CVE-2026-40783
— WordPress Blocksy Companion Pro plugin <= 2.1.37 - Remote Code Execution (RCE) vulnerabil…
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40768
— WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (ID…
Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40765
— WordPress collectchat plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40761
— WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40760
— WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40759
— WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40758
— WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40755
— WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40754
— WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40753
— WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40751
— WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40749
— WordPress Charity Zone theme <= 1.1.1 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
Remote
|
Misconfiguration
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40748
— WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
Remote
|
Misconfiguration
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40747
— WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
Remote
|
Misconfiguration
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40746
— WordPress Restaurant Zone theme <= 0.7.8 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
Remote
|
Misconfiguration
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40739
— WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40736
— WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40735
— WordPress Reina theme <= 2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Reina <= 2.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40731
— WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40726
— WordPress User Registration Stripe plugin <= 1.3.14 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026