Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-8383 — LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each retur…

learnpress | Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-8089 — weMail < 2.1.3 - Reflected Cross-Site Scripting

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecti…

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
5.9 MEDIUM
CVE-2026-7850 — WP Magnific Popup <= 1.0 - Author+ Stored XSS via href Attribute

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authentica…

Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.2 HIGH
CVE-2026-5667 — Information Disclosure, Information Tampering, or Denial-of-Service (DoS) Vulnerability i…

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan); …

| Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
5.8 MEDIUM
CVE-2026-55706 — OpenBSD Authentication Bypass

sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.

openbsd | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-54811 — WordPress WP eMember plugin < v10.9.4 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.

wp_emember | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-54807 — WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulner…

Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.

Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-54806 — WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.

wp_activity_log | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.8 HIGH
CVE-2026-54805 — WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.

falang | Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.6 HIGH
CVE-2026-54804 — WordPress Melhor Envio plugin <= 2.16.3 - Broken Authentication vulnerability

Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.

Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-54803 — WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerabil…

Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.5 HIGH
CVE-2026-54802 — WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerabi…

Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.

Remote | Authentication
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
6.8 MEDIUM
CVE-2026-54196 — WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.

jetformbuilder | Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-54195 — WordPress JetFormBuilder plugin <= 3.6.0.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0.1 versions.

jetformbuilder | Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-54194 — WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.

fusion_builder | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-54192 — WordPress Popup box plugin <= 6.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versions.

popup_box | Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-54189 — WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

jetengine | Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.1 HIGH
CVE-2026-54188 — WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions.

jetengine | Remote | Cross-Site Scripting
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-54187 — WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability

Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.

jetengine | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
9.3 CRITICAL
CVE-2026-54186 — WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.

jobsearch_wp_job_board jobsearch | Remote | Injection
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 8008 Results