Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-56051 — WordPress TablePress plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.

tablepress | Remote | Cross-Site Scripting
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
8.5 HIGH
CVE-2026-56049 — WordPress Post Snippets plugin <= 4.0.19 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.

Remote | Injection
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-56042 — WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (X…

Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.

advanced_order_export_for_woocommerce | Remote | Cross-Site Scripting
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
5.4 MEDIUM
CVE-2026-56023 — WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Con…

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.

Remote | Authorization
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-56014 — WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.

master_slider | Remote | Cross-Site Scripting
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
6.5 MEDIUM
CVE-2026-56013 — WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object Refer…

Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.

Remote | Authorization
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-56006 — WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.

h5p | Remote | Cross-Site Scripting
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-56005 — WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.

wp_activity_log | Remote | Cross-Site Scripting
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
9.3 CRITICAL
CVE-2026-54849 — WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerabili…

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.

Remote | Injection
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
8.1 HIGH
CVE-2026-54845 — WordPress MDTF plugin <= 1.3.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions.

Remote | Path Traversal
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-54844 — WordPress CheckView Automated Testing plugin <= 2.1.0 - Broken Access Control vulnerabili…

Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.

Remote | Authorization
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
9.3 CRITICAL
CVE-2026-54843 — WordPress MDTF plugin <= 1.3.7 - SQL Injection vulnerability

Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.

Remote | Injection
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-54841 — WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.

Remote | Information Disclosure
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
8.5 HIGH
CVE-2026-54838 — WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability

Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.

Remote | Injection
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-54830 — WordPress Five Star Restaurant Reservations plugin <= 2.7.19 - Broken Access Control vuln…

Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.

Remote | Authorization
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-54828 — WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.

Remote | Authorization
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
9.9 CRITICAL
CVE-2026-54823 — WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.

Remote | Injection
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
8.5 HIGH
CVE-2026-54822 — WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability

Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.

Remote | Injection
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.4 HIGH
CVE-2026-54821 — WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.

Remote | Information Disclosure
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.5 HIGH
CVE-2026-27366 — WordPress MainWP Child plugin <= 6.1.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.

Remote | Authorization
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Showing 20 of 8257 Results