Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-24977 — WordPress Organici Library plugin <= 2.1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Orga…

| Injection
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
8.8 HIGH
CVE-2026-24976 — WordPress Organici Library plugin <= 2.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue affects Organici Library: from n/a through <= 2.1.2.

Remote | Injection
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
7.1 HIGH
CVE-2026-24975 — WordPress Organici Library plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnera…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme Organici Library noo-organici-library allows Reflected XSS.This issue affects Organici L…

Remote | Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
8.8 HIGH
CVE-2026-24974 — WordPress CitiLights theme <= 3.7.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through <= 3.7.1.

Remote | Injection
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
7.1 HIGH
CVE-2026-24973 — WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NooTheme CitiLights noo-citilights allows Reflected XSS.This issue affects CitiLights: from n/a t…

Remote | Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
6.5 MEDIUM
CVE-2026-24972 — WordPress Elated Listing plugin <= 1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a th…

Remote | Authorization
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
0.0 NA
CVE-2026-24971 — WordPress Search & Go theme <= 2.8 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8.

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24970 — WordPress Energox theme <= 1.2 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through <= 1.…

| Path Traversal
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24969 — WordPress Instant VA theme <= 1.0.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in designingmedia Instant VA instantva allows Path Traversal.This issue affects Instant VA: from n/a throu…

| Path Traversal
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24968 — WordPress Xagio SEO plugin <= 7.1.0.30 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through <= 7.1.0.30.

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24964 — WordPress Contest Gallery plugin <= 28.1.2.1 - Server Side Request Forgery (SSRF) vulnera…

Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery allows Server Side Request Forgery.This issue affects Contest Gallery: …

| Server-Side Request Forgery
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
7.1 HIGH
CVE-2026-24391 — WordPress Car Dealer theme <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a thr…

Remote | Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24382 — WordPress News Magazine X theme <= 1.2.50 - Broken Access Control vulnerability

Missing Authorization vulnerability in wproyal News Magazine X news-magazine-x allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Magazine X: from n/a thr…

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
9.8 CRITICAL
CVE-2026-24378 — WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0.

eventprime | Remote | Injection
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
6.5 MEDIUM
CVE-2026-24376 — WordPress WPVulnerability plugin <= 4.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Javier Casares WPVulnerability wpvulnerability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPVulnerability: from …

Remote | Authorization
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
0.0 NA
CVE-2026-24373 — WordPress RegistrationMagic plugin <= 6.0.7.1 - Account Takeover vulnerability

Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: …

registrationmagic | Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24372 — WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerabi…

Authentication Bypass by Spoofing vulnerability in WP Swings Subscriptions for WooCommerce subscriptions-for-woocommerce allows Input Data Manipulation.This issue affects Subscriptions for WooCommerc…

| Authentication
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
6.5 MEDIUM
CVE-2026-24370 — WordPress The Grid plugin < 2.8.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through < 2.8…

Remote | Cross-Site Scripting
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
0.0 NA
CVE-2026-24369 — WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.

| Authorization
Mar 25, 2026 Mar 25, 2026
Mar 25, 2026
Mar 25, 2026
6.5 MEDIUM
CVE-2026-24364 — WordPress WP User Frontend plugin <= 4.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a t…

wp_user_frontend | Remote | Authorization
Mar 25, 2026 Mar 26, 2026
Mar 25, 2026
Mar 26, 2026
Showing 20 of 6040 Results