Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.4 MEDIUM
CVE-2026-56026 — WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability

Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.

Remote | Server-Side Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-56025 — WordPress Paymob for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-56011 — WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulne…

Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-56010 — WordPress Abandoned Cart Pro for WooCommerce plugin <= 10.4.0 - Privilege Escalation vuln…

Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.

abandoned_cart_pro_for_woocommerce | Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-56008 — WordPress Fusion Builder plugin <= 3.15.4 - Privilege Escalation vulnerability

Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54847 — WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54846 — WordPress Syncee Premium Dropshipping & Wholesale plugin <= 1.0.27 - Broken Access Contro…

Unauthenticated Broken Access Control in Syncee Premium Dropshipping &amp; Wholesale <= 1.0.27 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.3 HIGH
CVE-2026-54840 — WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Newsletters <= 4.13 versions.

newsletters | Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54839 — WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2…

Unauthenticated Sensitive Data Exposure in Trinity Backup &#8211; Backup, Migrate, Restore, Clone &amp; Schedule Backups <= 2.0.9 versions.

Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54837 — WordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access C…

Unauthenticated Broken Access Control in Intranet &amp; Private Site &#8211; All-In-One Intranet <= 1.8.1 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54835 — WordPress Five Star Restaurant Menu plugin <= 2.5.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54834 — WordPress Object Cache 4 everyone plugin <= 2.3.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.

Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.4 HIGH
CVE-2026-54833 — WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerability

Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions.

Remote | Authentication
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54832 — WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-54831 — WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability

Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-54827 — WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.6 HIGH
CVE-2026-54826 — WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnera…

Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-54825 — WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54824 — WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.

Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-54820 — WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Showing 20 of 7850 Results