Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-39686 — WordPress BSK PDF Manager plugin <= 3.7.2 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PD…

bsk_pdf_manager | Information Disclosure
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39685 — WordPress The Moneytizer plugin <= 10.0.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Moneytizer: from n/a throu…

the_moneytizer | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39684 — WordPress OrganicFood theme <= 3.6.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnTheme OrganicFood organicfood allows PHP Local File Inclusion.This issue aff…

| Path Traversal
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39683 — WordPress Garden Gnome Package plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chief Gnome Garden Gnome Package garden-gnome-package allows DOM-Based XSS.This issue affects Gar…

| Cross-Site Scripting
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39682 — WordPress linkPizza-Manager plugin <= 5.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects linkPizza-Manager: fr…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39681 — WordPress Homeo theme <= 1.2.59 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo…

| Path Traversal
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39680 — WordPress Diet Calorie Calculator plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Diet …

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39679 — WordPress Freeio theme <= 1.3.21 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Fre…

| Path Traversal
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39678 — WordPress Pinpoint Booking System plugin <= 2.9.9.6.5 - Broken Access Control vulnerabili…

Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking Sy…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39677 — WordPress Emphires theme <= 3.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Emphires emphires allows PHP Local File Inclusion.This issue …

| Path Traversal
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39676 — WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a…

download_manager | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39675 — WordPress Court Reservation plugin <= 1.10.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39674 — WordPress MK Google Directions plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affec…

| Cross-Site Scripting
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39673 — WordPress iZooto plugin <= 3.7.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.2…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39672 — WordPress ShipTime: Discounted Shipping Rates plugin <= 1.1.1 - Broken Access Control vul…

Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39671 — WordPress Extra Fees Plugin for WooCommerce plugin <= 4.3.3 - Cross Site Request Forgery …

Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees…

| Cross-Site Request Forgery
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39670 — WordPress Visual Link Preview plugin <= 2.3.0 - Server Side Request Forgery (SSRF) vulner…

Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0.

| Server-Side Request Forgery
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39669 — WordPress NitroPack plugin <= 1.19.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through <= 1.19.3.

nitropack | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39668 — WordPress Book Previewer for Woocommerce plugin <= 1.0.6 - Broken Access Control vulnerab…

Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39667 — WordPress Korea SNS plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a th…

korea_sns | Cross-Site Scripting
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
Showing 20 of 6408 Results