CVE-2026-49113
— WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability
Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
Remote
|
Memory Corruption
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49107
— WordPress Thrive Apprentice plugin < 10.8.10.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49084
— WordPress JetEngine plugin < 3.8.9.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49081
— WordPress User Registration Stripe plugin <= 1.3.12 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.12 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49080
— WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability
Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49079
— WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49076
— WordPress JetEngine plugin <= 3.8.9.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49075
— WordPress JetEngine plugin <= 3.8.9.1 - PHP Object Injection vulnerability
Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49074
— WordPress JetEngine plugin <= 3.8.9.1 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49073
— WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL Injection.
This issue affects Directorist Booking: fr…
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49072
— WordPress WooCommerce Anti-Fraud plugin <= 7.2.6 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49071
— WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49058
— WordPress LoginPress Pro plugin <= 6.2.2 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
Remote
|
Authentication
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-49057
— WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-48967
— WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Rocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7, <7.13.9, and <7.10.13 is vulnerable to unauthenticated file deletion. The deleteFileMessage Meteor method permanently deletes a…
Jun 17, 2026
Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
CVE-2026-48875
— WordPress JetSmartFilters plugin <= 3.8.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-48869
— WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
enfold
|
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-48797
— Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication
Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authenticatio…
Remote
|
Authentication
Jun 17, 2026
Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
CVE-2026-48788
— Remark42: Cross-Site Scripting (XSS) on /api/v1/img via content-type spoofing
Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site Scripting (XSS) vulnerability explo…
remark42
|
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026