Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-39509 — WordPress Directorist plugin <= 8.5.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.

directorist | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39508 — WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.7.1.1 - Cross Site Scripti…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allo…

| Cross-Site Scripting
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39506 — WordPress AI Engine (Pro) plugin < 3.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine (Pro): from n/a th…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39505 — WordPress Seriously Simple Podcasting plugin <= 3.14.2 - Broken Access Control vulnerabil…

Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects …

seriously_simple_podcasting | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39504 — WordPress InstaWP Connect plugin <= 0.1.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a thr…

instawp_connect | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39501 — WordPress FOX plugin <= 1.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FOX: from n/a through <=…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39500 — WordPress themesflat-addons-for-elementor plugin <= 2.3.2 - Cross Site Scripting (XSS) vu…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesflat-addons-for-elementor themesflat-addons-for-elementor allows Stored XSS.This…

themesflat_addons_for_elementor | Cross-Site Scripting
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39497 — WordPress FOX plugin <= 1.4.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Blind SQL Injection.This issue affects FOX: f…

| Injection
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39496 — WordPress YayMail plugin <= 4.3.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a throu…

| Injection
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39495 — WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.Thi…

| Injection
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39488 — WordPress SureCart plugin <= 4.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2.

surecart | Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39487 — WordPress Amelia plugin <= 2.1.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a…

| Injection
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39486 — WordPress Download Monitor plugin <= 5.1.8 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download Monitor download-monitor allows Blind SQL Injection.This issue affects Download…

| Injection
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39485 — WordPress Youtube Embed Plus plugin <= 14.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: f…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39484 — WordPress Hide My WP Ghost plugin < 7.0.00 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.

hide_my_wp_ghost | Misconfiguration
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39483 — WordPress VK All in One Expansion Unit plugin <= 9.113.3 - Cross Site Scripting (XSS) vul…

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa VK All in One Expansion Unit vk-all-in-one-expansion-unit allows Stored XSS.Thi…

| Cross-Site Scripting
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39482 — WordPress Post Expirator plugin <= 4.9.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Post Expirator post-expirator allows DOM-Based XSS.This issue affects Post Expirator…

| Cross-Site Scripting
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39479 — WordPress OttoKit plugin <= 1.1.20 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from…

| Injection
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39477 — WordPress CartFlows plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <= 2…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
0.0 NA
CVE-2026-39476 — WordPress User Feedback plugin <= 1.10.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a t…

| Authorization
Apr 08, 2026 Apr 08, 2026
Apr 08, 2026
Apr 08, 2026
Showing 20 of 6399 Results