CVE-2026-54815
— WordPress Cargo Shipping Location for WooCommerce plugin <= 5.6 - SQL Injection vulnerabi…
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection.
This issue affects …
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54814
— WordPress Motors plugin <= 1.4.109 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion.
This issue affects Mot…
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54813
— WordPress SureDash plugin <= 1.8.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL Injection.
This issue affects SureDash: from n/a thro…
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54809
— WordPress GIFT4U plugin <= 1.0.10 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection.
This issue affects GIFT4U: from n/a through 1.0.10.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54808
— WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Blind SQL Injection.
This issue affects WP Travel Gu…
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54417
— Integer Overflow in rxi/microtar mtar_next() Causes Infinite Loop DoS
An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a craf…
Remote
|
Denial of Service
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-54193
— WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability
Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-52716
— WordPress WorkScout-Core plugin <= 1.7.11 - Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions.
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-52707
— WordPress Kastell theme <= 2.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN te…
shiro
|
Remote
|
Injection
Jun 17, 2026
Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
CVE-2026-49108
— WordPress Moderno theme < 1.43 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40757
— WordPress Château theme <= 1.2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40756
— WordPress Zoya theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40752
— WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40738
— WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40733
— WordPress ShiftUp theme <= 1.3 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-40720
— WordPress Royal Elementor Addons Pro plugin < 1.7.1041 - Cross Site Scripting (XSS) vulne…
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
Remote
|
Cross-Site Scripting
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39590
— WordPress Atomlab theme <= 2.4.5 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.
Remote
|
Path Traversal
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39576
— WordPress SingleMalt theme <= 1.5 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
CVE-2026-39560
— WordPress Hiroshi theme <= 1.5.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
Remote
|
Injection
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Jun 17, 2026