Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-39676 — WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a…

download_manager | Remote | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39675 — WordPress Court Reservation plugin <= 1.10.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Court Reservation: from…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
6.5 MEDIUM
CVE-2026-39674 — WordPress MK Google Directions plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affec…

Remote | Cross-Site Scripting
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39673 — WordPress iZooto plugin <= 3.7.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7.2…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
5.3 MEDIUM
CVE-2026-39672 — WordPress ShipTime: Discounted Shipping Rates plugin <= 1.1.1 - Broken Access Control vul…

Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec…

Remote | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39671 — WordPress Extra Fees Plugin for WooCommerce plugin <= 4.3.3 - Cross Site Request Forgery …

Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees…

| Cross-Site Request Forgery
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39670 — WordPress Visual Link Preview plugin <= 2.3.0 - Server Side Request Forgery (SSRF) vulner…

Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0.

| Server-Side Request Forgery
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39669 — WordPress NitroPack plugin <= 1.19.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through <= 1.19.3.

nitropack | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
5.3 MEDIUM
CVE-2026-39668 — WordPress Book Previewer for Woocommerce plugin <= 1.0.6 - Broken Access Control vulnerab…

Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects…

Remote | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39667 — WordPress Korea SNS plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a th…

korea_sns | Cross-Site Scripting
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
6.5 MEDIUM
CVE-2026-39666 — WordPress Hello Bar Popup Builder plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerabil…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popu…

Remote | Cross-Site Scripting
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39665 — WordPress SEO Friendly Images plugin <= 3.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac SEO Friendly Images seo-image allows DOM-Based XSS.This issue affects SEO Frien…

| Cross-Site Scripting
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39664 — WordPress Leadrebel plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadrebel: from n/a through <= 1.0.2.

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39663 — WordPress TrueBooker plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TrueBooker: …

truebooker | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39662 — WordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Contro…

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security …

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39660 — WordPress WP Job Manager plugin <= 2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a thr…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39659 — WordPress Ultimate Member plugin <= 2.11.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Member: from…

ultimate_member | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39658 — WordPress Panda Pods Repeater Field plugin <= 1.5.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pand…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39657 — WordPress leadlovers forms plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects leadlovers forms: from n…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39656 — WordPress Razorpay for WooCommerce plugin <= 4.8.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay for WooCommer…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
Showing 20 of 6576 Results