CVE-2026-39549
— WordPress Aperitif theme <= 1.5 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39548
— WordPress MagOne theme <= 9.0 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39547
— WordPress Getaway theme < 1.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Getaway < 1.8 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39546
— WordPress MultiLoca plugin <= 4.2.15 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39545
— WordPress Zermatt theme <= 1.6.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39539
— WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39537
— WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39529
— WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39522
— WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Solene <= 3.4 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39446
— WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Kapee < 1.7.0 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39443
— WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EmallShop <= 2.4.21 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39438
— WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability
Unauthenticated SQL Injection in ListingPro <= 2.9.10 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39433
— WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability
Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
Remote
|
Authorization
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-34895
— WordPress Softlab Core plugin < 1.2.11 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-34894
— WordPress Integrio Core plugin < 1.2.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-34893
— WordPress Thegov Core plugin < 2.0.23 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-34888
— WordPress Bricksforge plugin <= 3.1.8.4 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-32967
— Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to versi…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-32966
— Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Da…
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recomme…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-2604
— Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent ur…
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory t…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026