Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-39664 — WordPress Leadrebel plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2.

Remote | Authorization
Apr 08, 2026 Apr 09, 2026
Apr 08, 2026
Apr 09, 2026
0.0 NA
CVE-2026-39663 — WordPress TrueBooker plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: …

truebooker | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
5.3 MEDIUM
CVE-2026-39662 — WordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Contro…

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security …

Remote | Authorization
Apr 08, 2026 Apr 09, 2026
Apr 08, 2026
Apr 09, 2026
0.0 NA
CVE-2026-39660 — WordPress WP Job Manager plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a thr…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
5.3 MEDIUM
CVE-2026-39659 — WordPress Ultimate Member plugin <= 2.11.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from…

ultimate_member | Remote | Authorization
Apr 08, 2026 Apr 09, 2026
Apr 08, 2026
Apr 09, 2026
0.0 NA
CVE-2026-39658 — WordPress Panda Pods Repeater Field plugin <= 1.5.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pand…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
5.3 MEDIUM
CVE-2026-39657 — WordPress leadlovers forms plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n…

Remote | Authorization
Apr 08, 2026 Apr 09, 2026
Apr 08, 2026
Apr 09, 2026
0.0 NA
CVE-2026-39656 — WordPress Razorpay for WooCommerce plugin <= 4.8.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommer…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39654 — WordPress WP Simple HTML Sitemap plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows DOM-Based XSS.This issue affect…

| Cross-Site Scripting
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39653 — WordPress Video Conferencing with Zoom plugin <= 4.6.6 - Broken Access Control vulnerabil…

Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This is…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
5.3 MEDIUM
CVE-2026-39652 — WordPress iGMS Direct Booking plugin <= 1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iGMS Direct Booking: fro…

Remote | Authorization
Apr 08, 2026 Apr 09, 2026
Apr 08, 2026
Apr 09, 2026
0.0 NA
CVE-2026-39651 — WordPress Total Poll Lite plugin <= 4.12.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a t…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
5.3 MEDIUM
CVE-2026-39650 — WordPress UnitechPay plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UnitechPay: …

Remote | Authorization
Apr 08, 2026 Apr 09, 2026
Apr 08, 2026
Apr 09, 2026
0.0 NA
CVE-2026-39649 — WordPress Royale News theme <= 2.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through <= 2.…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
5.3 MEDIUM
CVE-2026-39648 — WordPress Cream Blog theme <= 2.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7.

Remote | Authorization
Apr 08, 2026 Apr 09, 2026
Apr 08, 2026
Apr 09, 2026
0.0 NA
CVE-2026-39647 — WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.11 - Server S…

Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 A…

mp3_audio_player_for_music\,_radio_\&_podcast | Server-Side Request Forgery
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
6.5 MEDIUM
CVE-2026-39646 — WordPress Leaflet Map plugin <= 3.4.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bozdoz Leaflet Map leaflet-map allows Stored XSS.This issue affects Leaflet Map: from n/a through…

leaflet_map | Remote | Cross-Site Scripting
Apr 08, 2026 Apr 09, 2026
Apr 08, 2026
Apr 09, 2026
0.0 NA
CVE-2026-39645 — WordPress GlobalPayments WooCommerce plugin <= 1.18.0 - Server Side Request Forgery (SSRF…

Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Server Side Request Forgery.This issue affects GlobalPayments WooComm…

| Server-Side Request Forgery
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
5.3 MEDIUM
CVE-2026-39644 — WordPress Wp Ultimate Review plugin <= 2.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from…

wp_ultimate_review | Remote | Authorization
Apr 08, 2026 Apr 09, 2026
Apr 08, 2026
Apr 09, 2026
0.0 NA
CVE-2026-39643 — WordPress Payment Plugins for PayPal WooCommerce plugin <= 2.0.13 - Broken Access Control…

Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This i…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
Showing 20 of 6449 Results