Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-54817 — WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4.

mstore_api | Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-54816 — WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affects Advanced Ads: from n/a through 2.0.21.

Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-54815 — WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerabi…

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects …

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-54814 — WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion. This issue affects Mot…

Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.5 HIGH
CVE-2026-54813 — WordPress SureDash plugin <= 1.8.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection. This issue affects SureDash: from n/a thro…

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-54809 — WordPress GIFT4U plugin <= 1.0.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-54808 — WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection. This issue affects WP Travel Gu…

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.7 HIGH
CVE-2026-54417 — Integer Overflow in rxi/microtar mtar_next() Causes Infinite Loop DoS

An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a craf…

Remote | Denial of Service
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.7 HIGH
CVE-2026-54193 — WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.

fusion_builder | Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-52716 — WordPress WorkScout-Core plugin <= 1.7.11 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.

workscout_core | Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-52707 — WordPress Kastell theme <= 2.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.1 CRITICAL
CVE-2026-49268 — Apache Shiro: LDAP DN Injection in DefaultLdapRealm

A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN te…

shiro | Remote | Injection
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
9.8 CRITICAL
CVE-2026-49108 — WordPress Moderno theme < 1.43 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Moderno < 1.43 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-40757 — WordPress Château theme <= 1.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-40756 — WordPress Zoya theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-40752 — WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-40738 — WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-40733 — WordPress ShiftUp theme <= 1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.

Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-40720 — WordPress Royal Elementor Addons Pro plugin < 1.7.1041 - Cross Site Scripting (XSS) vulne…

Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-39590 — WordPress Atomlab theme <= 2.4.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 8012 Results