.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10.

Remote | Injection
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
5.4 MEDIUM
CVE-2026-32511 — WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through < 1.7.

Remote | Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
5.4 MEDIUM
CVE-2026-32510 — WordPress Kamperen theme < 1.3 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Edge-Themes Kamperen kamperen allows Object Injection.This issue affects Kamperen: from n/a through < 1.3.

Remote | Injection
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
5.4 MEDIUM
CVE-2026-32509 — WordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through < 1.4.

Remote | Injection
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
5.4 MEDIUM
CVE-2026-32508 — WordPress Halstein theme < 1.8 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through < 1.8.

Remote | Injection
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
5.4 MEDIUM
CVE-2026-32507 — WordPress Leroux theme < 1.4 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through < 1.4.

Remote | Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
5.4 MEDIUM
CVE-2026-32506 — WordPress Archicon theme < 1.7 - Arbitrary Object Instantiation vulnerability

Deserialization of Untrusted Data vulnerability in Edge-Themes Archicon archicon allows Object Injection.This issue affects Archicon: from n/a through < 1.7.

Remote | Injection
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
8.1 HIGH
CVE-2026-32505 — WordPress Kiddy theme <= 2.0.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kidd…

Remote | Injection
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
8.1 HIGH
CVE-2026-32504 — WordPress VintWood theme <= 1.1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affect…

Remote | Path Traversal
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
8.1 HIGH
CVE-2026-32503 — WordPress Trendustry theme <= 1.1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS Trendustry trendustry allows PHP Local File Inclusion.This issue af…

Remote | Path Traversal
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
9.8 CRITICAL
CVE-2026-32502 — WordPress Borgholm theme < 1.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects Borgholm: from n/a through < 1.6.

Remote | Injection
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
7.1 HIGH
CVE-2026-32501 — WordPress WP Configurator Pro plugin <= 3.7.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in wp-configurator WP Configurator Pro wp-configurator-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Configurat…

Remote | Authorization
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
8.1 HIGH
CVE-2026-32500 — WordPress MetaMax theme <= 1.1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects …

Remote | Path Traversal
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
9.3 CRITICAL
CVE-2026-32499 — WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a thro…

Remote | Injection
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
Showing 20 of 6095 Results