Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
7.1 HIGH
CVE-2026-57322 — WordPress weMail plugin <= 2.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.

wemail | Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-57321 — WordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions.

Remote | Path Traversal
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-57319 — WordPress FOX plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-57318 — WordPress Site Reviews plugin <= 8.0.11 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.

site_reviews | Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-57317 — WordPress Simply Schedule Appointments plugin <= 1.6.12.2 - Cross Site Scripting (XSS) vu…

Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.

simply_schedule_appointments | Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-57316 — WordPress GetGenie plugin <= 4.4.2 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2 versions.

Remote | Information Disclosure
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.5 HIGH
CVE-2026-57315 — WordPress Blocksy Companion Pro plugin <= 2.1.45 - Remote Code Execution (RCE) vulnerabil…

Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-57314 — WordPress SureCart plugin <= 4.3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
6.5 MEDIUM
CVE-2026-57313 — WordPress SureCart plugin <= 4.2.2 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.

Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-57312 — WordPress Everest Forms plugin <= 3.4.8 - Reflected Cross Site Scripting (XSS) vulnerabil…

Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.

everest_forms | Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-56072 — WordPress WoodMart theme <= 8.5.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.

woodmart | Remote | Cross-Site Scripting
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-56070 — WordPress Advance Product Search plugin <= 1.4.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.

advance_product_search | Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-56069 — WordPress Toolset Forms plugin <= 2.6.24 - Insecure Direct Object References (IDOR) vulne…

Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-56068 — WordPress JetEngine plugin <= 3.8.10.2 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-56067 — WordPress JetSmartFilters plugin <= 3.8.3 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
5.8 MEDIUM
CVE-2026-56066 — WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbitrary File Deletion vulnerabi…

Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions.

Remote | Path Traversal
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.5 HIGH
CVE-2026-56064 — WordPress Tourfic plugin <= 2.22.5 - SQL Injection vulnerability

Subscriber SQL Injection in Tourfic <= 2.22.5 versions.

tourfic | Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.3 HIGH
CVE-2026-56063 — WordPress MailChimp Block plugin <= 1.1.15 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
9.3 CRITICAL
CVE-2026-56062 — WordPress Quotes llama plugin <= 3.1.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.

Remote | Injection
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-56061 — WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerabi…

Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.

Remote | Authorization
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Showing 20 of 7892 Results