CVE-2026-54847
— WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-54846
— WordPress Syncee Premium Dropshipping & Wholesale plugin <= 1.0.27 - Broken Access Contro…
Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale <= 1.0.27 versions.
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-54840
— WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Newsletters <= 4.13 versions.
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-54839
— WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2…
Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 versions.
Remote
|
Information Disclosure
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-54837
— WordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access C…
Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions.
Remote
|
Authorization
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-54835
— WordPress Five Star Restaurant Menu plugin <= 2.5.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.
Jun 26, 2026
Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
CVE-2026-54834
— WordPress Object Cache 4 everyone plugin <= 2.3.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.
Remote
|
Information Disclosure
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-54833
— WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerability
Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions.
Remote
|
Authentication
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-54832
— WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.
Remote
|
Authorization
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-54831
— WordPress GeoDirectory plugin <= 2.8.162 - SQL Injection vulnerability
Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-54827
— WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability
Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.
Remote
|
Injection
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-54826
— WordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnera…
Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.
Jun 26, 2026
Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
CVE-2026-54825
— WordPress wpDataTables plugin <= 7.4 - SQL Injection vulnerability
Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-54824
— WordPress Ads by WPQuads plugin <= 3.0.3 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.
ads
|
Remote
|
Information Disclosure
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-54820
— WordPress JetBooking plugin <= 4.0.4.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.
Remote
|
Injection
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-52701
— WordPress User Registration plugin <= 5.2.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.
Remote
|
Authorization
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-4339
— SSRF via unvalidated attachment URLs in Mattermost Agents plugin MCP server
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which all…
Jun 26, 2026
Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by se…
Jun 26, 2026
Jun 27, 2026
Jun 26, 2026
Jun 27, 2026
When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The …
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
CVE-2026-3472
— Markdown image rendering bypass in AI bot tool result posts in Mattermost
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated att…
Jun 26, 2026
Jun 29, 2026
Jun 26, 2026
Jun 29, 2026