Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-27433 — WordPress Motors theme <= 5.6.80 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.

Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.1 HIGH
CVE-2026-27430 — WordPress TheFox theme <= 3.9.76 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in TheFox <= 3.9.76 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.1 HIGH
CVE-2026-27426 — WordPress Automotive Car Dealership Business theme <= 13.3.3 - Reflected Cross Site Scrip…

Unauthenticated Cross Site Scripting (XSS) in Automotive Car Dealership Business <= 13.3.3 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.1 HIGH
CVE-2026-27425 — WordPress Automotive Listings plugin <= 18.6 - Reflected Cross Site Scripting (XSS) vulne…

Unauthenticated Cross Site Scripting (XSS) in Automotive Listings <= 18.6 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.9 CRITICAL
CVE-2026-27419 — WordPress Zegen theme <= 1.1.9 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Zegen <= 1.1.9 versions.

zegen | Remote | Misconfiguration
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-27414 — WordPress Werkstatt theme <= 4.8.3 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Werkstatt <= 4.8.3 versions.

Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.1 HIGH
CVE-2026-27412 — WordPress Pearl - Corporate Business theme <= 3.4.10 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.

Remote | Path Traversal
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.1 HIGH
CVE-2026-27408 — WordPress NativeChurch theme <= 4.8.8.2 - Reflected Cross Site Scripting (XSS) vulnerabil…

Unauthenticated Cross Site Scripting (XSS) in NativeChurch <= 4.8.8.2 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.1 HIGH
CVE-2026-27404 — WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.1 HIGH
CVE-2026-27402 — WordPress Kids Life | Children School WordPress theme <= 5.2 - Cross Site Scripting (XSS)…

Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-27060 — WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability

Contributor PHP Object Injection in ARMember Premium <= 7.0 versions.

Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.1 HIGH
CVE-2025-69156 — WordPress Kids Zone - Children WordPress Theme theme <= 5.4 - Cross Site Scripting (XSS) …

Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme <= 5.4 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.1 HIGH
CVE-2025-69155 — WordPress Fitness Zone WordPress Theme theme <= 5.7 - Cross Site Scripting (XSS) vulnerab…

Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.1 HIGH
CVE-2025-69154 — WordPress SpaLab | Beauty Salon WordPress Theme theme <= 6.7 - Cross Site Scripting (XSS)…

Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.1 HIGH
CVE-2025-69153 — WordPress Trendy Travel theme <= 6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.1 HIGH
CVE-2025-69152 — WordPress Artale | Wedding Photography WordPress theme <= 2.2.2 - Cross Site Scripting (X…

Unauthenticated Cross Site Scripting (XSS) in Artale | Wedding Photography WordPress <= 2.2.2 versions.

Remote | Cross-Site Scripting
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.5 HIGH
CVE-2025-69134 — WordPress OpenAI Chatbot for WordPress – Helper plugin <= 1.1.4 - Arbitrary Content Delet…

Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions.

Remote | Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.5 HIGH
CVE-2025-69133 — WordPress Tourmaster plugin <= 5.4.5 - Local File Inclusion vulnerability

Subscriber Local File Inclusion in Tourmaster <= 5.4.5 versions.

Remote | Path Traversal
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
6.5 MEDIUM
CVE-2025-69132 — WordPress Corpkit theme <= 1.0.5 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.

Remote | Information Disclosure
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.5 HIGH
CVE-2025-69094 — WordPress Unicamp theme <= 2.2.2 - SQL Injection vulnerability

Subscriber SQL Injection in Unicamp <= 2.2.2 versions.

unicamp | Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Showing 20 of 7988 Results