Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-56039 — WordPress Quick Interest Slider plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vu…

Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-56038 — WordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerability

Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-56036 — WordPress 워드프레스 결제 심플페이 plugin <= 5.5.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.6 HIGH
CVE-2026-56035 — WordPress BitFire Security plugin <= 5.0.3 - Multiple Vulnerabilities vulnerability

Unauthenticated Multiple Vulnerabilities in BitFire Security <= 5.0.3 versions.

Remote | Authentication
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-56034 — WordPress Library Management System plugin <= 3.5.7 - SQL Injection vulnerability

Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.

Remote
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-56033 — WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.

Remote
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-56032 — WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.1 HIGH
CVE-2026-56031 — WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.

Remote | Authentication
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-56030 — WordPress Paytium plugin <= 5.0.2 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-56029 — WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication v…

Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.

Remote | Authentication
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.8 CRITICAL
CVE-2026-56028 — WordPress Easy Elements for Elementor – Addons & Website Templates plugin <= 1.4.9 - Priv…

Unauthenticated Privilege Escalation in Easy Elements for Elementor &#8211; Addons &amp; Website Templates <= 1.4.9 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.9 CRITICAL
CVE-2026-56027 — WordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerability

Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions.

Remote | Misconfiguration
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.4 MEDIUM
CVE-2026-56026 — WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability

Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.

Remote | Server-Side Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-56025 — WordPress Paymob for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-56011 — WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulne…

Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-56010 — WordPress Abandoned Cart Pro for WooCommerce plugin <= 10.4.0 - Privilege Escalation vuln…

Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.

abandoned_cart_pro_for_woocommerce | Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.8 HIGH
CVE-2026-56008 — WordPress Fusion Builder plugin <= 3.15.4 - Privilege Escalation vulnerability

Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54847 — WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-54846 — WordPress Syncee Premium Dropshipping & Wholesale plugin <= 1.0.27 - Broken Access Contro…

Unauthenticated Broken Access Control in Syncee Premium Dropshipping &amp; Wholesale <= 1.0.27 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.3 HIGH
CVE-2026-54840 — WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Newsletters <= 4.13 versions.

newsletters | Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Showing 20 of 7879 Results