Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-57638 — WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
4.3 MEDIUM
CVE-2026-57637 — WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forger…

Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 versions.

abandoned_cart_lite_for_woocommerce | Remote | Cross-Site Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.5 HIGH
CVE-2026-57636 — WordPress wpForo Forum plugin <= 3.0.9 - SQL Injection vulnerability

Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-57635 — WordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Sit…

Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions.

Remote | Cross-Site Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
4.3 MEDIUM
CVE-2026-57634 — WordPress PPWP plugin <= 1.9.19 - Insecure Direct Object References (IDOR) vulnerability

Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2026-57633 — WordPress WCBoost &#8211; Products Compare plugin <= 1.1.0 - Sensitive Data Exposure vuln…

Unauthenticated Sensitive Data Exposure in WCBoost &#8211; Products Compare <= 1.1.0 versions.

Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.4 MEDIUM
CVE-2026-57632 — WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Co…

Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.6 HIGH
CVE-2026-57631 — WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability

Administrator SQL Injection in Popup box <= 6.0.1 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.3 MEDIUM
CVE-2026-57630 — WordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDO…

Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-57629 — WordPress StatCounter plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.6 HIGH
CVE-2026-57628 — WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability

Administrator SQL Injection in WP All Import <= 4.0.1 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
4.9 MEDIUM
CVE-2026-57627 — WordPress Kirki plugin <= 6.0.11 - Server Side Request Forgery (SSRF) vulnerability

Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.

Remote | Server-Side Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
4.3 MEDIUM
CVE-2026-57622 — WordPress WPCafe plugin <= 3.0.14 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-57618 — WordPress Neve PRO theme <= 3.1.2 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-57617 — WordPress SeedProd Pro plugin < 6.19.5 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-57431 — WordPress Featured Image plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
4.3 MEDIUM
CVE-2026-57430 — WordPress SEOPress PRO plugin <= 9.1.1 - Broken Access Control vulnerability

Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-57325 — WordPress NanoMag theme <= 1.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-57324 — WordPress GIFT4U plugin <= 1.0.10 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.8 MEDIUM
CVE-2026-57323 — WordPress Flash & HTML5 Video plugin <= 2.11.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Showing 20 of 7892 Results